LIFE CODE Medical Ltd. has taken all necessary measures to fully safeguard your privacy and the security of your personal data, in accordance with applicable European and national legislation.

This document sets out our Diagnostic Center’s policy regarding the processing of patients’ personal data in the provision of healthcare services. Specifically, it describes: the types of personal data processed, the legal basis for processing, the data retention period, the recipients of the data, and the technical and organizational measures we have adopted to ensure the security of your privacy.

Data We Process
LIFE CODE Medical Ltd. collects your personal data (demographic information, payment and insurance details, medical history) in order to provide the medical services you request. Where you wish, we also process and store—strictly for diagnostic purposes—previous medical reports that you provide to us. In addition, with your explicit consent, we store contact details for your next of kin or other emergency contacts, which will be used only in case of emergency.

If you visit LIFE CODE Medical Ltd. following a referral by a private physician, we will inform the referring physician of your test results only when this is deemed necessary for the purposes of an accurate medical opinion.

Legal Basis for Processing

LIFE CODE Medical Ltd. processes your basic personal data (demographic details) during your visit to our Diagnostic Center, as well as any other personal data necessary for the provision of the medical services you request. Accordingly, the agreement for the provision of medical services constitutes the lawful basis for processing your data.

Data Retention Period
LIFE CODE Medical Ltd. retains your personal data for a period of 10 years, as provided by national law. After the above period has elapsed, LIFE CODE Medical Ltd. proceeds with the secure deletion of your personal data.

By exception, LIFE CODE Medical Ltd. may retain your personal data for a period longer than 10 years only where necessary to serve its legitimate interests or to comply with legal obligations. In such cases, you will be notified accordingly.

Recipients of Your Personal Data

IFE CODE Medical Ltd. discloses personal data to three categories of recipients:

i) Medical service providers — our external partners.
We maintain external collaborations with third parties (IT engineers, physicians, healthcare providers/reference laboratories) who process personal data on our behalf under stringent contractual obligations and who have been selected on the basis of their effective implementation of high-level data protection measures.

ii) Independent third‑party healthcare providers.
We disclose your personal data to third parties with whom we have no ongoing collaboration only in the following cases:
• Where disclosure is required under an insurance contract you maintain with a specific insurance company and within the scope defined therein;
• to protect your vital interests; and/or
• where required by a specific legal provision.

iii) Third parties at your request.
We disclose your personal data to third‑party healthcare providers only upon submission of your specific written request.

For more information on how your personal data may be transferred to third parties, please consult the reception desk of our Diagnostic Center.

Note: LIFE CODE Medical Ltd. bears no responsibility for the subsequent processing of your personal data by third parties where disclosure has been made at your own request.

Recording of Your Interactions
We may record and retain communications you have with our Diagnostic Center— including letters, emails, and any other forms of communication. We use these records to evaluate, analyze, and improve our services, train our staff, manage or prevent potential risks, and detect fraud or other criminal acts.

We may collect additional information related to these communications (e.g., the telephone numbers you use to call us and information about the devices or software you use), but only where this is deemed necessary for the above purposes.

Security of Your Data
Our priority is to keep your personal data secure. LIFE CODE Medical Ltd. has implemented a series of measures to ensure that your personal data remains safe and protected. Depending on the case, these measures include role‑based access controls (RBAC), pseudonymization, encryption, regular data backups, retention of your imaging examinations in PACS, and other technical and organizational measures.
Your Rights

You have the right to:
Access your data;
Rectify your data where it is inaccurate;
Erase your data in specific cases;
Restrict processing of your data;
Object to the processing of your data;
Data portability: have your data transmitted to another healthcare provider; and
Lodge a complaint with the Hellenic Data Protection Authority in the event of an unfortunate data‑breach incident affecting your data.

Our Diagnostic Center will respond to such requests within one month of receipt; in exceptional cases, this deadline may be extended by a further two months where additional time is required.

If you need clarifications or further information regarding the above rights, you may contact our reception or the company’s Data Protection Officer (contact details below).

Contacts
For any issue concerning the security of your data, you may contact our Center at +30 210 6917172 or via email at info@life-code.gr
Data Protection Officer (DPO): Privacy Advocate — dpo@life-code.gr.

If you are not satisfied with the way your data is processed, you may lodge a complaint with the Hellenic Data Protection Authority. However, we would appreciate the opportunity to resolve any complaint as quickly as possible before you submit a complaint to the Authority.

Data Subject Request Form

I, the undersigned __________________________________________, child of ____________________________, resident of ______________________________________, street ____________________________________________, holder of ID card/Passport no. ____________________________, hereby request:

Provision of a Copy of Medical Record
Pursuant to Article 15 GDPR, I wish to receive a copy of my medical record / the results of the laboratory tests I underwent at your diagnostic center, specifically: ____________________________________________________________

Request for Rectification of Data
Pursuant to Article 16 GDPR, I request that you rectify the inaccurate personal data you hold, specifically: ____________________________________________________________

Request for Erasure of Data
Pursuant to the General Data Protection Regulation, I request the deletion of the following personal data you hold: ____________________________________________________________
I expressly acknowledge that this request will be satisfied only after the lapse of the legally mandatory retention period for medical records.

Request for Restriction of Processing
Pursuant to Article 18 GDPR, I request that you restrict the processing of my data for the following reason: ____________________________________________________________

Request to Object to Processing
Pursuant to Article 21 GDPR, I do not wish my personal data to be further processed for the following purposes: ____________________________________________________________

Request for Data Portability
Pursuant to Article 20 GDPR, I request that you:
• provide me with all personal data you hold in a structured, commonly used and machine‑readable format; and/or
• transfer all personal data you hold to __________________________________, where technically feasible.

Place/Date: __________________________________

Patient’s Full Name: __________________________

Patient’s Signature: __________________________