Image
Loading

Privacy Notice on the processing of personal data during your visit

to the GENEKOR premises

This notice concerns the processing of personal data carried out by Genekor Company during your visit to our premises, including the processing of your personal data through the installed video surveillance system.

Please read this document in order to be informed in detail about the details of the processing of your personal data:

Data Controller

The Medical Société Anonyme under the name GENEKOR PRIVATE DIAGNOSTIC LABORATORY MEDICAL SOCIÉTÉ ANONYME„, and the distinctive title „GENEKOR M.S.A..“ with General Electronic Commercial Registry No: 007856001000, VAT no.: 998278160, D.O.Y. KEFODE ATTICA is the Data Controller for the processing of the personal data described in the present notice.

Contact details: telephone +30 210-6032138, e-mail: info@genekor.com  

Contact details of the Company’s Data Protection Officer (DPO): dataprotection@genekor.com  

Purpose of processing

The purpose of the processing of your data is to protect the persons and property on our Company’s premises. The data that we process when you enter the premises of our Company is used to identify you as an incoming person on our premises.

Legal basis for the processing of data

The legal basis for the processing described in this notice is the legitimate interest of our Company, which consists in ensuring the protection of persons and assets located on its premises (Article 6(1)(f) GDPR).

Analysis of the legitimate interests for processing through the video surveillance system

Our legitimate interest consists in the need to protect our premises and the assets located in them from illegal acts, such as theft. The same applies to the safety of the life, physical integrity, health and property of our staff and third parties who are lawfully present in the premises. We only collect image data and limit the capture to critical areas (e.g. medical laboratory space), as well as areas where we have assessed that there is an increased likelihood of unlawful acts (e.g. theft), such as at the entrance/exit and the perimeter of the building and in the vehicle parking area (car park), without focusing on areas where the privacy of the persons whose image is taken may be unduly restricted, including their right of respect for their personal data.

Personal data processed

In the context of the above purpose, the following categories of your personal data are being processed:

1. Identification data of natural person (name, surname)

2. Time of entrance to the building

3. Time of exit from the building

3. Purpose of the visit to the Company’s Facilities

4. Signature

5. Image and video data

Sources for obtaining personal data

The data of the first to fourth categories are obtained directly from you: i. if you visit a building of our Company, where the electronic visitors‘ book is kept by the reception, when filling in the electronic visitors‘ book in order to be able to proceed to an area beyond the reception depending on the purpose of your visit and/or ii. through our Company’s executives in cases of your pre-planned visits in the context of an activity (e.g. visitor lists for events, trainings, etc.

Your image and video data is taken from the video surveillance system installed in our premises.

Recipients

The recipients of your data are exclusively the necessary, in each case, authorized personnel of the Company, who have received the appropriate information for the safe processing of your personal data.

In addition, your data will be received , where required, by the competent judicial, prosecutorial and police authorities in the exercise of their duties .

In particular, the material resulting from the installed video surveillance system shall not be transmitted to third parties, except in the following cases: a) to the competent judicial, prosecutorial and police authorities when it contains data necessary for the investigation of a criminal offence involving persons or property of the controller, b) to the competent judicial, prosecutorial and police authorities when they request data, lawfully, in the exercise of their duties and only after having examined the existence of the legal conditions for the transmission of the data, and c) where the transmission is provided for or required by law or where it is authorised by law and serves legitimate and proportionate legitimate interests or the public interest.

Data retention period

Your personal data are kept only for the reasonable period of time required by the nature of the data processing and only for as long as necessary to achieve the purpose of the processing, unless there is a legal obligation to keep them further. In particular:

a) the data we process to check and identify you as a person entering our premises is kept for a period of 2 months.

(b) data processed through the video surveillance system are kept for seven (7) days, after which they are automatically deleted. In the event that during this period we detect an incident, we will isolate part of the video and keep it for up to one (1) month more, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns a third party we will keep the video for up to three (3) months more. If any data is eventually used, as evidence, in a legal claim against the Company, it will be kept until the relevant litigation is final.

The Security of your data

We are committed to taking appropriate organisational and technical measures to ensure the security and protection of your data against any form of accidental or unlawful processing. Please note that our specially authorised staff who process your personal data have received appropriate training, guidance and information.

The measures we take are reviewed and modified at regular intervals or when deemed necessary based on new needs and technological developments.

Transfers outside the EEA

We do not transfer your personal data to countries outside the European Economic Area.

Rights

As a Data Subject you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate personal data (for the processing of your data as a person entering our premises)
  • Right to erasure/right to be forgotten
  • Right to restrict processing
  • Right to object to the processing of your Data

Contact

If you wish to receive further information about the processing of your personal data or to exercise any of the above rights, you can contact the Company’s Data Protection Officer at dataprotection@genekor.com with a description of your request and we will examine it and respond to you as soon as possible .

A request relating to your image may also be submitted in person, at the Company’s address. In order for us to consider a request relating to your image, you will need to identify approximately when you were in range of the cameras and provide us with an image of you to assist us in identifying your own data and concealing the data of third-party subjects. Alternatively, we give you the option of coming to our premises to show you the images in which you appear. We also point out that exercising a right of objection or deletion does not imply the immediate deletion of image data or the modification of their processing.

Our response to your request will take place within one (1) month of receipt and will be at no cost to you. The above deadline may be extended for a further two (2) months due to the complexity or number of requests, in which case you will be informed of the extension and the reasons for it as soon as possible and at the latest within one month of receipt of the request.

Right to lodge a complaint

In case: a) you consider that your request has not been adequately and lawfully satisfied or b) you consider that your right to the protection of your personal data is violated by any processing carried out by us, you have the right to file a complaint with the Personal Data Protection Authority (postal address Kifissia 1-3, P.K. 115 23, Athens, https://www.dpa.gr/, tel. 210 6475600, e-mail: contact@dpa.gr).

Changes to this Notice

We regularly review the present Notice and therefore have the ability to amend it at any time.

This Update was last revised in October 2024.