Privacy Policy

This document outlines our policy regarding the personal data we collect from visitors to our website (hereinafter referred to as “users”).

The Data Controller of your personal data is the Physiatrist EUTHYMIOS KOULOULAS, based in Larissa, 23rd October Street, No. 15, VAT No. 068026437, Tax Office of Larissa, Email: info@physiatriki.gr.

In the course of the daily operations of our Medical Practice and our website, we process data concerning natural persons, including:

• Clients-Patients

• Visitors to our website

• Other interested parties (employees, suppliers)

Our Medical Practice complies with the General Data Protection Regulation (EU 2016/679 GDPR) and any other applicable European and national legislation relating to the protection of personal data, electronic communications, etc., and is committed to ensuring the protection of your data at all times:

• Data are collected for specific, clear, and legitimate purposes and are not further processed in a manner incompatible with those purposes.

• We collect only the necessary personal data for each processing purpose and process them lawfully, fairly, and transparently in relation to the data subjects.

• We ensure that the data are, to the extent possible, accurate and up to date, and we retain them only for as long as is necessary for the purposes for which they are processed.

• In any case, the retention period is determined taking into account compliance with legal obligations and the principle of data minimization.

• We process data both electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.

Collection, Purpose, Legal Basis, and Retention of Your Data

Data collected automatically through our website

The website https://www.physiatriki.gr/ uses the SSL (Secure Sockets Layer) protocol, which encrypts data exchanged between two devices (usually computers), establishing a secure connection that protects your personal data.

When you visit our website, our server collects server log files, specifically:

• Date and time of access

• Volume of data sent (in bytes)

• Browser and operating system used

• Internet Protocol (IP) address

Although we cannot identify you solely from this information, the IP address combined with the date and time of your visit is considered personal data. The legal basis for collecting and storing the IP address in log files is our legitimate interest in ensuring network, information, and service security (e.g., protection against DDoS attacks) and our legal obligation to provide a secure environment for processing your data (GDPR Art. 6(1)(f) and (c)). The data will not be transferred or used in any other way. However, we reserve the right to review server logs if specific indications of unauthorized use are identified.

Customer Data

When visiting our Medical Practice, we collect personal data such as full name, father’s name, email, postal address, gender, age, occupation, and any other information related to the provision of medical services to you.

The purpose of data processing is the provision of requested medical services. The legal basis is the execution of the contract between us (GDPR Art. 6(1)(b) and 9(2)(h)), as well as compliance with legal obligations. Data will be retained for as long as necessary, and possibly longer if legal claims arise.

Please note that we do not maintain a publicly accessible list of subscribers/users. Therefore, any personal data (e.g., usernames) displayed on our site is intended solely for the operation of the service and may not be used by any third party without compliance with data protection laws. The Data Controller acts in accordance with applicable law and best practices related to the Internet. Your data is securely retained for as long as you are subscribed to a service and deleted upon the termination of your relationship with us.

Data collected via email and the Contact Form

When communicating with us via email or our Contact Form, we collect your name, email address, and any other information you provide. This data is stored and used solely to respond to your inquiry. The legal basis for processing your personal data is your consent (GDPR Art. 6(1)(a)). Your data will be deleted once communication is complete, provided there are no legal retention requirements.

Newsletter Subscription

With your consent, we collect your email address to send you newsletters with updates and articles you may find interesting. The legal basis is your consent (GDPR Art. 6(1)(a)), which you may withdraw at any time.

Supplier Data

To execute our contracts, we collect supplier data such as name, address, contact details, shipping and financial information provided by you. The legal basis for processing is the performance of a contract and compliance with legal obligations (GDPR Art. 6(1)(b) and (c)). Data is retained for up to twelve years after the last service, or as required by tax or other legislation.

Access to and Transfer of Your Data

Your data is accessible to our employees and any other authorized personnel during the performance of their duties. We also collaborate with third parties—individuals or legal entities, professionals, independent consultants, etc.—who provide us with commercial, professional, or technical services (e.g., website hosting, accounting services, transportation). These parties may act as Joint or Independent Data Controllers, Processors, or authorized individuals processing data for the same purposes mentioned above, with the same security measures and in accordance with applicable law.

Before any third party receives your personal data, we:

1. Perform a privacy assessment to evaluate risks and privacy practices.

2. Obtain contractual guarantees that they will process personal data according to our instructions, comply with this Policy and applicable laws, notify us of any data protection or security incidents, cooperate in resolving such incidents, assist in responding to data subject rights, and allow audits of their compliance.

Data may also be disclosed to public authorities and institutions, as well as our legal advisors (lawyers and insurance providers), for legitimate purposes.

Other than the above, data will not be disclosed to third parties or disseminated.

We do not transfer personal data outside the EU. If necessary (e.g., for cloud services), this will be done under GDPR Articles 44 et seq., with your consent, standard contractual clauses approved by the European Commission, or to countries deemed secure by the European Commission.

Use of Cookies

To ensure proper website functionality and a better browsing experience, we use cookies. Cookies are text files stored on your computer by the web server when you visit our website, allowing the site to remember your actions and preferences for a period of time (e.g., personalization of online ads, traffic analysis, or other statistical uses). Only the Data Controller and authorized partners have access to cookie-related information.

You can manage or delete cookies according to your preferences. More information is available at: aboutcookies.org

Please note: if you disable cookies on https://www.physiatriki.gr/, some pages may lose functionality.

See which cookies we use: cookies pdf

Additional cookie management information:

• http://www.aboutcookies.org/default.aspx

• http://www.whatarecookies.com/

• https://www.google.com/about/company/user-consent-policy.html

• https://www.google.com/policies/technologies/cookies/

• http://www.google.com/intl/el/policies/privacy/partners/

Data Security and Integrity

The Data Controller implements reasonable technical and organizational security policies and procedures to protect personal data from loss, misuse, alteration, or destruction.

We also limit access to personal data to only those who need to know it. Individuals with access are required to maintain confidentiality.

Please note that internet data transmission is not entirely secure. While we do our best to protect your personal data, we cannot guarantee its security during transmission. Once we receive your data, we apply strict security procedures to prevent unauthorized access.

We make every reasonable effort to retain personal data only as long as necessary or until a deletion request is received—unless otherwise required by applicable law.

Links to Other Websites

Our website may contain links to other websites governed by different privacy statements. Please review the privacy policy of each site you visit before submitting any personal data. Although we aim to link to sites that respect privacy, we are not responsible for the content, security, or practices of other websites.

Children’s Data

When we need to process data of minors (e.g., minor patients), i.e., those under 15 years of age according to the GDPR, such processing is done only with the written and explicitly expressed consent of the individuals holding parental responsibility. We take reasonable steps to verify that such consent is valid, including identity checks.

Data Subject Rights

You may contact us by mail or email at the addresses mentioned in section (1) above to exercise your rights under Articles 15 et seq. of the GDPR. For example, you may request a list of people with access to your data, confirmation of whether your data is being processed, review its content, origin, accuracy, location (including any third country), request a copy, correction, restriction of processing, or deletion, where applicable. You may also submit complaints to the Hellenic Data Protection Authority, 1-3 Kifisias Avenue, GR 115 23, Athens, Tel: +30-210 6475600, or at http://www.dpa.gr/

Changes to This Policy

The Data Controller regularly reviews and may revise this Policy at our discretion. When changes occur, we will update the modification date in the Policy. The updated Policy applies from that date forward. We encourage you to periodically review this Policy to stay informed about how we handle your data. This Privacy Statement was last updated in April 2021.

Contact Us

If you have any questions, comments, or complaints regarding our handling or protection of your personal data, or if you wish to modify or exercise your rights as a data subject, please contact us at: info@physiatriki.gr