Due to increasing economic and scientific collaborations, as well as the mutual provision of data processing services, the exchange of personal data is becoming more frequent—a trend that is further intensified by the ever-growing use of modern telecommunications media.

For these reasons, it is necessary that data processing is carried out with great care.

The Data Controller declares that compliance with the principles governing data protection is a core objective and has committed to respecting individual rights and privacy. The Data Controller handles personal data with particular diligence and always in accordance with Regulation (EU) 2016/679, the applicable National Law, and the prevailing legislation.

Definitions for the Purpose of this Notice:

  • Data Subject: Any natural person whose personal data are processed by or on behalf of the Company.

  • Personal Data: Any information relating to an identified or identifiable natural person, concerning their physical, physiological, psychological, emotional, or financial status, or their cultural or social identity.

  • Processing: Any operation or set of operations performed on personal data, such as collection, registration, storage, alteration, analysis, use, association, restriction (blocking), erasure, or destruction.

1. Data Controller and DPO

The Data Controller is Physiatrist Efthymios Kouloulas, based in Larissa, 15, 23rd October Street, Tax ID: 068026437, Larissa Tax Office.
Email: info@physiatriki.gr
(“Data Controller”).

2. Data We Process

With your consent, we process the following regular and sensitive personal data that you provide when interacting with the website (https://www.physiatriki.gr/) and using its features and services. This includes, but is not limited to, name, contact details, address, content of your messages or requests, and any additional data obtained by the Data Controller, including from third parties, during business operations (“Data”).

To fulfill your contact form requests or provide updates on adverse events, your consent is required for processing mandatory data marked with an asterisk (*).

Without these required fields or your consent, we cannot proceed further. Information not marked with an asterisk and your consent to receive marketing materials are optional, and non-provision has no consequence.

Even without prior consent, the Data Controller may process your data to comply with legal obligations under national or EU law, to exercise legal rights in court, or for legitimate interests, as per Articles 6 and 9 of the GDPR.

Processing is done using both electronic and paper-based systems and always includes appropriate security measures required by current legislation.

Why and How We Process Your Data

Your data are processed for the following purposes:

  • To handle requests submitted through the contact form, follow-up communications, or information provision.
    Legal basis: Your consent (Art. 6(1)(a), Art. 9(2)(a) GDPR) and the performance of a contract to which you are a party.

  • To manage adverse event reports submitted through the website.
    Legal basis: Your consent (Art. 6(1)(a), Art. 9(2)(a) GDPR), public interest (Art. 9(2)(i)), and legal obligations.

  • Additionally, with your optional consent:

    • For direct marketing purposes (Art. 6(1)(a) GDPR).

By selecting the appropriate checkboxes, you consent to your data being processed for these purposes.

Your data may also be processed without your consent to comply with legal obligations (Art. 6(1)(c) GDPR), to gather statistical data for the website’s proper functioning (Art. 6(1)(f) GDPR).

Personal data are entered into the Data Controller’s information system in compliance with data protection law, following principles of good practice, lawfulness, and transparency.

Data are retained only for as long as necessary to fulfill the collection purpose, following legal deadlines and principles of data minimization, storage limitation, and efficient record management.

All data are processed using manual or automated means with an appropriate level of security and confidentiality.

Principles Applied During Processing

We process personal data to provide personalized services in accordance with the law (Art. 6(1)(b) GDPR) and the applicable national implementation law. Data are not used for other purposes unless you provide prior consent or it is legally required.

  • Data must be used only for the purposes for which they were collected.

  • The principle of proportionality applies; no unnecessary data should be collected.

  • Data must be accurate and kept up to date.

  • Inaccurate or outdated data must be corrected or deleted.

  • Except where longer retention is required by law, data must not be stored longer than necessary.

  • Data processing must be in good faith, with data subjects able to trust that their data will be handled with care.

  • Upon request, data subjects have the right to information on the purposes, type, and recipients of their data, as well as the right to request correction, deletion, or non-disclosure.

  • These rights may be restricted only if provided by law (e.g., in scientific research).

Personal data are protected against unauthorized disclosure or unlawful processing. Implemented measures ensure a security level appropriate to the sensitivity of the data and the risk level.

The Data Controller is responsible for compliance with GDPR and national data protection law.

Our staff handling personal data are appropriately trained. When third parties process data, this is governed by written agreements ensuring secure and lawful processing. If a third party fails to ensure data protection, cooperation is terminated.

Data Access

Data are processed manually and electronically according to relevant procedures and are accessible to authorized Data Controller personnel, including IT staff, network and data security staff, administrative staff, and others who must process data to perform their duties.

Data may be shared with third parties in non-EU countries (“Third Countries”) under certain circumstances:
i) Public authorities or institutions;
ii) Independent professionals, consultants, and providers of IT or cloud services necessary for website operation;
iii) Third parties involved in mergers, acquisitions, audits, etc.

These recipients receive only the necessary data and are bound to process them exclusively for the aforementioned purposes and in compliance with data protection laws. No data are shared with unrelated third parties unless required by law.

For data transfers outside the EU, the Data Controller ensures legal mechanisms are followed, such as user consent, standard contractual clauses, participation in international frameworks (e.g., EU-US Privacy Shield), or transfer to countries deemed safe by the EU Commission.

Your Rights

You may request to exercise your rights under Articles 15–22 GDPR at any time. These include:

  • Right of Access: To be informed about your stored personal data, recipients, and processing purposes.

  • Right to Rectification and Completion: To correct inaccurate or incomplete data.

  • Right to Erasure: To delete your data, unless retention is legally required.

  • Right to Restriction: To restrict data processing under certain legal conditions.

  • Right to Withdraw Consent: At any time, without affecting the legality of prior processing.

  • Right to Object: To object to future data processing, unless there are overriding legitimate reasons. Objections to processing for advertising purposes must always be honored.

Requests must be submitted via your registered email to the addresses listed above, including a copy of your ID.

Data Security

The Data Controller applies technical and organizational measures to protect data from loss, misuse, alteration, or destruction. Partners supporting this website also comply with these security standards.

Data are retained only as long as necessary for their intended purposes or until deletion is requested, unless legal provisions require otherwise.

Updates to this Notice

We reserve the right to amend or revise this Statement at our sole discretion. Any changes will be marked by an updated revision date. You are encouraged to review this Statement periodically to stay informed about how your data are handled.

This constitutes a Statement of Compliance with Regulation (EU) 2016/679 and the relevant National Implementation Law.
July 2021