Privacy & GDPR Policies

This Privacy Policy applies to all persons whose data we process ("you"), regardless of how you contact us. It applies both to the processing of personal data that has already been collected and to personal data collected in the future.

Our data processing may affect the following categories of persons in particular, insofar as we process personal data:

• Visitors to our websites
• Other persons who use our services or who come into contact with our offers
• Employees of companies with which we enter into or maintain a contractual relationship
• People who write to us or contact us in any other way
• Recipients of information & marketing communications
• Participants in customer events and public events
• Participants in market research and opinion polls and customer surveys
• Contact persons of our suppliers, customers and other business partners as well as organizations and authorities
• Job applicants

Data provided by You

You often provide us with personal data directly, for example, when you communicate with us or transfer data. This typically includes basic data, contract data, and communication data. Preference data is also frequently provided by you.

For instance, you provide us with personal data in the following scenarios:

• When contacting our customer service.
• When registering for other services

Providing personal data is usually voluntary; however, we must collect and process certain data necessary for contract execution and compliance with related obligations, or as required by law, such as mandatory basic and contract data. Without these, we may not be able to conclude or continue the relevant contract.

If you provide us with data about other individuals, we assume you are authorized to do so and that this information is accurate. Please also ensure that these individuals are informed about this privacy policy.

Collected Data

We may collect personal data about you independently or automatically, for example, when you use our offers, or avail of our services. This often includes behavior and transaction data, as well as technical data (e.g., the time you visit our website).

We autonomously collect personal data in scenarios such as:

• When you visit one of our websites or use one of our apps.
• When you click on a link in our newsletter or interact with one of our electronic promotional communications.
• We may also derive personal data from existing data, for example, by analyzing behavior and transaction data. Such derived data often includes preference data.

Received Data

We may receive information about you from third parties, such as companies we collaborate with, individuals who communicate with us, or from public sources.

These data may come from sources including:

• Cooperation partners.
• Group companies.
• Your employer and colleagues in the context of job applications and professional roles.
• Third parties related to correspondence and meetings concerning you.
• Individuals in your circle (family members, legal representatives, etc.), for instance, for delivery addresses, references, or powers of attorney.
• Credit reporting agencies for credit checks.
• Postal services and address traders for address updates.
• Banks, insurance companies, distribution, and other contractual partners in the context of purchases and payments.
• Providers of online services, including internet analysis services and cyber-security services.
• Information services for compliance with legal requirements such as anti-money laundering and export restrictions.
• Authorities, parties, and other third parties in the context of administrative and judicial procedures.
• Media monitoring companies regarding articles and reports featuring you.
• Public registers and public authorities, media, or the internet.

The categories of personal data that we collect and process is including, but not limited to:

• Master Data: Your basic details such as name, contact information, date of birth, and any information provided during account creation, event registration, or newsletter sign-up.
• Contract Data: Details surrounding contract initiation and execution, including transaction data related to our services or employment applications.
• Communication Data: Information from interactions with us, such as emails, calls, and proof of identity required for verification.
• Transactional and behavioral Data: Usage data when you engage with our services, attend events, or interact with our website.
• Preference Data: Information on your interests to customize our services.
• Technical Data: Technical identifiers like IP address or device ID, and usage logs, often collected via cookies.
• Image and Sound Recordings: Recordings from events or security footage, and any related behavioral information.

Our processing of personal data is based on various legal grounds, depending on the specific purpose of the processing.

Legal bases for processing personal data include:

• The performance of a contract with the data subject or the implementation of pre-contractual measures (e.g., handling diagnostic requests or orders)
• Compliance with national or international legal obligations (e.g., healthcare regulations, recordkeeping duties)¨
• The explicit consent of the data subject (e.g., for marketing or voluntary data sharing)
• The pursuit of legitimate interests, especially when data processing is a core component of our operations (e.g., IT security, internal administration)

Specific purposes of data processing include:

• Quality assurance, research, and statistics (in pseudonymized/anonymized form)
• IT security and abuse prevention
• Marketing and customer communication (where consent is provided)
• Internal administration, accounting, and compliance functions

In every case, we ensure that our data processing complies with FADP and GDPR (if applicable) to ensure adequate protection of your personal data.

Communication:

We process personal data to effectively communicate with you and address your specific concerns. This includes handling communication and basic data, as well as contract data for communication related to contractual matters. We personalize the content and timing of messages based on behavior, transaction, and preference data.

The primary purposes of our communication include:

• Customer communication and support, including inquiries and service questions
• Personalized messaging based on user behavior and preferences.
• Quality assurance, training, and other related communications, such as direct marketing.

Contractual Obligation and Contract Management:

To provide you with the best possible service, we process personal data in connection with the initiation, management, and execution of contractual relationships. This includes delivering orders, providing services, managing purchases and services.

The purposes of our contract management can include:

• Deciding whether and how to enter into a contract with you (including payment options), including credit checks.
• Providing services as agreed in contracts.
• Offering customer service and assessing customer satisfaction.
• Invoicing our services and for general accounting purposes.
• Planning and preparing the provision of our services.
• Assessing the suitability of job applicants, and if applicable, preparing and concluding employment contracts.
• Enforcing legal claims arising from contracts.
• Managing and operating our IT and other resources.
• Storing data as part of legal retention obligations.
• Terminating and concluding contracts.
• Managing applications and employment relationships

Information and Marketing

We process personal data to offer you attractive deals and maintain customer relationships. This includes sending communications and offers, both in written and electronic forms, as well as conducting marketing activities. These actions may include our own offers or those from advertising partners.

To present you with personalized offers, we may use data such as basic data, contract data, communication data, behavior and transaction data, and preference data. This allows us to provide you with relevant information and offers.

The types of communications and offers may include:

• Promotional emails, in-app messages, and other electronic communications
• Advertising brochures, magazines, and other printed materials.
• Promotional messages across various media platforms.
• Promotional vouchers and discount codes.
• Invitations to events, contests, and competitions.

You always have the option to decline marketing contacts, and you can easily unsubscribe from newsletters and other electronic communications via an unsubscribe link or through your customer account.

Market research and product development

To continuously improve and make our offerings more attractive, we process personal data for market research and product development purposes. This involves analyzing data such as basic, behavioral, transactional, and preference data, as well as communication data and information from customer surveys, studies, and other sources like media, internet, and public records. Wherever possible, we use pseudonymized or anonymized data for these purposes.

Key activities in market research and product development include:

• Conducting customer surveys and research to inform the development and enhancement of our offerings, including product range, pricing, and promotional strategies.
• Improving user experience for our website and testing new product and service concepts.
• Performing statistical evaluations and market analysis to understand customer behaviors, market trends, and competitive dynamics.

Security and prevention:

We process personal data to ensure your and our safety and to prevent misuse. This includes ensuring IT security, preventing theft, fraud, and abuse, and for evidence purposes. We may process various types of personal data for these purposes, especially behavior and transaction data.

Key purposes of security and prevention include:

• Analyzing behavior and transaction data to detect suspicious patterns and fraudulent activities.
• Evaluating system logs (log data) of our systems' usage.
• Preventing, defending against, and investigating cyberattacks and malware threats.
• Analyzing and testing our networks and IT infrastructures, including system and error checks.
• Controlling access to electronic systems (e.g., logins to user accounts) and physical access controls (e.g., entry to office spaces).
• Documentation purposes and creating backup copies.

Compliance with legal requirements:

We process personal data to fulfill legal obligations and to prevent and detect violations. This includes handling all categories of personal data. These requirements may include Greek law, foreign regulations, self-regulations, industry and other standards, our own corporate governance, or governmental instructions.

Key aspects of compliance with legal requirements include:

• Conducting due diligence on business partners.
• Receiving and processing complaints and other reports.
• Conducting internal investigations.
• Ensuring compliance and risk management.
• Disclosing information and documents to authorities when we have a factual basis (e.g., as an affected party) or are legally obligated.
• Cooperating in external investigations by law enforcement or regulatory authorities.
• Ensuring legally required data security.
• Fulfilling disclosure, information, or reporting obligations related to supervisory and tax laws, including archival obligations, and in the prevention, detection, and investigation of criminal acts and other violations.

Preservation of rights:

We process personal data to enforce our legal claims and defend against claims of others, both in domestic and international legal and administrative proceedings. Depending on the situation, this may involve processing various types of personal data, such as contact details and information related to disputes or potential disputes.

Key activities for the purpose of legal enforcement and defence include:

• Investigating and enforcing our claims, which may also include claims related to our associated companies and our contractual and business partners.
• Defending against claims directed at us, our employees, associated companies, and our contractual and business partners.
• Assessing legal, economic, and other aspects of disputes and potential disputes.
• Participating in legal proceedings before courts and authorities domestically and internationally. This may involve securing evidence, assessing litigation prospects, or submitting documents to authorities. We may also be required by authorities to disclose documents and data carriers containing personal data.

Administration and Support

We process personal data to efficiently manage our internal operations. This includes the processing of basic data, contract data, technical data, as well as behavior, transaction, and communication data.

Key aspects of our internal administration include:

• Management of IT resources.
• Accounting and financial management.
• Data archiving and managing our archives.
• Training and education, which may involve evaluating recordings of phone, video, or other forms of communication.
• Routing inquiries to relevant departments.
• Reviewing and enhancing internal processes.

Like any company, we have an overarching interest in successful business operations and the fulfillment of our processing purposes.

We process and store your personal data for as long as is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e., for example, for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company (i.e. in particular during the statutory limitation period) and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible.

We share your personal information internally, within companies in the R.G.C.C Group and with selected third parties. For example, we share your personal information with service providers who process data on our behalf as “processors”, like contract processors for IT and management services as well as in case of business transfers or legal disclosure. Our processors are required to process personal information only in accordance with our instructions and to take appropriate data security measures. We ensure that data protection is maintained throughout the processing of your personal data by selecting service providers carefully and entering into appropriate contractual arrangements to ensure data protection, comply with this privacy notice and to process personal data securely and exclusively for the purposes allowed by the Company. Certain service providers are also jointly or independently responsible with us (e.g. debt collection companies). Sometimes, we may share data with third parties for their own use, such as with your consent, for legal compliance, or with authorities for legal proceedings.

External recipients who the Company shares personal data routinely are group companies, business partners, suppliers and service providers.

This includes, for example, services in the following areas:

• Technical service providers (e.g., IT, hosting, mailing)
• Research institutions and laboratories (e.g., RGCC SA Greece)
• Referring or treating physicians
• Payment service providers
• Public authorities (where required by law)
• Companies within the R.G.C.C Group
• Legal advisors and supervisory authorities
• Marketing partners (only with prior consent)

The transfer of personal data primarily occurs within Switzerland, Germany, Greece, the United Kingdom and the countries of the European Economic Area (EEA), but it may also extend to recipients in other countries of the world. In instances where personal data must be sent to countries without comprehensive data protection laws, we will enact appropriate safeguards. This includes the use of standard contractual clauses and model contracts for data transfers acknowledged by the relevant data protection authorities. These measures are put in place to ensure adherence to our Privacy Notice and the applicable laws.

Automated data decisions are decisions affecting data subjects that are fully automated (i.e without human influence). We generally do not do this but will inform you separately, should we opt to utilize automated individual decision-making in individual cases.

Under data protection laws, you are entitled to certain rights in relation to the personal data we process to ensure that the processing is lawful. In particular, you have the right to:

• request information about your personal data processed by us
• request a copy of the personal data the Company holds on you in a structured, commonly used and machine-readable format
• restrict processing and/or object to the processing of personal data, in which case we may, however, no longer be able to provide related services or fulfill our contractual obligations.
• request that your personal data be deleted if there is no compelling reason for its continued processing.
• request changes to your personal data if it is inaccurate or incomplete.

If you've given us permission to use your personal data, you have the right to take back that permission whenever you choose. Doing so won't affect any data processing that was done legally before you withdrew your consent.

Please note that your rights under this section may be limited to protect the predominant interests of the Company or third parties or if there are doubts about the identity.

You also have the right to lodge a complaint with the applicable data protection authority. The competent data protection authority in Switzerland is the EDOEB (www.edoeb.admin.ch).

What are cookies and why do we use them?

Our website uses cookies. Cookies are data records that are stored on your device's operating system with the help of your browser when you visit our website. Cookies do not harm your computer and do not contain viruses.

Why may we use cookies?

We use cookies so that we can make our website more user-friendly, effective and secure. The use of cookies and the processing of your data in this regard is based on our legitimate interests in the stated purposes.

Types of cookies and their purposes:

Our website utilizes two types of cookies. First Party Cookies, issued by our site, are stored on your device to recognize your return visits to our site only. They do not track your activities across different websites. In contrast, Third Party Cookies, used by advertisers, collect data about your web activities. These cookies are stored when you visit a page with ads, allowing advertisers to recognize you on different sites with their ads. The primary function of Third Party Cookies is to identify and later recognize website visitors for targeted advertising.

• Essential cookies: necessary for the operation of the site.
• Performance cookies: collect information about the use of our website in order to optimize it.
• Functionality cookies: these allow the website to store information already provided (such as usernames, language selection) and to offer users improved, more personalized functions.
• Targeting cookies or advertising cookies: these are used to show you relevant advertisements and to control the frequency of ads, as well as to evaluate the effectiveness of promotions.

Your choices and consent:

You have full control over the use of cookies. When you first visit our website, a cookie banner will appear where you can give your consent to the different cookie categories - apart from the strictly necessary cookies required to use the site. Your consent is voluntary and can be revoked at any time via the cookie settings on our website. We will not set performance, functionality or targeting cookies without your explicit consent.

How to manage and delete cookies?

Your browser settings allow you to block or delete cookies. For more information on how to adjust these settings, please refer to your browser's help or the official websites of the browser providers. You can change or withdraw your consent to cookie use at any time. Please note that some of our services may not function properly if you disable cookies.

This website may contain links to other websites. Please be aware that WELMEDIS is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information.

If you subscribe to our newsletter, we will use your e-mail address and other contact details to send you the newsletter. You can subscribe to the newsletter with your consent. Mandatory data for sending the newsletter are your full name and your e-mail address, which we store after your registration. The legal basis for the processing of your data in connection with our newsletter is your consent to the sending of the newsletter. You can revoke this consent at any time and unsubscribe from the newsletter.

If you have any questions about this privacy policy or data processing, please contact our DPO at

Domenig & Partner Rechtsanwälte AG
Laupenstrasse 1
3001 Bern
E-Mail: dpo@rgcc-international.com

We may revise this notice to reflect changes in data processing or in the law. Significant updates will be communicated to those whose data we hold, where reasonably possible. The version in force at the time of data processing will apply.

Last updated: 26/05/2025