DATA PROTECTION POLICY
This describes our policy regarding the personal data we collect from visitors to our pages (hereinafter referred to as “users”).
The data controller is the orthodontic specialist ELENI MERETI, based in Alexandroupolis, str. Mazaraki 11, with Tax ID 119296031 D.O.Y. Alexandroupolis, and e mail: info@orthodontikos-alexandroupoli.gr
In the daily activities of our clinic and our website we process data concerning natural persons, including:
- Clients-Patients
- Visitors of our website
- Our customers, visitors to our website, visitors to our website, our customers and visitors to our website
Our clinic complies with the General Data Protection Regulation (2016/679 EU GDPR) and any other European and national legislation regarding the protection of personal data, electronic communications, etc. and is committed to ensuring at all times the protection of your Data:
- The data are collected for specific, explicit and legitimate purposes and are not further processed in a way incompatible with those purposes.
- We collect the personal data necessary for each processing purpose and process them lawfully, fairly and in a transparent manner in relation to the data subjects.
- We ensure that it is, as far as possible, accurate and up to date and we keep it only for the time necessary for the purposes for which it is processed.
- In any case, the criterion we use to determine the storage period is based on and takes due account of the need to comply with any relevant legal requirement and the principle of data minimisation.
- We process the Data electronically and manually and take all appropriate measures to protect Personal Data, including against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Collection, purpose, legal basis of processing and time of retention of your data
Data we collect automatically through our website
The https://www.orthodontikos-alexandroupoli.gr/ uses the SSL (Secure Sockets Layer) protocol which uses methods of encryption of data exchanged between two devices (most commonly Computers), establishing a secure connection between them over the internet, which results in the protection of your personal data.
When you visit our website https://www.orthodontikos-alexandroupoli.gr/ , our server collects so-called server log files, (log files), namely:
- Date and time of entering the website.
- The volume of data sent in bytes.
- The browser and operating system you used to enter the website.
- Internet Protocol (IP) address when you enter the website. The IP address is personal data along with the date and time of your visit, although we cannot track you with this data alone.
The legal basis for which we collect your IP address and keep it in special files (logs) is our legitimate interest in processing this data in order to ensure the security of networks, information and services against accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity and confidentiality of the stored or transmitted data (e.g. ddos “denial of service” attack control), as well as our legal obligation to provide a service to you, and to provide you with a secure and reliable service. However, we reserve the right to check server logs (server logs) if specific indications of unauthorized use are detected.
Customer Data.
When you visit our Medical Office, we collect personal data such as your full name, maiden name, e-mail, mailing address, gender, age, occupation, address, and any other information related to the provision of medical services to you.
The purpose of processing your data is to provide you with the requested medical services and the legal basis of the processing is the performance of the contract between us (Articles 6(1b) and 9(2) GDPR), as well as our compliance with legal obligations. The retention period for your data is the period required by law and longer if legal claims arise.
Please note that we do not have a publicly accessible list of e-mail addresses of our subscribers/users. Therefore, any personal data (e.g. access names, etc.) that appear anywhere on the pages and services of the website of the Data Controller are solely intended to ensure the operation of the respective service and may not be used by any third party without complying with the provisions of the legislation on the protection of personal data processing, as applicable at any given time. The Data Controller shall act in accordance with the applicable legislation and shall aim at the best implementation of good practice as far as the Internet is concerned. Your personal data is kept securely for as long as you are registered with a service of the Data Controller and is deleted after your business relationship with the Data Controller has ended in any way.
Data we collect via email and the Contact Form
In the context of communication between us via email and the Contact Form, we collect your name, email address and any other information you provide to us. This data is stored and used solely to respond to your request. The legal basis for processing your personal data is your consent (GDPR, Article 6(1a)). Your data will be deleted after the final processing of our contact. This will happen after the purpose and scope of our communication has been completed, provided that there are no legal requirements for the storage of such data.
Send newsletter
With your consent we will collect your e-mail address in order to send you our newsletter with our news and articles you may find interesting. The legal basis for the processing is your consent (GDPR, Article 6(1a)) and you have the right to withdraw it at any time.
Supplier data
For the performance of the contract between us we collect the data of our suppliers such as name, address, contact details, shipping details, financial data, which you provide to us yourself. The legal basis for the processing of your data is the performance of the contract and our compliance with legal obligations (GDPR Article 6(1b) and (c)), and we retain them for a period of up to twelve years from the last provision of services, or as long as required by tax and any other relevant legislation.
Who has access to your data. Data transfers.
Your data can be accessed by our employees and any other person authorised to process your data in the course of their duties. In addition, we cooperate with third parties, natural or legal persons, professionals, independent consultants, etc. who provide us with commercial, professional or technical services (e.g. website hosting, accounting services, transport services) for the purposes mentioned above, and support our business, in whole or in part, in connection with our activities. Where applicable, these natural/legal persons will act as Joint or Independent Data Controllers, Processors or persons authorised to process the personal data for the same purposes listed above, with the same security measures and in accordance with the applicable legal obligations.
Before the third party receives the Personal Data, we must: (1) complete a privacy audit to assess the privacy practices and risks associated with these third parties; (2) obtain contractual assurances from these third parties that they will process Personal Data in accordance with our instructions and in accordance with this Policy and applicable law, that they will promptly notify our business of any Privacy or Security Incidents, failure to comply with the standards set forth in paragraph (1), or failure to comply with the standards set forth in paragraph (2).
Finally, the data may be further transmitted to public authorities and institutions, as well as to our legal representatives (legal and insurance companies), for legitimate purposes.
Apart from the above, the Data will not be disclosed to third parties, individuals or legal entities and will not be disseminated.
Our business does not transfer Personal Data outside the EU, and if we need to (for example, in order to use Cloud services) this will be done on the terms and conditions set out in Articles 44 et seq. of the GDPR, such as with your consent, the application of standard contractual clauses approved by the European Commission or to countries deemed safe by the European Commission.
Use of cookies
In order for the website to function properly and to provide you with a better navigation experience, as well as to better provide our services, we use cookies. Cookies are text files containing information that the web server of the Controller stores on your computer when you visit this website. In this way, the website remembers your actions and preferences for a period of time in order to e.g. personalise online advertisements, traffic analysis or other statistical analysis, and provide the services you have requested. This way you do not have to enter these preferences every time you visit the website or browse its pages. Only the Data Controller and its specifically authorised partners have access to any information concerning cookies.
You can control and/or delete cookies according to your wishes. Details can be found on the website: aboutcookies.org. Should you choose to disable cookies on https://www.orthodontikos-alexandroupoli.gr/en the functionality of some pages may be lost or reduced.
See here which cookies we use:
More information about the use and management of cookies on the website can be found on the websites:
About cookies and their management:
http://www.aboutcookies.org/default.aspx
http://www.whatarecookies.com/
About Google’s policy:
https://www.google.com/about/company/user-consent-policy.html
https://www.google.com/policies/technologies/cookies/
http://www.google.com/intl/el/policies/privacy/partners/
Security and Integrity of Data
The Controller shall implement reasonable technical and organisational security policies and procedures to protect personal data and information from loss, misuse, alteration or destruction.
In addition, we strive to ensure that access to your personal data is limited to those who have a need to know it. Individuals who have access to the data are required to maintain the confidentiality of that data.
Please be aware that the transmission of information over the internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of the data transmitted on our website. After receiving your information, we will implement strict security procedures and operations to try to prevent unauthorized access.
We make every reasonable effort to keep the personal data we collect from you only for the period for which we need that data for the purpose for which it was collected or until we are requested to delete it (if sooner), unless we continue to keep it as required by applicable law.
Links to other websites
Our website may contain links to other websites that are governed by other privacy statements whose content may differ from this Privacy Statement. Please review the privacy policy of each website you visit before submitting any personal data to that website. Although we strive to provide links only to websites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of other websites.
Minors’ data
Where we need to process data of minors (e.g. data of minor patients), i.e., in the GDPR, those who have not reached the age of 15, the processing is only done with the written and explicitly expressed consent of the persons having parental responsibility for the minor. In any case, we make reasonable efforts to verify that consent is given or approved by the person who actually has parental responsibility for the child, i.e. by checking identity and any other available information.
Rights of Subjects
You may contact us by post or email at the addresses listed in paragraph (1) above to exercise your rights under Articles 15 et seq. of the GDPR. You may, for example, request an up-to-date list of the persons who have access to your data, obtain confirmation as to whether or not we are processing personal data relating to you, check its content, source, accuracy and location (also in relation to any third country), request a copy, request a copy of your data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data, request a copy of your personal data. Similarly, you can always report comments and file complaints to the Hellenic Data Protection Authority, Λεωφ. Kifissias 1-3, GR 115 23, Athens, Athens, Phone: + 30-210 6475600 or http://www.dpa.gr/
Changes to this Policy
The Controller shall subject this Policy to frequent review and may amend or revise this Policy periodically at our discretion. When we make any changes, we will record the date of the modification or revision in the Policy. The updated Policy will apply to you and your information as of that date. We encourage you to review this Policy from time to time to consider whether there are any changes to the way we handle your personal data.
This Statement was last updated in June 2023.
Contact us
If you have any questions, comments or complaints about our handling or protection of your personal data, or if you wish to amend your personal data or exercise any of your rights as a data subject, please contact us at Ε-mail: info@orthodontikos-alexandroupoli.gr
