SERUM IVF Centre (we, us, our) is a friendly family-oriented clinic, located in Athens, Greece. Our clinic recognises that privacy of our patients, doctors, employees, egg and sperm donors and partners is paramount and wants you to be familiar with how we collect, use, and disclose personal data.
“Personal Data” is data that identify you as an individual or relate to an identifiable individual. These include simple data such as your name, address, communication details, but also “special categories’” such as sensitive health, medical, genetic, and biometric data necessary for fertility treatments.
It explains what information we collect about you when you visit our site and/or when you work, communicate, or cooperate with us, when you use our IVF services and how we handle your information to ensure that your rights are always respected.
Who we are
SERUM IVF Centre (we, us, our) provides infertility diagnosis and advanced treatment options to patients all over the world. You may find our profile here
What personal data we collect
When you contact us, you may be asked to voluntarily provide some limited personal information, such as your name, phone numbers, email address, and contact details.
Filling in this questionnaire with the minimum of personal data is necessary for us to enable the provision of certain services (treatments, consultation, accommodation) and respond to frequently asked questions.
Where available, we may also collect information about your computer, including your IP address, operating system and browser type for system administration and to report aggregate information to our webmasters. This is statistical data about our users’ browsing actions and patterns which does not identify any individual and allows us to ensure that content from our site is presented in the most effective manner for you and your computer.
Our website is not intended for children under 15 years of age, and we do not knowingly collect information from children to sell or promote our services.
Your sensitive medical and health data are securely stored and protected by our trained staff via appropriate technical and organisational, physical and logical security measures, including database encryption, access controls, firewalls and so on.
Legal basis for data processing
We process your personal data in accordance with the GDPR for one or more of the following reasons:
A. Necessary for the performance of a contract
-To carry out our obligations about in vitro fertilisation and any other services that you may request from us
-To process your payment and your overall business transactions with us
B. Necessary for us to comply with a legal obligation
-To fulfill our legal, ethical, accounting and reporting obligations vis-a-vis the Supervisory Authorities such as the “Greek National Authority of Assisted Reproduction”, which controls the scientific, legal, and moral frame in which all clinics and organisations related to assisted reproduction are functioning, the Inland Revenue office, etc.
C. To serve our (and third party) legitimate business interests
Legitimate interest is when we have a medical or commercial reason to use your information. Any such use shall be consistent with the fundamental rights of individuals, for example:
-To provide you with effective medical treatment, diagnosis, and support
-To improve our working relationships and optimise our services
-To respond to your requests
-To improve the security and usability of our website and services
-To perform patient and customer satisfaction surveys
-To keep you updated on our services
-To operate CCTV systems to prevent illegal actions against our patients, staff, and our property
D. You have given us your consent
As a patient, egg/sperm donor or other party, you have signed with us a valid contract, as per article 6 of the GDPR, and you have additionally provided us your consent which justifies the lawfulness of such processing.
Becoming a donor for our sperm bank implies full anonymity for both the donor and the recipient under Greek law which we fully guarantee via appropriate technical and organisational privacy and security measures (anonymisation, encryption, tokenization, etc.).
Our company values your personal information. For security of transactions, we use the Secure Sockets Layer (SSL) protocol, which encrypts any personal information you enter into registration forms on our website or applications. The encryption process protects your information, by scrambling it before it is sent to us from your computer. We also make commercially reasonable effort to ensure the security of your personal information on our system. However, no data transmission over the Internet can be guaranteed to be secure. Consequently, while we strive to protect your personal information within our records, we cannot warrant the security of any information you transmit to us.
How we share your data
In the course of the performance of our contractual and legal obligations, your personal data may be provided to various correspondents, such as hospitals, laboratories and suppliers. Our business partners are bound by Data Processing Agreements with us, and they are obliged to safeguard confidentiality and data protection according to the data protection regulation.
International transfers of data
Your personal data is generally transferred within the European Economic Area (EEA) (28 EU and Iceland, Lichtenstein, Norway) where we operate, in order for us to fulfill a legal or contractual obligation.
Your data may exceptionally be transferred to third countries outside the EEA in order to fulfill a legal or contractual obligation or because you have given us your explicit consent.
Processors in third countries are obligated to comply with the European data protection regulations and provide appropriate safeguards in relation to the transfer of your data in accordance with Art 46 of the GDPR.
We will process and store your Personal Data for the duration of our business relationship with you, and for as long as necessary to fulfill our contractual and legal obligations.
We will delete your data:
-When it is no longer necessary for the purposes for which that information was collected and processed
-Upon your request or objection, provided there are no overriding legal grounds requiring us to maintain that information
-When necessary for us to comply with our legal obligations such as tax, accounting and so on
-If our collection of information was based on your consent, upon the withdrawal of your consent
Automated decision and Profiling
In executing our business activities, we do not use any automated decision-making. We may from time to time process some aspects of your data automatically in order to enter into a business relationship with you.
How we use your personal data for marketing activities
We may process your personal data to tell you about products, services and offers that may be of interest to you or your business. The personal data we process for this purpose consists of information you provide to us and data we collect when you use our products.
-We can only use your personal data to promote our products and services to you if we have your consent to do so or if we consider that it is in our legitimate interest to do so
-You have the right to object any time to the processing of your personal data for marketing purposes, which includes profiling.
Your data protection rights
Under the law, you have the following rights in terms of your personal data:
-The right to request from us access to your data. You can ask to receive a copy of your data and check if it is lawfully processed
-The right to have your data corrected or erased
-The right to object to or restrict the processing of your data, for example where such information is not accurate or no longer serves the purpose it was collected for
-The right to data portability, namely, to receive a copy of your data in electronic form or have your data transferred from us to another party
-The right to object automated decision-making or profiling based on your data
-The right to withdraw your consent. Any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn by you.
Right to lodge a complaint
The right to lodge a complaint with us at email@example.com and before the Greek Supervisory Authority (www.dpa.gr). If you have exercised any of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us.