(PRIVACY POLICY)

Our group of companies (hereinafter the “Group”) which consists of: a) the company with the name “IDIOTIKO DIAGNOSTIKO ERGASTIRIO PERSONAL LABORATORIES IATRIKI IKE” (in English: PRIVATE DIAGNOSTIC PERSONAL LABORATORIES MEDICAL CAPITAL COMPANY” and trading name “PERSONAL LABS”, headquartered in the Municipality of Kalamaria, at 8, Ethnikis Antistaseos Street, GR 55133, and b) the capital company with the name “PERSONAL SUPPLEMENTS IKE” and trading name “PERSUP”, also headquartered in the Municipality of Kalamaria, at 8, Ethnikis Antistaseos Street, GR 55133, operates in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and for the free movement of these data (hereinafter the “General Data Protection Regulation or GDPR) and cares for the safety and protection of your personal data.

The company with the name “PERSONAL SUPPLEMENTS IKE” and trading name “PERSUP”, headquartered in the Municipality of Kalamaria, at 8, Ethnikis Antistaseos Street, GR 55133 (hereinafter the “Company”), with phone no. +30 2311 119200, email address info@personalwellness.health, and website www.personalwellness.health, is responsible for the processing of your data.

Our Company may act as Controller, in accordance with this Privacy Policy, and proceed with the processing of the personal data that you provide us when you make a transaction with our company to receive our products and services. Our Privacy Policy (hereinafter the “Policy”) covers both the transactions made in our physical store and those carried out through the e-shop.

Our company makes sure to apply all the appropriate technical and organizational measures to protect and secure your data from any form of accidental or improper processing. The processing of your personal data is carried out exclusively in the context of our transaction/ customer relationship and is limited to the absolutely necessary extent required in order to safely provide you with our products and services.

  1. What is personal data?

The term “Personal data” includes any information concerning an identified or identifiable natural person (“data subject”). Such information is usually the name, contact phone number, postal and email address, etc.

  1. What are the specific categories of personal data?

“Specific categories of personal data” include data that disclose racial or ethnic origin, political views, religious or philosophical beliefs or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

  1. What is Personal Data Processing?

Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. Who is called “Controller”, “Data Subject”, “Processor” and “Recipient”?

“Controller” means the natural or legal person, public authority, agency or any other body, which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.

“Data Subject” is the natural person, whose personal data are processed, e.g. customers, employees, etc.

“Processor” means the natural or legal person, public authority, agency or any other body, which processes personal data on behalf of the controller.

“Recipient” means the natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; However, authorities which may receive data in the framework of a particular inquiry in accordance with Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

  1. Which data are called “Genetic Data”, “Biometric Data” and “Data concerning health”?

“Genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

“Biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about his or her health status.

  1. What Principles govern the processing of your personal data?
  2. a) The “principle of lawfulness, fairness and transparency”, according to which your data are processed lawfully and legally in a transparent manner.
  3. b) The “principle of purpose limitation”, according to which your data are collected for specified, explicit and legitimate purposes.
  4. c) The “principle of data minimization”, according to which your data are adequate, relevant and not excessive in relation to the purposes for which they are processed.
  5. d) The “principle of accuracy”, according to which your data are accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  6. e) The “principle of storage limitation”, according to which your data are kept only for the time required for the purposes of their processing. Your personal data may be stored for longer periods if required only for archiving purposes for the public interest, for scientific or historical research purposes or for statistical purposes, once appropriate technical and organizational measures have been taken, including their pseudonymization, and only if these purposes cannot be served through the anonymization of the data.
  7. f) The “principle of integrity and confidentiality” according to which your data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
  8. What Personal Data do we collect?

We collect only the data that is absolutely necessary in order to provide you with our products and services. The collection of your personal data is done only after you give your explicit consent. The processing of your data is limited to the purposes for which they were provided and under the terms and conditions set forth in this privacy policy. As part of our transaction relationship, our company may collect some of the following categories of data:

  • identity, demographic, tax and insurance details, such as name, father’s name, mother’s name, date of birth, ID number or passport number, social security number, health booklet number, and other insurance details, gender, professional status, tax identification number, proof of identity, etc.
  • contact details (or details of third parties you have authorized to receive your results), i.e. your postal address, email address, and telephone number
  • your debit or credit card details, during the online payment of your purchase through our e-shop (via a secure payment environment)
  • biological samples and genetic data for laboratory analysis. For example, we collect and process your biological sample for hematological, hormonal, microbiological, and other examinations
  • data concerning health, for example, your physical condition, health history, medical history, medical advice, any medication you are receiving or any surgeries you have had, a history of allergic symptoms, etc.
  • If you choose to create a user / customer account on our website, or take part in the nutrition supplement needs test, we will collect your name, gender, age,… .. your email address, and your password . Especially in case you choose to receive informative or promotional information material from our company (subscribe to newsletter), we will collect your email address for this purpose. In case you choose to conduct the online quiz and only in order to offer you personalized solutions according to your needs, we will collect your age, your weight, your email, any of your eating habits, the frequency and intensity of your exercise, the your frequency of sun exposure, any mental fatigue or concentration problems, any stress management problems, any sleep difficulties, any eye disorders, any gastrointestinal problems, any fertility / menopausal problems, any problems with your ability to function or menopause of your musculoskeletal system / joints, any disorders of your immune system, any weight gain problems and any skin problems you may be experiencing. The processing of the data you provide to us during the quiz will not be done for any purpose other than to receive knowledge of our proposals according to your special needs. We expressly declare that your data is not stored by our company nor will it be used in the future for commercial or other purposes.
  • While browsing our website, we may collect your browsing data on our website, such as the IP address of your device, as well as statistics or data relating to your preferences, which may help us suggest you specific products and services that you may be interested in.
  • If you visit our physical store, we may collect video and optical data from our CCTV and security cameras.
  • We also collect personal data included in any curriculum vitae sent to our Company for the employment of the data subjects by our Company,
  • Personal data of our employees, suppliers or other associates required to meet our legal insurance and tax obligations; and
  • Personal data included in any complaints you have submitted to our company or in any general request addressed to our company.
  1. For what purposes do we collect your data?

We collect and process your personal data in a physical or electronic manner in the following cases:

  1. To evaluate the health data you provide us, with the aim of proposing personalized food supplements.
  2. To carry out the appropriate laboratory analyses that will allow us to provide you with our products and services based on personalized proposals.
  • To make use of your insurance cover.
  1. For our communication, that is to send you the results of your examinations or send you informative and promotional material of the Group about the provided services, news and offers.
  2. To complete and send your order to the address you indicate.
  3. To issue the legal documents required for each transaction.
  • To comply with the obligations arising from the applicable legislation and in particular with our tax obligations.
  • To send you an email for the confirmation and shipment of your order, or information and promotions or newsletters for our products and services that you may be interested in, provided that you have consented to the receipt of the above information material.
  1. To suggest the most suitable products and services according to your preferences or the history of your purchases or to improve the products and services provided to you.
  2. To evaluate your qualifications and your possibility of employment in our company and to contact you (in case you send us your CV).
  3. To enable you to create a customer account on our official website (using a username and password).
  • To answer your questions either by email or phone or via our contact form.
  • In case you contract with our Group as an employee, partner, or supplier.
  • For the safety of our building facilities.
  1. What is the legal basis for processing your data?

The processing of your Data is based on:

  1. a) the need to fulfill our obligations arising from the transaction you have made. For example, the processing of your personal data that takes place when you complete and place your order, is based on the execution of the sales contract between us.

b)for your consent, for example, when you provide us with your health data for the purpose of evaluating and proposing and providing us with an appropriate program or when providing us with a biological sample for either laboratory analysis to provide individualized health and wellness programs or its microbiological analysis in order to detect any pathogenic microorganisms (germs, viruses, etc.). We will never process your health data unless we have previously obtained your express consent, and after we have made sure that we have informed you in detail about the purpose of processing it. Also in this category is the case where you have given us your consent to receive information material, news and offers concerning our Group.

  1. c) our obligation to comply with the regulations, in particular financial, labor and insurance obligations.
  2. d) the need to protect our staff and ensure the safety of our buildings.
  3. Who has access to your data?

Our company allows access to your data only to our competent employees who are contractually obliged to maintain the confidentiality of your information, to prohibit their unfair processing and to process your data only to the necessary extent and in accordance with the purposes of this policy.

Moreover, our company shall not transmit or disclose your data to third parties, unless a) it is mandatory under our legal obligation (e.g. to comply with our tax or other obligations such as compliance with prosecutorial and judicial provisions) or b) it relates to processing carried out by our partner companies which act either as joint controllers or as processors on our behalf. We ensure, however, that our partners a) are contractually bound by the obligation to maintain the confidentiality of your data, b) apply the appropriate technical and organizational measures to protect your data and c) shall not transmit your data to third parties without our prior consent. In addition, for the protection of the public interest in the field of public health, we may, in accordance with the relevant legislation, transmit your personal data to the competent authorities, such as, for example, to the National Public Health Organization (EODY).

Indicatively, the partner companies that may have access to your data are:

  • The cooperating company that undertakes on our behalf the conduct of laboratory analyzes, including the other company of our group with the name PRIVATE DIAGNOSTIC LABORATORY PERSONAL LABORATORIES MEDICAL PC. and the distinctive title PERSONAL LABS which acts exclusively as the executor of the processing of your data on our behalf.
  • Your insurance company, if you so wish.
  • The partner company that keeps our accounting books on our behalf and ensures the compliance with our tax obligations.
  • The partner company that transfers and delivers your order on our behalf.
  • The partner company that builds and supports our website on our behalf.
  • The partner banking company that processes your personal data, such as debit or credit bank details during the online payment of your purchase (via a secure payment environment).
  • The partner security company that guards our facilities on our behalf.
  1. How long is your data kept?

Our company keeps your data only for a predetermined and limited period of time depending on the type of data and the purpose for which it was given. After the end of each period, we take care of their safe deletion or destruction. Specifically:

  1. i) Your personal data related to our tax, judicial and other regulatory obligations are kept for a period specified by the applicable legal framework.
  2. ii) Your data concerning health are kept for ten (10) years after the last visit of the patient, according to the current legal framework.

iii) In case you have expressed your interest in receiving information material from our company, your consent remains valid until it is revoked. To withdraw your consent, you can contact us at the details of the Data Protection Officer included in this Privacy Policy, or in the event of receiving informative emails, by selecting the unsubscribe link included in each email we send you.

  1. iv) In any other case, your personal data are kept for as long as is required to fulfill the purpose for which they were given.
  2. Is your data transmitted to third countries?

Our company does not transmit your data to third countries, i.e. to countries that are not member states of the European Union. Our company ensures that your data are processed only under the terms and conditions set by the protective framework of the GDPR.

  1. Is your data safe and secure?

Our company, recognizing the importance of your personal data security, has taken the appropriate technical and organizational measures to ensure the security of your data. In particular, we have taken the necessary security and precautionary measures to prevent, to the extent possible, any undue or unlawful processing of your data, any accidental or unlawful loss, alteration, prohibition or dissemination of your data by third parties. We have also taken care to obtain the ISO 9001:2015 quality certification, and to install a closed-circuit television system (CCTV) and security cameras.

  1. What rights do you have in relation to your personal data?
  • Right to access of your personal data:

You have the right to be informed by us accurately and clearly when we collect and process your personal data. In particular, you may be informed on the purpose of the data processing, the categories of data we collect, your data sources and any recipients, their period they are kept or, where this is not possible, the criteria for your ability to exercise the right to correct, delete, restrict and object to their processing, the existence of an automated decision-making process, including profiling, the transmission of your data to a third country or international organization and the existence of relevant protection guarantees.

  • Right to correction of your personal data:

If you find that the data we keep on you is untrue and needs to be corrected, you can ask us in any way convenient to correct those data.

  • Right to deletion of your personal data or otherwise right to be forgotten:

You have the right to ask us to delete your data. We shall proceed with their immediate deletion if their maintenance is not necessary for the fulfillment of our legal obligations. In particular, if you wish to revoke your consent, and since your consent is the only legal basis for the collection and processing of your data, we shall delete your data as soon as we receive your request.

  • Right to portability of your personal data:

You have the right to request the data you have provided to us in an easily readable form or to pass it on to another controller.

  • Right to processing restriction:

You have the right to request a restriction on the processing of your personal data in case a) their accuracy is questioned, and restriction shall apply for as long as is required to verify the accuracy of your data, b) the processing is illegal, c) the data are no longer needed, d) you have objections to the automated processing.

  • Right to objection:

You have the right to object to the processing of your data at any time. In particular you have the right to revoke your consent to your data processing at any time when the processing of your data is based on your consent. In the event of objection, the processing of your data ceases immediately unless there are other compelling and legal reasons that prevail over your right.

Specifically, if your personal data is used for the purpose of direct marketing of our products and services, you have the right to object at any time to the processing of your personal data relating to such promotional purposes, including profiling, if related to this direct marketing.

For example, if you receive newsletters about our products and services at your email address, you can choose to stop receiving them by clicking on the unsubscribe link at the end of each message sent.

  1. How can you exercise your rights?

You can exercise your rights by contacting us:

  1. a) by mail to the address of our Company headquarters:

“PERSONAL SUPPLEMENTS IKE”, at 8, Ethnikis Antistaseos Street, GR 55133, Municipality of Kalamaria

  1. b) or by contacting our Data Protection Officer (DPO) at the following contact details:

Email: dpo@personalwellness.health | Tel.: (+30) 2311 119200

Our company will make sure to respond to you as soon as possible for the progress of your request.

In any case you will receive our answer within (1) one month from the time we receive your request. However, if your Request is complex or there is a large number of Requests within the above deadline, we will let you know if we need another two (2) months to respond to you.

  1. Do we use automated decision making, including profiling, when processing your data?

We perform automated profiling, based on an automated process, which takes place when you choose to complete the quiz hosted on our website. After completing the quiz, you have the opportunity to see which food supplement products best serve the needs of your body. It is important to know that we always ask for your explicit consent before any such processing and we make sure to inform you clearly about the content of your consent. We also make sure to implement appropriate measures to protect your rights, freedoms and legal interests, such as the ability to contact the specialized professionals of our company at any time to receive advice on the suitability of products or services selected by you or proposed by the quiz.

  1. Applicable Law and Dispute Resolution

The law applicable to this policy is the Greek Law, as formulated according to the General Data Protection Regulation 2016/679/EU in combination with the provisions of Law 4624/2019.

The courts of Thessaloniki have sole jurisdiction to resolve any dispute that may arise in relation to this privacy policy.

If you believe that our company has violated your rights in relation to the processing of your personal data, you have the right to file a complaint to the Data Protection Authority (www.dpa.gr) at the following contact details: 1-3 Kifissias Avenue, GR 11523, Athens, tel.:  +30 210 6475600, email: contact@dpa.gr

Third Party Website Disclaimer

Our Company takes no responsibility for the content of websites that you may be redirected to while browsing our website, by clicking on the respective links.

This policy is reviewed and updated when deemed necessary. We encourage you to visit our website frequently and check on our updated privacy policy. This privacy policy was last updated on 07/09/2021.