WEBSITE’S PRIVACY NOTICE 

on Article 13 of General Data Protection Regulation (EU) 2016/679 (“GDPR”) for the processing of users’ and/ or members’ personal data in terms of the website’s operation.

Dear User, Mediterranean Skin Health welcomes you at its website www.medskinhealth.com (hereinafter called as the “Website”) and invites you to read carefully the following privacy notice (hereinafter called as the “Notice”), which is being issued in accordance with Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR"). 

This document contains a record of the processing performed by the Data Controller, as specified below, through the Website, while specifying that the information regards solely this Website, therefore excluding any website to which you may be redirected.

 

  1. Data Controller

The Data Controller is Mediterranean Skin Health, having its address at n. 56, Sp. Merkouri str., Athens - P.C. 11634, its website www.medskinhealth.com, e-mail: info@medskinhealth.com and phone number +30210 7254742 (hereinafter called as the “Medical Centre”). This means that the Medical Centre administers the Website and determines the purposes and means of processing of your personal data, in accordance with the GDPR and the applicable data protection legislation in general.

The Medical Centre has also appointed Mrs. Margarita Vergolia as its Representative for data protection affairs to whom you may come in contact with directly for the exercise of your rights and to obtain any information regarding the processing of your personal data or/ and this Notice, at the very same contact details as specified above.

 

  1. Sources of personal data collection

The Website collects your personal data directly from you and not from third parties. Your personal data is being provided in terms of your visit on the website and in particular by pursuing contact with the Medical Centre, setting up your personal account as a member, purchasing products and subscribing to our newsletter recipient list. In order to serve the above purposes and to fulfill the service that you, as a user, have requested, it is deemed necessary to provide us with the following personal data, otherwise it will be impossible to provide the service.

 

  1. Processing of personal data and legal bases

The following table lists the purposes of processing of personal data collected by the Website, the categories of the data collected as well as the legal bases for such processing.

 

Purpose of Processing

Categories of Personal Data

Legal Bases of Processing 

(GDPR provisions) 

1. User’s communication with the Medical Centre 

(incl. “Doctor’s advice” and booking an appointment through the Website) 

Personal details (name, surname), contact details (email, phone number) and data concerning health (if any) – data that the user communicates to us. 

- Article 6 para. 1 (a) and, 

- Article 9 para. 2 (a), in case of data concerning health – processing takes place after the data subject has given his/ her explicit consent.  

2. Set-up new members’ personal account

Personal details (name, surname), contact details (email), members’ usernames/ passwords.

- Article 6 para. 1 (a) – processing takes place after the data subject has given his/ her consent.  

3. Newsletter registration 

Personal details (name, surname, day and month of birth), contact details (email).

- Article 6 para. 1 (a) – processing takes place after the data subject has given his/ her consent.  

4. Purchase products 

(E-shop) 

Personal details, contact and mail details, finance and tax details, payment data, data concerning health (in case the purchase of a specific product could lead to an assumption about the user’s health).

- Article 6 para. 1 (a) and, 

- Article 9 para. 2 (a), in case of data concerning health – processing takes place after the data subject has given his/ her explicit consent.  

- Article 6 para. 1 (b) – processing is necessary for the performance of a contract.

- Article 6 para. 1 (c) – processing is necessary for compliance with a data controller’s legal obligation. 

 

  1. Security

The Website shall process your personal data in a manner that ensures its protection by taking all appropriate organizational and technical measures for data security and its protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of illicit processing.

 

  1. Disclosure to third parties and recipients 

For the purposes of processing described in paragraph 3, your personal data may be disclosed to outsourcing services providers that have been dully contracted by the Medical Centre. Especially with regard to the purpose of purchasing products (e-shop) and to execute the orders received, the Medical Centre may collaborate with bank institutes to serve your payments as well as with courier services providers to send the relevant products. 

The Medical Centre does not transfer your personal data to a third country or an international organization.

 

  1. Geo-tagging data

The Website may collect and process location-based data for the provision of services requested by the user only under the explicit consent of the data subject concerned, which may always be withdrawn. In this case, consent will be requested through a pop-up window.

 

  1. Data Subjects' Rights

This section presents your rights with respect to your personal data. These rights are subject to certain exceptions, reservations or limitations. Please submit your requests responsibly. The Medical Centre will revert with a response as soon as possible and in any case within one (1) month of receipt of the request. If the review of your request is going to take longer, you will receive relevant information. To exercise your rights, you may contact the following email address: info@medskinhealth.com.   

The Medical Centre ensures the exercise of the following rights:

    1. 7.1.The right to information  

You have the right to request and receive clear, transparent and easily understandable information about how we process your personal data in accordance with the Medical Centre’s internal policies and procedures.

 

 

    1. 7.2.The right to access

You have the right to access your personal data free of charge, in accordance with the relevant internal policies and procedures of the Medical Centre, with the exception of the following cases where there may be a reasonable charge to cover the administrative expenses of the Medical Centre:

  • manifestly unreasonable or excessive/ repeated requests, or
  • additional copies of the same information.
    1. 7.3.The right to rectification

You have the right to ask for your personal data to be corrected if it is inaccurate or incomplete, in accordance with the relevant internal policies and procedures of the Medical Centre.

    1. 7.4.The right to erasure («to be forgotten»)

You have the right to request the deletion or removal of your personal data when it is no longer necessary for the purposes collected or there is no legitimate reason to continue processing it in accordance with the Medical Centre’s internal policies and procedures. The right to erasure is not absolute, to the extent that there is a particular legal obligation or other legitimate reason for the retention of your personal data by the Medical Centre.

    1. 7.5.The right to restriction of processing

In some cases, you have the right, in accordance with the relevant internal policies and procedures of the Medical Centre, to restrict or remove further processing of your personal data. In cases where processing has been restricted, your personal data remains stored, without further processing.

    1. 7.6.The right to data portability

You have the right to request your personal data, which you have provided us with, in a structured, commonly used and machine-readable format, and to transfer that data to another controller in accordance with the relevant internal policies and procedures of the Medical Centre.

    1. 7.7.Right to withdraw consent

In cases your personal data is being processed on the basis of your prior consent, you have the right to withdraw your consent at any time and the Medical Centre will cease the specific activity for which you have previously consented, unless there is an alternative legal basis which justifies the continued processing of your data for this purpose, a case for which we will inform you.

 

    1. 7.8. Rights on automated decision-making mechanisms

The Medical Centre does not make automated individual decision-making, including profiling.

 

  1. Retention period for personal data 

For each category of personal data, the Medical Centre determines the retention periods in accordance with the provisions of the GDPR and its internal policies and procedures.

  1. Contact of the Data Protection Authority

For further information and advice on your rights or to lodge a complaint, you may always contact the Greek Data Protection Authority (HDPA). 

  1. Amendments of the present Notice

We aim to review and keep up-to-date the present Notice in order to comply with privacy laws and new developments. Any updates to this Notice will be uploaded on our Website immediately.

 

 

 

 

AVAILABLE VIRTUAL SKIN CONSULTATIONS

BOOK YOUR APPOINTMENT
Cookies