Privacy Notice Regarding the Processing of Personal Data at GENEKOR’s Premises
This Privacy Notice describes how GENEKOR processes personal data of employees, visitors and any other individual who enters or is present at its premises. Such processing may include, where applicable, the operation of a closed-circuit television (CCTV) surveillance system, as well as the registration of visitors’ details in the visitors’ logbook.
Please read this Privacy Notice carefully in order to be fully informed about the terms governing the processing of your personal data.
Data Controller
The Medical Société Anonyme under the corporate name “GENEKOR PRIVATE DIAGNOSTIC LABORATORY MEDICAL SOCIÉTÉ ANONYME” with the distinctive title “GENEKOR MSA”, General Commercial Registry No. 007856001000, Tax Identification No. 998278160, Tax Office KEFODE Athens, acts as the Data Controller for the processing of personal data described in this Privacy Notice.
Contact details: Tel. +30 210-6032138, email: info@genekor.com
Contact details of the Company’s Data Protection Officer (DPO): dataprotection@genekor.com
Personal Data Subject to Processing
For the purposes described in this Privacy Notice, the following categories of personal data may be processed:
- Basic personal identification details, namely full name
- Time of entry into the building
- Time of exit from the building
- Purpose of visit to the Company’s premises
- Signature
- Image and video data
Sources of Personal Data
The personal data listed in categories one to five above are collected directly from you:
i) when you visit a Company building where an electronic visitors’ logbook is maintained at the reception desk. In such cases, you provide the required information when completing the electronic visitor logbook in order to gain access beyond the reception area, depending on the purpose of your visit; and/or
ii) through the Company’s personnel in cases of pre-arranged visits conducted in the context of a specific activity (e.g. visitor lists for events, training sessions, etc.)
Your image and video data are collected through the closed-circuit television (CCTV) surveillance system, installed on the Company’s premises.
Purpose of Processing
The purpose of processing your personal data is to ensure the safety and security of individuals and property located within the Company’s premises and to enable the Company to defend related legal claims and rights.
Legal Basis for Processing
The legal basis for the processing described in this Privacy Notice is the Company’s legitimate interest, in safeguarding the individuals and property located on its premises, protecting its assets, and the defense of related legal claims and rights, ( Article 6(1)(f) of GDPR).
Legitimate Interest Assessment
Our legitimate interest consists in the need to protect our premises and the assets located therein against unlawful acts, including, by way of example, theft. The same applies to the protection of the life, physical integrity, health and property of our personnel and of third parties lawfully present within the monitored areas.
Specifically with regard to CCTV, we collect image data only. Surveillance is limited to critical areas, such as medical laboratory areas, as well as to areas that have been assessed as presenting an increased risk of unlawful activities , such as theft. These areas include entrances and exits, the perimeter of the building and the vehicle parking area.
The CCTV system does not focus on areas where the privacy of individuals whose image is captured could be unduly affected or limited, including their right to the protection of personal data.
Recipients of Personal Data
Recipients of your personal data are exclusively the Company’s authorized personnel, to the extent necessary in each case, who have received appropriate information and guidance on the secure processing of personal data.
In addition, recipients of your personal data may include companies providing maintenance and technical support services for the CCTV system, companies providing remote access application services for the CCTV system, and, where applicable, private security companies. Such companies act as data processors on behalf of the Company.
Furthermore, where required, recipients of your personal data may include the competent judicial, prosecutorial and police authorities in the performance of their duties.
In particular, footage generated by the installed video surveillance system is not transmitted to third parties, except in the following cases:
a. to the competent judicial, prosecutorial and police authorities, where the footage contains evidence necessary for the investigation of a criminal offense involving persons or property of the Data Controller;
b. to the competent judicial, prosecutorial and police authorities, where they lawfully request the data in the performance of their duties, and only after the legal conditions for such transmission have been examined; and
c. where the transmission is provided for or required by law, or where it is permitted by law and serves lawful and proportionate legitimate interests or the public interest.
Data Retention Period
Your personal data are retained only for the reasonable period of time required by the nature of the processing and only for as long as necessary to achieve the purpose of such processing, unless there is a legal obligation requiring retention for a longer period. In particular:
a) the data processed for the purpose of checking and identifying you as a person entering our premises are retained for a period of two (2) months.
Β) the data processed through the video surveillance (CCTV) system are retained for seven (7) days, after which they are automatically deleted.
If, within this period, an incident is identified, we isolate the relevant part of the recording and retain it for up to an additional one (1) month for the purpose of investigating the incident and initiating legal proceedings to protect our legitimate interests. If the incident concerns a third party, the recording may be retained for up to three (3) additional months. Where any data are ultimately used as evidence in legal proceedings involving the Company, they are retained until the relevant legal dispute has been finally resolved.
Security of Your Data
We are committed to ensuring that appropriate organizational and technical measures have been implemented for the security and protection of your personal data against any form of accidental or unlawful processing. It should be noted that our specially authorized personnel who process your personal data have received appropriate training, guidance and information.
The measures we implement are reviewed and amended at regular intervals or whenever deemed necessary taking into account new needs and technological developments.
Transfers Outside the EEA
Your personal data are not transferred to countries outside the European Economic Area (EEA).
Rights
As a Data Subject, you have the following rights:
- Right of access to your personal data
- Right to rectification of inaccurate personal data (with regard to processing carried out on your data as a person entering our premises)
- Right to erasure / right to be forgotten
- Right to restriction of processing
- Right to object to the processing of your data
Please note that your right to erasure of personal data collected through the Closed-Circuit Television (CCTV) system may be restricted to the extent that satisfying such a request could adversely affect the establishment, exercise or defense of legal claims of the Company, as well as of visitors, employees or other persons who may be involved in or affected by incidents taking place at the Company’s premises.
Contact
If you wish to receive further information regarding the processing of your personal data or exercise any of the above rights, you may contact the Company’s Data Protection Officer at: dataprotection@genekor.com, providing a description of your request. We will examine your request and respond to you as soon as possible.
Requests relating to your image may also be submitted in person at the Company’s address. In order for us to examine a request concerning your image, you will need to specify approximately when you were within the range of the cameras and provide us with an image of yourself, so that we can identify your own data and mask the data of any third persons appearing in the footage. Alternatively, you may visit our premises so that we may show you the images in which you appear. Please also note that the exercise of the right to object or the right to erasure does not automatically result in the immediate deletion of image data or the modification of their processing.
Our response to your request will be provided within one (1) month from receipt of the request and will not involve any cost for you. This period may be extended by an additional two (2) months due to the complexity or number of requests. In such case, you will be informed of the extension and the reasons for it as soon as possible and, in any event, within one month from receipt of the request.
Right to Lodge a Complaint
If: (a) you consider that one of your requests has not been adequately and lawfully addressed; or (b) you consider that your right to the protection of your personal data is infringed by any processing carried out by us, you have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address: 1-3 Kifissias Avenue, GR-115 23 Athens, https://www.dpa.gr, tel. +30 210 6475600, email: contact@dpa.gr).
Changes to this Notice
We regularly review this Privacy Notice and therefore reserve the right to amend it at any time.
This Privacy Notice was last revised in June 2026.
