Data Protection Policy

Our Company is committed to protecting the principles of confidentiality and privacy of your Personal Data, while ensuring the protection of your personal data, in accordance with the requirements of the existing national and European legal framework for the protection of personal data and in particular, the General Regulation 679/2016 (EU) “On the protection of natural persons against the processing of personal data” (hereinafter “General Regulation”), of Law 4624/2019, as well as Law. 3418/2005 “Code of Medical Ethics”, taking the appropriate technical and organizational measures for the protection of personal data collected and processed, ensuring that their processing is carried out lawfully.

“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”).

  • “Simple Personal Data”: is the data related to name, age, marital status, home address, e-mail address, bank account details, computer IP address, telephone numbers / fax, Payment data (eg bank accounts, debit / credit and other bank cards), ID no. or passport, TIN, TIN, education, profession, place of birth, ie data necessary for the conclusion and management of the contractual relationship with the doctor.
  • “Sensitive Personal Data or Special Categories” means data relating to racial or ethnic origin, political views, religious or philosophical beliefs, trade union affiliation, health (physical or mental health, including the provision of health services); social welfare, love life, prosecution or convictions, racial or ethnic origin, biometric and genetic data or data relating to the natural person characterize the state of the person in terms of physical, biological, mental, economic, cultural, political or social.
  • “Health data”: In accordance with Article 4 § 15 of the General Data Protection Regulation 2016/679 / EU, health data means: “information relating to the physical or mental health of a natural person, including health care services, which disclose information about his state of health “, including information collected during the registration for the provision of nursing services and during the provision of such as, a number (eg .KA.), The results of medical examinations or microbiological analyzes of the patient from genetic data and biological samples and any general information concerning illness, disability, medical history, clinical treatment or the physiological or biomedical condition of the data subject, regardless of from another doctor or other healthcare professional, from a private medical clinic or from a public hospital.
  • “Personal Data Processing”: Any operation or sequence of operations performed with or without the use of automated means in personal data or in a set of personal data, such as the collection, registration, organization, structure, storage, retrieval , the search for information, the use, the disclosure by transmission, the dissemination or any form of disposition, the association, the combination, the restriction, the deletion or destruction of personal data.
  • “Restriction of Processing” means the labeling of stored personal data in order to limit their processing in the future.
  • “Personal Data Violation” means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
  • “Processor” means the natural or legal person who determines the purposes and manner of processing the Personal Data.
  • “Executor” means a natural or legal person, public authority, service or other entity that processes personal data on behalf of the controller.
  • “Consent”: is any indication of a free, specific, explicit and fully informed will, by which the data subject agrees to the data being processed.
  • “Profile training” means any form of data processing intended to assess certain personal aspects of a subject in order to analyze his or her performance at work, his or her financial situation, health, personal preferences, interests, or credibility; his behavior, his movements.
  • “Data file or archiving system”: Any structured data set that is accessible based on specific criteria.
  • “Third party” means any natural or legal person, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or processor, are authorized to process the data; personal.
  • “Personal Data Protection Authority (APDPX)”: Competent Supervisory Authority is the Greek APDPX, based in Athens, on Kifissias Avenue, No. 1-3, PC 115 23, tel: (0030) 210 6475600, Fax: (0030) 2106475628, e-mail: The mission of this Authority is to protect the rights of the individual and the privacy of the individual, to assist him in case of violation of his relevant rights, as well as to support and guide the controllers in the fulfillment of their legal obligations.
  • “Recipient” means the natural or legal person, public authority, department or other body to which personal data are disclosed, whether third party or not. However, public authorities which may receive personal data in the context of a specific investigation under Union or Member State law shall not be considered as recipients; such data shall be processed by those public authorities in accordance with applicable data protection depending on the purposes of the processing.
  • “Prior consultation with a supervisor”: The controller shall consult the supervisor before any processing if he / she considers that a high risk may be incurred.
  • “Staff”: includes all the employees of the company “CHARALAMPOS HINKIAMIS TOU DIMITRIOU”, who are connected with an employment contract or provision of services as well as all temporary employees, consultants and third parties with whom there is cooperation and within which contracts have been concluded or confidentiality or non-disclosure clauses have been included.
  1. Processor Details

Our Company is responsible for the processing of personal data and its details are as follows:


Distinctive Title: “CANNABIS INC. HEMP & LIFE ”

Address: 129 Filaretou – Kallithea


Phones: 210-2205674

Website :

Electronic Address (e-mail):

  1. Object of Processing – The Data collected by our company

The object of processing are: (a) the personal data of the clients – patients that we visit at home for the purpose of sampling or the provision of other nursing services, either after a telephone appointment with them, or through the application (i-nurse) where our company operates, or after an appointment arranged by the companies cooperating with our company, (b) the employees it employs, (c) its external partners and suppliers, and (d) the users of the website (website) of.

More specifically, the personal data that our company collects and processes are summarized as follows:

  • Identification information (eg name, patronymic, date of birth – age, spouse name, gender, passport number, TIN, TIN).
  • Contact details (eg postal address, landline and mobile phone, e-mail) for the communication between us, the sending of the results of the patients’ examinations or for the sending to them of information and advertising leaflets for the provided by our company services, news and offers.
  • Occupational information (eg occupation).
  • Data of relatives (eg name, surname, patronymic, etc.) for the possible receipt of patients’ results.
  • Our company may also collect and process personal data of patients of companies with which it cooperates (medical centers or laboratories) in the context of its activity and in order to fulfill its contractual obligations with the companies that cooperate with it.
  • Biological samples and genetic data for the purpose of their laboratory control by microbiological laboratories collaborating with it.
  • Also, on the site of our company, the date and time of your visit, your browser, as well as the pages you have browsed are recorded, while google analytics are also activated (see below “Cookies policy”).
  • sick leave, working hours, type of work and efficiency of the company’s staff.
  1. How to Collect Personal Data

(a) Regarding patients:

The collection of patients’ personal data is carried out by the staff of our company:

  • during his visit to the patient’s home and the completion of the relevant consent forms for the processing of his personal data,
  • when the patient uses the call center of our company or our site for scheduling a sample or providing other nursing service to him,
  • at the time of providing our nursing services to the patient, following information that he gives us or that emerges during his examination or constitutes the results of his medical examinations,
  • when the patient browses our business website,
  • when the interested party submits a request for a newsletter.
  • from external collaborators and specifically from collaborating medical centers and medical laboratories either through paper communication by sending registered documents (via courier) or via e-mail, through the official e-mail of our company:
  1. Principles we rely on when processing your data – The Legal Basis for Processing Your Data

Our company is committed to comply with the provisions of article 5 of the G.K.P.D. processing authorities and in particular the following principles:

  • Legality, objectivity and transparency: Personal data are processed lawfully and transparently in a transparent manner in relation to the data subject.
  • Purpose limitation: We collect personal data for specified, express and lawful purposes and are not subject to further processing in a manner incompatible with those purposes.
  • Data minimization: Personal data is limited to what is necessary in relation to the purposes for which we process it.
  • Accuracy / quality of data: We make sure that personal data is accurate and, where necessary, we update it immediately.
  • Preservation: We keep personal data no longer than is necessary or required by law.
  • Integrity and confidentiality. We are committed to the processing of personal data securely, in particular by unauthorized or unlawful processing and accidental destruction or damage, using appropriate technical or organizational measures.
  • The legal basis for processing your personal data on a case by case basis may be:

(a) your consent,

(b) the need to process your data in the context of fulfilling our contractual obligation;

(c) the need to process them during the pre-contractual stage (nursing visit planning process);

(d) the need to process them in the context of safeguarding the legitimate interests of our company and its smooth operation in general;

(e) the need to process them for the purpose of providing health or social care or treatment or under contract with a healthcare professional;

(f) the need for elaboration for the performance of the obligations and the exercise of specific rights of our company or yours in the field of labor law and social security and social protection law or for the performance of a duty performed in the public interest, in particular in the case of recruitment of staff, where it is necessary to process your data, for accounting, insurance (EFKA and private insurance coverage,

(g) the need to process them to establish, exercise or uphold rights and legal claims in matters relating to medical liability and the provision of health services in general,

(h) the need to export statistical data e.g. number of visits per age / place of residence or occupation,

(i) the need for scientific research; and

(j) the need to process them in the context of compliance with our legal obligation.

  1. Purposes of Processing

Our company collects and processes personal data of its patients, as well as the users of its website for the following purposes and only to the extent absolutely necessary for the effective service of these purposes. These data are always relevant, relevant and not more than what is required in view of the following purposes, and are accurate and, if necessary, subject to information – updating.

The personal data collected by our company, are used for the following processing purposes, namely:

(a) Regarding its patients – clients:

(i) To provide nursing services to them. With regard to the processing of specific categories of data, ie sensitive data (health data, biometric and genetic data), the processing is necessary for the purposes of preventive medicine, diagnosis, healthcare or treatment.

(ii) For the planning of the nursing visit.

(iii) To send to the patient the results of the medical examinations performed.

(iv) For the compliance of our company with its legal obligations, such as its compliance with tax and insurance legislation.

(v) To safeguard and protect its legal interests, our company uses CCTV and security cameras in order to be able to protect the security of individuals, materials and facilities.

(vi) For our communication regarding our new services provided by our company.

(vii) For the recognition, exercise or defense of rights and legal claims in cases involving civil liability and the provision of nursing services in general, whenever necessary.

(viii) For the legal conclusion of contracts and to be able to meet the legal and contractual obligations imposed by them.

(ix) For the recruitment of staff and its cooperation with third parties (eg doctors, accountants, nurses, etc.).

  1. Ways to Ensure the Security of Your Personal Data

Our company ensures that personal data is processed, in compliance with policies and procedures that are consistent with the purposes of processing. For example, the following security measures are used to protect personal data against misuse or any other form of unauthorized processing:

  • Access to personal data is limited to a limited number of authorized persons for those purposes.
  • Sensitive data is stored on our business server, with authorized access. Each server locks with a lock and has been placed in a special area of our business, with a door that locks. Only the controller and the maintenance engineer have access to the server and with remote access the technicians of the computer programs.
  • The personal data of patients and staff kept in a physical file (printed form) are locked in cabinets where only authorized persons have access.
  • The personal data that we disclose confidentially to third parties (eg sending examinations) are stored in electronic form or in printed form in the personal file of the client – patient, for its immediate finding and processing.
  • Our company selects trusted partners – such as accountants, service companies (eg IT, postal, document management) – who are bound in writing in accordance with Article 28 § 4 of the GCC with the same obligations regarding the protection of personal data, our company reserves the right to control them Article 28 § 3 and has signed relevant confidentiality and confidentiality agreements.
  • Computer systems used to process data are technically isolated from other systems to prevent unauthorized access, for example through hacking.
  • In addition, access to these computer systems is monitored on a permanent basis in order to detect and prevent illegal use at an early stage.
  • Our company has appropriate procedures for detecting, reporting and dealing with personal data breaches, cameras, alarms and electronic fingerprints.
  • Our company also has private insurance coverage against the risk of breach of information systems security or breach of the internet.
  1. Data Storage Time

(i) Our company is required to keep documents or electronic records for the period provided by national law. Specifically, as defined by the Code of Medical Ethics (L.3418 / 2005) and specifically article 14§4: “The obligation to keep medical records applies: a) in private clinics and other primary health care units of the private sector, for a ten years from the last visit of the patient and b) in any other case, for twenty years from the last visit of the patient “.

(ii) At the end of this period, the data are kept in accordance with the applicable institutional framework for the period provided by the termination of the transaction or for as long as is required to defend the rights of our company before a Court or other competent Authority. .

(iii) Curriculum vitae and applications collected for the recruitment of staff, are kept for two (2) years and after this two years are destroyed or deleted.

(iv) Tax records are maintained in accordance with tax legislation.

(v) For the purposes of promoting products and services (marketing activities) and in any other case where the processing is based on your consent, your personal data is kept until the revocation of your consent. Withdrawal of consent shall not affect the lawfulness of the processing which was based on consent in the period prior to its withdrawal. You must submit a request to the Data Protection Officer for the process of revoking the consent. Alternatively and for the purposes of promoting our services, you can also use the unsubscribe options by following (clicking) on the corresponding link, which exists in our electronic communications. As long as your email address remains in our business database, you will receive periodic email updates from us.

  1. Who are the Recipients of the Data – Use and disclosure of personal data

Personal data that our company collects, uses, based on at least one of the legal bases provided by GCP 2016/679 in article 6:

  • to respond to a request, problem or complaint that you have put to it, at which point it will have as its legal basis your consent, the obligation to meet our contractual obligations, to fulfill the task assigned to it.
  • in order to meet its contractual obligations in the provision of its services,
  • in order to meet its legal obligations,
  • in order to fulfill the task entrusted to it in the public interest,
  • when it deems it necessary as it will be the last resort for the protection of its legitimate interests, unless those interests are preceded by the interest or the fundamental rights and freedoms of the data subject which require the protection of personal data, in particular if the data subject is a child,
  • in extremely rare cases to safeguard a vital interest of a natural person.
  • In addition, our company collects and processes your personal data through its authorized employees and associates and may forward it to third party associates acting on its behalf (eg to affiliated diagnostic centers, affiliated clinics and hospitals). .
  • Our company can transfer your personal data to other bodies, only if it has the relevant right and in compliance with the legal framework.
  • Our company may also have an obligation to transmit personal data to the competent authorities e.g. the police for crime prevention or investigation purposes and the safety of customers.
  • In such cases, our company will assist in the request, if the requesting personal data company or Authority, is able to prove that the specific data will help prevent or suppress criminal activities.
  • Our company can also transfer your data to any supervisory, public or judicial authority, if required by law or court decision.
  • Our company can also inform government agencies e.g. EFKA and Hospital units.

Although the transmission of data via the Internet or a website cannot be guaranteed against cyber attacks, both our business and our partners work to maintain physical, electronic and procedural security measures to protect your data. .

  1. Employees and Partners

The employees and associates of our company who have been assigned the specific responsibility and the task of data processing, have been informed of this policy and have been adequately trained for the proper management and processing of Personal Data. The risks that exist for the physical freedoms of the subjects from the processing of Personal Data have been evaluated and recorded, and if necessary they make an impact assessment. They adequately implement and document why specific procedures have been selected as appropriate, and how to ensure business compliance. For the fulfillment of their duties, they consult the Security Team and the Data Protection Officer.

  1. Personal data breach

In case of violation of the security and integrity of the data available to us and relating to personal data, our company will take, in accordance with Articles 33 and 34 of the GCP, the following measures:

  • It will review and evaluate those procedures required to mitigate the breach.
  • It will assess the risk and its impact on the rights and freedoms of data subjects.
  • It will try to reduce as much as possible the damage that has been or may be caused.
  • It will notify, if required, within 72 hours of knowledge of the breach.
  • It will assess the impact on privacy and take appropriate measures to prevent a recurrence of the breach.
  1. Your Rights as a Data Subject

You have the right to request access to your personal data, the correction / deletion of your personal data, the restriction of processing, the right to object to the processing and / or to exercise your right to data portability.

If the data processing is based on your consent, you may revoke your consent at any time, with effect for the future.

More specifically, you have the right:

a. Access: the right to be informed about the processing of data by our company, as well as the right to access your data.

b. Correction: the right to request correction or completion of your data, if it is inaccurate or incomplete.

c. Delete: the right to request the deletion of your data. Our company can satisfy this right:

  • If the data is no longer necessary for the purposes for which it was collected,
  • If there is a legal basis for processing other than consent,
  • If you exercise the right of objection,
  • If the data has been processed contrary to the applicable legislation,
  • If the data must be deleted in order to comply with a legal obligation,

Our company reserves the right to refuse to satisfy the above right if the processing of the data is necessary for the observance of its legal obligation, reasons of public interest or the establishment, exercise or support of legal claims (article 17 §3)

d. Restriction of processing: The right to label the data, with the aim of restricting their processing. For example, when you have questioned the accuracy of your personal data, for the period that will be required for verification.

e. Portability: the right to receive your data in a structured, commonly used and machine-readable format and to request that it be transmitted, both to you and to another person who will process it.

f. Objection: the right to object at any time to the processing of your data, including profiling, also when the reason for processing relates to direct marketing.

Our company will review your request and respond to you within one month of receiving the request either for its satisfaction or for the objective reasons that prevent its satisfaction or, taking into account the complexity of the request and the number of requests, within a deadline two months (Article 12 §3).

Withdrawal of your consent may in any case imply the immediate cessation of our services, in case this is the legal basis for the processing of your personal data.

The exercise of the above rights is done free of charge for you, by sending a relevant application / letter / e-mail to the Data Processing Manager. The abusive exercise of the above rights (article 12 § 5) may impose the payment of a reasonable fee.

In the event that you are not satisfied with the use of your data by us or with our response to the exercise of your above rights, you have the right to file a complaint with the Personal Data Protection Authority.

You can exercise the above rights in the contact details listed below.

  1. Contact Information of the Processor

For any issue regarding the processing of your personal data and the exercise of your above rights, you can contact the Company by phone: (0030 210-2205674 (Monday – Friday 12:00 – 16:00), with e-mail to the electronic address: and by post to the address 129 Filaretou, Kallithea, PC 17675.

  1. Contact Information of the Personal Data Protection Authority

In the event that you consider that the protection of personal data is in any way affected, you can appeal to the Personal Data Protection Authority:

Phone: (0030) 210 – 6475600


Postal address: 1-3 Kifissias Avenue, 115 23, Athens.

  1. Cookies

Cookies are important for the effective operation of our business website, and for the improvement of your online experience. Click “accept cookies” to continue or select “more information” to see detailed descriptions of cookies and choose whether to accept certain cookies or not.

Cookies are small text files that contain information stored in your computer’s web browser while browsing our business website and can be removed at any time, as you can modify your browser settings to discard some or all of them. cookies. The help function in most browsers provides information on how to accept cookies, disable cookies or notify you when you receive a new cookie.

We use cookies to continuously improve the functionality of our website, your effective browsing, as well as the connection and navigation on the pages.

The information generated by the cookie file about your use of the website (including your IP address) will be transmitted to and stored by Google on its servers.

If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them enabled.

  1. Data Recording and Repetitive Marketing

Our company may collect information that your browser sends each time you visit its website. This log may include information such as your computer’s IP address, browser type, browser version, pages you visit, time and date of your visit, time spent on these pages and other statistics.

In addition, our company may use third-party services, such as Google Analytics, to collect, monitor and analyze such information in order to improve the functionality of our website and its services. These third party service providers have their own privacy policies regarding how they use this information.

Our Company uses remarketing services to advertise on third party websites after your visit to our website.

  1. Commercial Communication – Newsletter

The visitor / user can visit the website of our company,, without revealing his identity and without providing any personal information, subject to the acceptance of the relevant cookies.

Generally, you do not need to submit personal data online, but our company may ask you to provide some personal information in order to receive additional information about its services and events. Our company may also ask your permission for certain uses of your personal data, and you have the right to consent or deny those uses.

However, in order for the visitor of our website to receive electronic information material (eg newsletters) sent by our company, in order to be informed about the services and products of our company and to receive any special offers, he can provide the his explicit consent regarding his registration in the services of the website and the provision to our company of the data which are reflected in the relevant contact form.

The visitor also has the possibility to be removed from the relevant list of recipients at any time following the instructions contained in each communication.

If the user decides to unsubscribe from a service or communication, our company will try to delete his data as soon as possible, although it may take some time and / or information before his request can be processed.

The collected personal data is stored on restricted access servers controlled by passwords and our company uses special technologies and procedures to strengthen the protection of this information against loss or misuse as well as to protect it from unauthorized access, notification, modification the disaster. However, while our company makes every effort to protect the above information, it cannot guarantee that the above technologies and processes will never be compromised in any way.

For this reason, if any visitor becomes aware of any illegal, malicious, inappropriate or improper use of personal data, which is in any way related to the use of the business website, it undertakes to report the event immediately in our business.

  1. Passwords

In the event that our company provides you (or you have chosen) a password to access certain parts of its website or any other web portal, applications or services offered by our company, you are responsible for maintaining that password. and do not share the password with anyone else.

  1. Links to other Websites

The service offered by our company may contain links to other websites that do not operate from it. If you click on a third-party link and go to the third-party website, we recommend that you check its privacy policy. Our company has absolutely no control and assumes no responsibility for the content, privacy policies or practices of any third party sites or services.

  1. Changes to this Personal Data Protection Policy

Our company may unilaterally and periodically review this Policy to reflect recent privacy laws.

Call Now ButtonΚαλέστε μας!