Healthwatch S.A is committed to respecting your right to privacy and protecting your personal data. Our dedication to data security and data protection is reflected in the scope of our ISO27001 Certificate that covers all of the services we provide to
How do we process your personal data?
We will only use your personal data to administer your claim; to provide the services you have requested from us; and for research or statistical purposes. We will also use your data to safeguard against fraud and money laundering and to meet our legal or regulatory obligations.
Sensitive personal data
Some of the personal data, such as data relating to your health, may be required by us for the specific purposes as part of the claims handling process. The provision of such data is conditional for us to be able to administer your insurance.
How do we keep your personal data secure?
Security is a high priority for us and to protect the personal data that we collect we have implemented appropriate organisational, technical, administrative and physical safeguards to protect the data from loss,misuse, and unauthorized access, disclosure, alteration and destruction. Personal data held by us is stored on our secure servers. Access controls are applied to limit access to personal data to those individuals with a need to know and a legitimate business requirement.
How do we share and disclose data to third parties?
We do not sell your personal data to anyone.
We only use and disclose personal data for the purposes for which it was initially collected, and for purposes which are directly related to one of our functions or activities. This includes disclosing your personal in any part of the administration of your claim handling process. We may also share and disclose data (including personal data) in the following limited circumstances:
• Where you have specifically asked or agreed for us to do so
• If it is required in order to respond to your request
• If it is required by law or regulation.
How long do we keep your personal data?
Your data will not be retained for longer than is necessary, and will be managed in accordance with our data retention policy. In most cases, the retention period will be for a period of seven (7) years following the expiry of a contract unless we are required to retain the data for a longer period due to business, legal or regulatory
Transferring your data outside of Europe
As part of the services offered to you, the data which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the GR.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your data outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
If you use our services while you are outside the EU, your data may be transferred outside the EU in order to provide you with those services.
We are bound by local and regional applicable privacy and data protection laws and regulations.
Your rights and your personal data
You have the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold about you
- The right to request that we do not process your data for marketing purposes
- The right to request that we correct any personal data if it is found to be misleading, inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for us to retain such data
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to lodge a complaint with the Data Commissioners Office if you consider that we have breached our privacy obligations.
Subject access right
You have the right to access personal data held about you. To do so, you must provide a written request to us including the following information as a minimum:
- Your full name, address and contact telephone number;
- Any information used by us to identify or distinguish you from other of the same name;
- Details of the specific information you require and any relevant dates to which that information relates.
Where necessary, we may require you to provide further information in order to comply with your request as fully and as quickly as possible. All requests should be made to the Data Protection Officer, contact details for whom are provided below.
How to make a complaint
If you have any concerns or a complaint regarding our collection and use of your personal data, or a possible breach of your privacy, please send them to: HWAPrivacy@healthwatch.gr or write to us at the address listed below.
We will treat your requests or complaints confidentially and contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
If you do not believe your complaint is managed appropriately you have the right to escalate the complaint to the applicable Data Protection Authority. Please request data from the Data Protection Officer using the contact details below.
Any questions, comments or requests regarding this policy should be addressed to the Data Protection Officer at: HWAPrivacy@healthwatch.gr
Data Protection Officer
5 Amigdaleas str.,Efkarpia