Privacy Policy

Last updated: October 2020

The Clinics, Diagnostic Centers and Polyclinics of Hellenic Healthcare Group (hereinafter HHG) take seriously the privacy of their patients, clients and visitors. For this reason, we strictly follow the Privacy Policy mentioned below, which ensures the high level of services offered and strictly adheres to the applicable legislative framework. The personal data concerning you are collected and kept for the strictly necessary time, for specified, explicit and legal purposes, they are lawfully and legitimately processed in a transparent manner always in accordance with the applicable legal framework and in a way that guarantees their integrity and confidentiality . These data are each time appropriate, relevant, convenient, never more than those required in view of the above purposes, and are accurate and, if necessary, are subject to updating.

Details of Hellenic Healthcare Group

HHG for the provision of healthcare services has the following Clinics / Diagnostic Centers / Polyclinics which act as joint Processors for the personal data they process, whether they are simple or special category sensitive Healthcare data.

Their details follow in detail:

VAT number: 094027767



Headquarters: ETH. MAKARIOU 9 & EL. VENIZELOU 1
VAT number: 099551880


Distinctive Title: MITERA S.A.

VAT number: 094039858



VAT number: 094237943


Distinctive Title: LETO G.O.G.C. S.A.

Headquarters: MOUSON 7-13, ATHENS
VAT number: 094318509



Headquarters: LEVIDOU 16, P.O. 145 62, KIFISIA
VAT number: 996954275

The details of the Data Protection Officer (DPO) for the HHG companies are: Dimitris Kolios, Fleming 14, 15123 Marousi, T: 210 686 7679


This Policy defines the terms and conditions observed by HHG for the general protection of the privacy of patients, escorts, relatives and any kind of accompanying persons, whose personal data are processed for the purpose of providing health services and users of the applications created by the Clinics / Diagnostic Centers / Polyclinics / Medically Assisted Reproduction Unit of HHG. The purpose of this Policy is to inform you about how we collect, use, maintain, share and process the data about you, such as your personal information and demographic data that you provide to us when you choose to receive health services from the our Group, or health data resulting from the provision of our services to you.

The Group reserves the right to modify and update this Policy, whenever it deems it necessary or whenever this becomes mandatory by the relevant legislation, while the changes take effect from the time they are posted on this website/application.


HHG strives to conduct its business actions in accordance with privacy principles, as we believe they demonstrate our unwavering commitment to ethical and responsible practices. We recognize that innovation and new technologies lead to constant changes in risk, expectations, and legislation, which is why we follow privacy accountability standards and aim to adapt our practices in a timely manner in response to these changes.

This Policy also applies to all individuals whose data we process, including but not limited to customers, candidates, current and former employees, partners, investors, shareholders, and other stakeholders.

All Group Employees and Management executives have important responsibilities regarding the protection of privacy which they must respect.

We recognize that inadvertent errors and misjudgment regarding data protection can cause risks to individuals' privacy and risks to our Group's reputation, processes, compliance and standing. Each employee of our Group, as well as other persons who process data for our companies, are responsible for understanding and complying with their obligations towards this Policy and existing laws.

Our Values ​​and Privacy Stopards

We uphold our privacy values ​​in everything we do that involves people, including how we apply privacy standards. The four privacy values ​​include:

  • Respect -We recognize that privacy concerns often relate to fundamental questions of who we are, how we see the world, and how we define ourselves. Thus, we try hard to respect the perspectives and interests of individuals and communities and to be fair and transparent in how we use and share information about them;
  • Trust -We know that trust is critical to our success, and that's why we work hard to build and maintain the trust of our customers, employees, patients, and other stakeholders by respecting and protecting information related to them;
  • Damage Prevention -We understand that the misuse of information related to people can create tangible and intangible harm to individuals, and so we strive to prevent physical, financial, reputational, or other privacy-related harm;
  • Compliance -We have learned that laws and regulations do not always keep pace with rapid developments in technology, data flow and associated changes in privacy risks and expectations. So, we strive hard to comply with the spirit and regulations of privacy and data protection laws in a way that demonstrates consistency and operational adequacy for our business actions globally.

We incorporate our privacy standards into all activities, processes, technologies, and relationships with third parties that use Personal Data. We design privacy controls into our processing and technologies that are consistent with our privacy values ​​and standards and with applicable law. The eight privacy principles described below summarize the privacy standards and basic requirements for processing, activities, and their supporting technologies at a high level.

  • Necessity –Before collecting, using, or distributing Personal Data, we determine and record the specific, precise and legitimate business purpose for which it is necessary;
  • Justice –We do not process Personal Data in ways that are unfair to the individuals to whom the data relates;
  • Transparency –We do not process Personal Data in ways or for purposes that are not transparent;
  • Purpose Limitation –We use Personal Data only in accordance with the principles of Necessity and Transparency;
  • Data Quality –We keep Personal Data accurate, complete, and up-to-date and consistent with its intended use;
  • Security -We incorporate safeguards to protect Personal Data and Sensitive Data from loss, misuse, and unauthorized access, disclosure, or destruction, and ensure its integrity, confidentiality, and availability;
  • Data transfer -We are responsible for maintaining the security and privacy of Personal Data when it is transferred to or from other organizations or across national borders in order to satisfy the right to portability;
  • Legally Allowed –We process Personal Data in compliance with the applicable legislative and regulatory framework.


"personal data" is any information concerning an identified or identifiable natural person;

"genetic data" is the personal data relating to genetic characteristics of a natural person that have been inherited or acquired, as derived, in particular, from an analysis of a biological sample of that natural person and which provide unique information about the physiology or health of that natural person;

"biometric data" is the personal data, which result from special technical processing linked to physical, biological or behavioral characteristics of a natural person and which allow or confirm the indisputable identification of said natural person;

"health related data" are the personal data, which are related to the physical or mental health of a natural person, including the provision of healthcare services and which reveal information about the state of their health;

"special category personal data" is, among others, genetic, biometric and health-related data;

"processing of personal data" means any act or series of acts on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association, combination, restriction, deletion or destruction;

"controller" is the natural or legal person, public authority, agency, or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data;

"person performing the processing" is the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

"personal data breach": the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.


In the context of this Policy, the "legal framework for the protection of personal data" means the no. 2016/679 General Data Protection Regulation of the European Parliament and of the Council for the protection of natural persons against the processing of personal data and for the free movement of such data and any regulation or directive issued subsequently or for its implementation above General Regulation, the law 4624/2019 "Principle of Personal Data Protection, implementing measures of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 for the protection of natural persons against the processing of personal data and incorporation in the national legislation of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions" as well as any national law or directive of the GDPR that is valid and applicable and concerns the processing and protection of personal data in general and in particular in the field of health services.

Indicatively, we mention that, among others, the following laws apply as amended:

  • Law 3418/2005 Code of Medical Ethics;
  • Law 2071/1992 Modernization and Organization of the Health System;
  • Law 2619/1998 Oviedo Convention;
  • Relevant Regulatory Acts of the competent Independent Administrative Authorities;
  • General Data Protection Regulation 2016/679;
  • Implementing Law 4624/2019 on the protection of personal data;
  • Existing Legislation regarding emergency measures to deal with the negative consequences of the emergence of the COVID-19 coronavirus and the need to limit its spread.


In accordance with the above legal framework, HHG collects and processes personal data of patients, patients' escorts or users of its companies' websites for the following purposes and only to the extent absolutely necessary to effectively serve these purposes. This data are always relevant, useful, and no more than it is required in view of the purposes below, it is accurate and, if necessary, it is subject to updating. HHG may process personal data, as long as the processing is necessary for at least one of the following legal bases, namely:

  • for the performance of the contract between us or to take steps following your request before entering into a contract;
  • in order to comply with its legal obligation;
  • for the purposes of its legitimate interests;
  • when you have given your consent;
  • to safeguard your vital interests;
  • for the fulfillment of a duty performed in the public interest;
  • for the execution of rights and obligations arising from social security law;
  • for the establishment, exercise, or support of legal claims or when the courts are acting in their jurisdictional capacity;
  • for the purposes of preventive or occupational medicine, medical diagnosis, provision of healthcare or treatment, or management of health systems.
  1. HHG keeps and processes the simple and sensitive personal data provided by you or another person with your legally provided authorization, for the purpose of executing the contract for the provision of health services that you have signed or another natural or legal person has signed on behalf of you and/or for the protection of your vital interest and/or for the fulfillment of a legal obligation or interest of each Group company and/or based on your consent and may transmit them inside or outside the European Union to private and/or public insurance entities, collaborators/processors, and/or competent judicial, police or tax authorities in accordance with the applicable legal framework.

HHG keeps and processes a special category of data, i.e. medical history, medical examinations, medical procedures that you or another natural or legal person provide on your behalf and the medical data resulting from the provision of medical services - health services, with the aim of the provision of medical services – health services based on the provision of preventive or occupational medicine services, medical diagnosis, safeguarding your vital interests, and/or your express consent. The above data for the above purposes may be transmitted by law to private or public insurance bodies in accordance with your own legal relationship with them, to a network of Doctors who provide independent services to our Group, to partners acting on behalf of each company, in accordance with the contracts between us, for the purpose of providing health services. HHG in accordance with what is provided in the existing legal framework, may process and transmit simple or special category personal data of the patient to law firms for the establishment, exercise or support of legal claims or when the courts act in their jurisdictional capacity to competent authorities , as well as for reasons of legal obligation or public interest, as defined by law. Also, HHG may process and transmit the simple data of the patient and/or his dependent/companion for his compliance with a legal obligation, as well as a duty in the public interest to the competent police, judicial, administrative, tax authorities within and outside the European Union, following their valid request. It also has a legal obligation to carry out any necessary internal control on personal data concerning you, in accordance with its internal procedures, when provided for or defined by law.

  1. HHG, in accordance with what is provided in the legal framework, may transmit your personal data to law firms for the collection and payment of debts arising from the provision of medical services - health services, simple and special category, to law firms for the establishment, exercise or support legal claims.
  2. HHG, following your relevant positive consent, may process your personal data for the purpose of developing, improving, and promoting its services, as well as providing privileges.


HHG is required to keep documents or electronic records for the period provided by national law. Specifically, as defined by the Code of Medical Ethics (Law 3418/2005, Government Gazette A 287/28.11.2005), "Article 14§4: The obligation to maintain medical records applies to: a) private practices and other primary healthcare units of the private sector, for a decade from the patient's last visit and b) in any other case, for twenty years from the patient's last visit."

The data kept for the commercial promotion of products or services and/or the provision of benefits will be deleted six months after the completion of the action.

Resumes collected by the relevant Human Resources Departments are kept for one year and then destroyed according to the destruction policy that HHG has for its companies.

Tax information is maintained in accordance with tax legislation.


The legislation for the protection of personal data provides you with the following rights, which you can in principle exercise free of charge and based on what is provided for in the legal framework:

  • Right of access, i.e., to be informed about which of your data has been collected and processed by HHG, their origin, the purposes and legal basis of their processing, any recipients, or categories of recipients of personal data, especially in third countries as well as the time compliance with them;
  • Right of rectification, any inaccurate personal data of yours, so that they become accurate, by submitting a relevant statement to HHG with your accurate personal data;
  • Right of completion, any incomplete personal data of yours, so that they become complete, by submitting a relevant statement to HHG with your complete personal data;
  • Right to erasure of your personal data in the following cases:
    • when your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • when you withdraw your consent on which the processing of your personal data was based and there is no other legal basis for the processing;
    • when your personal data were processed without the existence of the necessary legal basis;
    • when the obligation to delete your personal data is provided by law;
    • when they have collected with the offer of information society services personal data of a child, following his consent or the consent is given or approved by the person who has parental care of the child.
  • Right to restriction of processing of your personal data, in the following cases:
    • you dispute the accuracy of your personal data and until HHG verifies their accuracy;
    • when instead of deletion, you request the restriction of the processing of your personal data;
    • when HHG no longer needs your personal data for the purposes of processing, but such personal data are required by you to establish, exercise, or support legal claims.
  • Right to object - oppositiion in the processing of your data, unless there are compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or to establish, exercise or support legal claims of HHG;
  • Right of portability, that is to receive and transmit to another data controller your personal data, which you have provided to the Clinics, Diagnostic Centers, Polyclinics and Medically Assisted Reproduction Unit of HHG in an appropriate format, as long as the processing of your personal data has taken place after consent you or was necessary for the execution of the contract between us;
  • Right to withdraw consent (non-retroactive) that you have provided for an issue related to the protection of simple personal and health data.

These rights may be limited due to an obligation to apply another law, as for example in the event that you request the deletion of data, while we are obliged to retain it by law (Article 14 Code of Medical Ethics).

For all the above and to resolve any question regarding the current legislation on personal data, you can contact HHG in the following ways:

  • via the online contact form at This email address is being protected from spambots. You need JavaScript enabled to view it. for ΗYGEIA, Mitera, Leto, Alpha Lab and Hygeia IVF Embryogenesis, This email address is being protected from spambots. You need JavaScript enabled to view it. for Metropolitan Hospital, Metropolitan General, Health Spot and HEAL, This email address is being protected from spambots. You need JavaScript enabled to view it. for Apollonion;
  • by letter to the Data Protection Officer of HHG (Fleming 14, 15123 Marousi);
  • HHG will respond to your Request free of charge, without delay and in any case within one month of receiving the request, except in exceptional cases, in which case the above deadline can be extended by two more months, if necessary, taking into account the complexity of the request or of the number of requests. HHG will inform you of any extension within one month of receiving the request, as well as the reasons for the delay;
  • If it is not possible to satisfy your request, HHG will inform you without delay and at the latest within one month of receiving the request, of the relevant reasons and of the possibility of submitting a complaint to the Personal Data Protection Authority, as well as of your right to appeal to the competent judicial authorities;
  • If your request is deemed by HHG to be manifestly unfounded or excessive, it may impose a reasonable and proportionate fee, taking into account the administrative costs of satisfying it, or refuse to proceed with your request.

In the event that you consider that your rights regarding the protection of your personal data are violated, you reserve the right to submit a complaint to the Personal Data Protection Authority (1-3 Kifissias St., PO Box 115 23, Athens, tel.: + 30 2106475600, email:This email address is being protected from spambots. You need JavaScript enabled to view it.) You also have the right to appeal to the competent judicial authorities for the protection of your personal data.


HHG has taken the appropriate technical and organizational security measures to ensure the application of legislation and the appropriate level of security of your personal data and has properly trained its staff and the entire network of Doctors collaborating with it through the Protection Policies and Procedures of Personal Data and binds all its partners, who act on its behalf as Processors with contracts (Data Protection Agreement) governed by the guarantees and safeguards of the GDPR.


By providing your e-mail address, you also give us your consent to receive e-mails from us for the sole purpose of advertising and directly promoting our products and/or services through a newsletter. Your email will only be used by HHG and the partner acting on its behalf to send the newsletters. In each such e-mail, we will clearly and clearly communicate our identity to you and give you the possibility to object and request, in an easy way and free of charge, the termination of the communication and the deletion of your data from that database.


Our website works with electronic cookies. For more information please visit the link below regarding our use of electronic cookies Cookies Policy