Privacy Notice / GDPR

Home | Privacy Notice / GDPR

Cretan Medicare S.A. Privacy Notice explains why your personal and medical data are collected, the ways in which your data is be used, and your rights under the General Data Protection Regulation (GDPR) EU2016/679.

How we use your information to help you

When you come to our Medical Center as a Patient, a record of your care is kept.

Your record includes details such as

Personal / Contact details:

  • Your name, home and email address, home and mobile phone numbers, date of birth, Social Security Number (where applicable) and gender.
  • Hotel name and room number along with tour operator – where applicable- travel details (arrival, departure dates etc).
  • Details about your caregivers, legal representatives and emergency contact details.
  • Relevant information from other health professionals, relatives or caregivers.

Medical records:

  • Medical History.
  • Notes and reports about your health.
  • Details about your treatment and care.
  • Treatment plans and consent.
  • Notes and medical record contain information based on the professional opinion of the staff caring for you.
  • Any contact Cretan Medicare’s staff has had with you, such us appointments, hotel or clinic visits, hospitalization, repatriation arrangement, etc.
  • Results of investigations such us laboratory tests, x-rays, ultrasound images, medical reports etc.
  • Correspondence with you and other health professionals or institutions regarding your health and care.
  • Details of any complaints you have made and how they were dealt with.

According to art.6 par.1 of the GDPR, the legal basis is formed with your consent for the process of your personal data.

Why we collect your personal data

  • In order for our medical staff to provide you with the best possible care and treatment.
  • To monitor the progress of your health.
  • To share information concerning your treatment with different departments of our centre or other health providers within EU.
  • To train and educate our staff.
  • To monitor and improve the quality of our healthcare and services to the patients.

It is very important to notify our medical centre if there are any changes to your personal information.

Note: It is the patient’s responsibility to give accurate and true information. Your personal data are being used only for the purposes mentioned in the Privacy Notice, unless we have your consent, or if the law obliges or permits us so.

How we collect your personal data at our Medical Center

Your personal data and Information are recorded on paper and electronically in our computer systems. Our computers systems enable information to be shared between staff members who care for you so that they have the right information at the right time.

How we collect and process data on our Website

When you are visiting our Website, we automatically collect and store anonymized technical information from you. These are:

  • IP address
  • device ID
  • browser type
  • operating system
  • mobile device identifiers
  • geo-location data
  • state or country from which you accessed our website
  • specific webpages visited
  • date and time of a visit
  • websites you visited immediately before and after visiting our website
  • number of links and specific links you click within our website
  • functions you use on our website
  • any reservations, updates, purchases or other transactions through our website
  • data you view or download from our website

We may also use cookies on our websites to store information in your computer or mobile device to improve your online experience. Cookies are small text files which let you navigate between pages efficiently, help us understand how this website is performing and generally improve your browsing experience. Cookies can also help to ensure the advertising you see online is more relevant to you.

Generally, our cookies may perform the following functions

Essential cookies: Some cookies are vital to the operation of our website. Without them you will not be able to navigate in the web site and to use some of its features. The basic cookies allow smooth transition from page to page on the site and are absolutely necessary for its appropriate functioning.

Functionality Cookies: We do not use functionality cookies and we cannot remember your preferences and selections you have requested on previous visits to our sites

Performance Cookies: We use performance cookies to analyse how our visitors use our website and to monitor website performance. This allows us to provide a high quality experience by customizing our offering and quickly identifying and fixing any issues that arise. These cookies don’t collect information that identifies a visitor. All information collected is aggregated and therefore anonymous and is only used to improve how our website works.

Advertising Cookies: We do not use advertising cookies on our website.

Third Party cookies: Third party cookies are set by a different organisation on our website. For example, our website may contain content embedded content from, for example, Facebook or YouTube that are delivered through an advertising partner’s network. These sites may set their own cookies which are beyond of our control.

In case that you wish to activate or deactivate the use of cookies from your browser’s settings, depending on your browser, you can visit the following web pages in order to obtain the appropriate information:

We are using the above described data to make our Website user-friendly and to protect our IT Systems from different kind of cyber attacks or other illegal activities.

Keeping your information confidential

Everyone working for Cretan Medicare S.A. has a legal duty to maintain the highest level of confidentiality. All staff members are instructed and special trained on handling confidential information and data.

Cretan Medicare S.A. computer systems and networks are designed to ensure the availability and integrity of data and all necessary technical measures have been taken to ensure data protection. Your information will be stored, managed and used with the greatest possible care.

Sharing your personal data

To make sure you receive all the care and treatment you need, we might share relevant information about you with other organizations (see below), either via paper or by secured computer systems sharing.

Such organizations include:

  • Your Medical Doctor,
  • Your Medical Insurance Company,
  • Hospitals, walk-in-centres, out-of-hours doctors,
  • Nurses, Paramedics and therapists,
  • Private sector organizations (for example: private hospitals, medical air transport),
  • Debt collector agencies,
  • Solicitors.

Before we share any of your personal data or information, we will inform you to make sure you are aware of the information sharing and to give us your consent. If we are unable to contact you, we will only share information where we can demonstrate it is in the best interest of yourself or another individual. This is to ensure that you receive the best quality of care or are protected from any harm.

When information is shared, it is passed securely to, and kept confidential by, the people who receive it. It will only be used for the purpose for which it has been shared.

With your consent, information can be shared with relatives, partners or friends who may act as a caregiver for you. Sharing information can help your family or caregiver understand the support you require. During an assessment or review of your care, we will ask what information you want shared with your family or caregiver. We will record your views in our records.

Sharing your information without your consent

We will inform you and ensure you are satisfied for your information to be shared, but there are times when we might need to share your information without your consent. This will only happen where we are legally required to do so, or the law allows us to do so in order to protect you or other people.

Such situations include:

  • Where there is a risk of harm or abuse to you or other people.
  • Where a serious crime, such as an assault, is being investigated or where it could be prevented.
  • To control infectious diseases such as meningitis, tuberculosis (TB) or measles.
  • Where the courts have made a formal order in relation to a court case.

We will try to inform you if we share your information without your consent.

Data Retention of your personal data

For your best possible care and service, your personal and medical records are stored and kept in our computer systems until you request complete erasure of your data or the legal retention period has been passed.

In specific:

  • Your microbiological test and medical record will be kept in our systems for 30 years.
  • Your X-Rays will be kept in our systems for 1 year.
  • Your Ultrasound Images are stored in our system for 10 years.

Financial Information:

We hold information about the fees we have charged, the amounts you have paid and some payments details. This information forms a part of our contractual obligation to you to provide our health care and allows us to meet legal financial requirements.

Further information, your rights and accessing your records

Cretan Medicare S.A. has built its international reputation through being a reliable and serious medical company which is maintained through investing in long term, friendly and humane management of its patients and their care ensuring that their privacy is being protected.

Therefore if you would like to know more about how we use your Medical and Personal Data or you have any complaints please feel free to contact our Data Protection Officer (DPO) :

Mr. Marcus Kuechler
Contact Information
Postal Mail: Attn: Data Protection Officer (DPO)
Cretan Medicare S.A.
19 EL. Venizelou Str. ,GR 70014, Hersonissos-Crete, Greece

Any written request will be answered within 30 working days.

We reserve the right to change this Policy, at any time for any reason, by posting revisions on this webpage or on application. Such changes will be effective upon posting but will not apply retroactively.

At this point we would like to inform you about your rights regarding Medical and Personal Data

  • You have the right, at any time, to withdraw your consent in accordance to the processing and storing your personal data.
  • You have the right to get a copy of your personal data and files that we keep in our systems. If you want to see or have a copy of your records, please inform the Reception at our Medical Center or our Data Protection Officer and a copy of your records will be given to you. Handling Fees might occur.
  • You have the right at any time to request a complete erasure of your personal data and information held in our systems.
  • You have the right at any time to request rectification of your personal data kept in our systems.
  • You have the right to object data processing of your personal data kept in our systems where possible.
  • You have the right to request data portability of your personal data kept in our systems to another organization.
  • You have the right at any given time to file a complaint at the Hellenic Data Protection Authority (DPA), Kifissias 1-3 11523, Athens – Greece, Tel.: +30 210 6475600, e-mail: