Call us

Privacy Policy

Terms of Use & Personal Data Security Policy & Privacy Notice Data Protection Policy

This document describes our policy regarding the personal data we collect from visitors to our website (hereinafter, the “users”).

Data Controller

The controller of your personal data is PSYCHIATRIC CLINIC OF DRAMA S.A. – AGIA IRINI, registered office: 6th km Drama–Kavala, 66100 Drama, Greece, VAT No. 094452065, Tax Office Drama, email: gram@agiairiniclinic.gr.

In the normal course of our operations and website activities, we process personal data relating to natural persons, including:

  • Patients / clients
  • Visitors to our website
  • Other interested parties (e.g., employees, suppliers)

Our Clinic complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and all other applicable EU and national legislation concerning the protection of personal data and electronic communications. We are committed to safeguarding your data at all times by ensuring that:

  • Data are collected for specific, explicit and legitimate purposes and are not further processed in a way incompatible with those purposes.
  • We collect only the minimum data necessary for each processing purpose and process them lawfully, fairly and transparently.
  • We take reasonable steps to keep data accurate and up to date, and we retain them only for as long as necessary for the purposes for which they are processed.
  • Retention periods are determined with due regard to legal obligations and the principle of data minimisation.
  • We process data by electronic and manual means and apply appropriate technical and organisational measures to protect them against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Collection, Purpose, Legal Basis and Retention

1) Data collected automatically via our website

Our website https://www.agiairiniclinic.gr/ uses SSL (Secure Sockets Layer) to encrypt data exchanged between devices, establishing a secure internet connection and protecting your personal data.

When you visit our website, our server records server log files, including:

  • Date and time of access
  • Volume of data sent (bytes)
  • Browser and operating system used
  • IP address at the time of access (note: an IP address can be personal data when combined with date/time)

Legal basis: our legitimate interests in ensuring the security of networks, information and services (e.g., protection against DDoS attacks) and our legal obligation to provide a secure processing environment (GDPR Art. 6(1)(f) and 6(1)(c)). These data are not transferred or used for any other purpose. We reserve the right to review log files if there are specific indications of unauthorised use.

2) Patient / client data

When you visit our Clinic, we collect personal data such as name, father’s name, email, postal address, gender, age, profession, address, and any other information necessary for the provision of medical services.

Purpose: provision of the requested services and compliance with legal obligations.
Legal basis: performance of a contract (GDPR Art. 6(1)(b)) and, where applicable, special category data processing for health care purposes (GDPR Art. 9(2)(h)), as well as compliance with legal obligations.
Retention: for the period required by law and, where necessary, longer in case of legal claims.

We do not maintain a publicly accessible directory of user email addresses. Any personal data appearing on our pages are used solely to ensure proper service functionality and are not used by third parties contrary to data protection laws. Your details are kept securely for as long as you are registered for a service and are deleted after your relationship with the Controller ends.

3) Data collected via email and the Contact Form

When you contact us by email or through the website contact form, we collect your name, email address, and any information you provide.

Purpose: to respond to your enquiry.
Legal basis: consent (GDPR Art. 6(1)(a)).
Retention: your data are deleted once the communication has been concluded, unless a longer period is required by law.

4) Newsletters

With your consent, we collect your email address to send newsletters with Clinic updates and informative articles.

Legal basis: consent (GDPR Art. 6(1)(a)).
You may withdraw consent at any time.

5) Supplier data

We collect supplier details (name, address, contact details, delivery information, financial data) to perform our contract and comply with legal obligations (GDPR Art. 6(1)(b) and 6(1)(c)).

Retention: up to twelve (12) years from the last provision of services, or as required by tax and other applicable laws.

Access to and Disclosure of Your Data – Data Transfers

Your data may be accessed by our staff and any other person authorised to process data in the course of their duties. We also cooperate with third parties (natural or legal persons), professionals and independent consultants who provide commercial, professional or technical services (e.g., website hosting, accounting, transport). Depending on the case, such parties act as Joint or Independent Controllers, Processors, or authorised persons, and process personal data for the purposes stated above, applying the same security measures and complying with legal obligations.

Before any third party receives personal data, we:

  1. carry out appropriate due diligence on privacy and security practices; and
  2. obtain contractual assurances that they will process personal data only on our documented instructions, promptly notify us of any data protection incidents, assist with remediation and data subject rights, and allow audits regarding compliance.

Data may also be disclosed to public authorities and institutions, as well as to our legal advisers (lawyers, insurers) for lawful purposes.
Other than the above, data will not be disclosed to third parties or disseminated.

We do not transfer personal data outside the EEA. If this becomes necessary (e.g., use of cloud services), any transfer will comply with GDPR Arts. 44 et seq. (e.g., Standard Contractual Clauses, adequacy decisions, or consent).

Cookies

To ensure proper website functionality, better navigation and improved services, we use cookies. Cookies are small text files stored on your device when visiting our site, enabling, for example, personalised online advertising, traffic analysis, other statistics, and delivery of requested services. Only the Controller and specifically authorised partners have access to cookie-related information.

You can control and/or delete cookies as you wish (see aboutcookies.org). If you disable cookies for https://www.agiairiniclinic.gr/, some website functions may be impaired.

See the cookies we use here:
https://www.agiairiniclinic.gr/ανάλυση-cookies/

Further information on cookie use and management:

Google policies:

Data Security and Integrity

We implement appropriate technical and organisational security measures to protect personal data against loss, misuse, alteration and destruction. Access to your data is restricted to those who need to know and are bound by confidentiality obligations.

Please note that transmission of information over the Internet is not entirely secure. While we strive to protect your data, we cannot guarantee the security of data transmitted to our website. Once received, we apply strict procedures and security features to prevent unauthorised access.

We make every reasonable effort to keep personal data only for as long as necessary for the purpose collected, or until deletion is requested (if earlier), unless retention is required by law.

Links to Other Websites

Our website may contain links to other sites governed by their own privacy statements, which may differ from this Privacy Policy. Please review the privacy policy of any site you visit before submitting personal data. While we aim to link only to sites that share our standards, we are not responsible for the content, security or privacy practices of other websites.

Children’s Data

Where we need to process data of minors (e.g., minor patients), processing is carried out only with the written, explicit consent of the person(s) holding parental responsibility. We take reasonable steps to verify that consent is given or authorised by the person who actually holds parental responsibility (e.g., ID check and any other available evidence).

Your Rights

You may contact us by post or email (see “Data Controller” above) to exercise your rights under GDPR Arts. 15–22, including to:

  • request confirmation whether we process your personal data;
  • access your data and obtain a copy;
  • know the purposes, categories, recipients (including any third countries), and retention periods;
  • rectify inaccurate or incomplete data;
  • restrict processing;
  • erase data (where applicable).

You may also lodge a complaint with the Hellenic Data Protection Authority, 1–3 Kifissias Ave., GR-115 23 Athens, Tel: +30 210 6475600, http://www.dpa.gr/.

Marketing/consent: You may withdraw your consent at any time for future processing. If we process data based on Art. 6(1)(e) or 6(1)(f) GDPR (public interest/legitimate interests), you have the right to object at any time; we will cease processing unless we demonstrate compelling legitimate grounds. Processing for direct marketing will cease upon objection.

Changes to this Policy

We review this Policy regularly and may amend it from time to time at our discretion. We will record the date of modification or revision, and the updated Policy will apply from that date. We encourage you to check this page periodically to stay informed about how we handle your personal data.
Last updated: July 2023.

Contact Us

If you have any questions, comments or complaints about how we handle or protect your personal data, or if you wish to amend your data or exercise any data subject right, please contact us at: gram@agiairiniclinic.gr.

Controller’s “Personal Data Protection” Statement

The growth of economic and scientific cooperation and the increasing use of modern telecommunications mean that the exchange of personal data is becoming more common. For these reasons, data processing must be carried out with care.

The Controller affirms its commitment to comply with data protection principles and to respect individual rights and privacy. We handle personal data with particular diligence and always in accordance with EU Regulation 2016/679, the applicable national implementing law, and relevant legislation.

Definitions (for the purposes of this Statement)

  • Data Subject: any natural person whose personal data are processed by or on behalf of the Company.
  • Personal Data: any information relating to an identified or identifiable natural person, including aspects of their physical, physiological, psychological, emotional or economic status, as well as cultural or social identity.
  • Processing: any operation performed on personal data, such as collection, recording, storage, alteration, analysis, use, disclosure, restriction, deletion or destruction.
  1. Controller and DPO

The Data Controller is PSYCHIATRIC CLINIC OF DRAMA S.A. – AGIA IRINI, 6th km Drama–Kavala, 66100 Drama, VAT 094452065, Tax Office Drama, email gram@agiairiniclinic.gr.

  1. Data we process

With your consent, we process ordinary and special-category personal data that you provide when interacting with https://www.agiairiniclinic.gr/ or our services and functions (e.g., name, surname, contact details, address, the content of your requests/reports), as well as additional data we may obtain in the course of our activities (including from third parties). Fields marked with an asterisk (*) are mandatory for us to fulfil your request. Without these data or consent, we cannot proceed. Optional fields and marketing consent are not required.

We may also process your data without prior consent where necessary to comply with laws/regulations/EU law (Art. 6(1)(c) GDPR), to pursue legitimate interests (Art. 6(1)(f)), or for statistics on website use and proper operation.

Processing is carried out electronically and on paper, with security measures required by law.

  1. Why and how we process your data

We process data to:

  • handle requests submitted through the Contact Form, follow up with you, and provide information (consent: Art. 6(1)(a); for special-category data Art. 9(2)(a); and, where applicable, contract performance);
  • manage reports (e.g., adverse events) submitted via the Website or forms (consent: Art. 6(1)(a) and 9(2)(a); and, where applicable, public interest in public health: Art. 9(2)(i); and legal obligations);
  • with your optional consent, send direct marketing material.

Data may also be processed, without consent, for compliance with legal obligations (Art. 6(1)(c)) and for legitimate interests such as website statistics and proper operation (Art. 6(1)(f)).

Data are entered into our information systems in full compliance with data protection law, following principles of good practice, lawfulness and transparency. We retain data only as long as necessary for the purposes collected, taking into account statutory deadlines and the principles of minimisation, storage limitation and sound file management. Processing is performed by manual or automated means ensuring appropriate security and confidentiality.

  1. Principles applied to processing

We process personal data to provide personalised services lawfully (GDPR Art. 6(1)(b) and applicable national law). Data are used only for the purposes described, unless further use is permitted by law or with your prior consent. Processing adheres to the principles of purpose limitation, proportionality, accuracy, storage limitation, good faith, fairness and transparency. Data subjects are informed upon request and may exercise the rights set out above. Restrictions may apply only where provided by law (e.g., scientific research). Personal data are protected against unauthorised disclosure and unlawful processing, with measures proportionate to the nature of the data and risks involved. The Controller is responsible for GDPR compliance; staff are appropriately informed and trained; third-party processing is governed by written contracts ensuring adequate security and compliance. Cooperation is terminated if a third party cannot ensure an appropriate level of protection.

  1. Persons with access to data

Data are processed by electronic and manual means by authorised staff of the Controller (e.g., technical personnel, information and network security staff, administrative staff) and any other personnel who must process data to perform their duties.

Data may also be disclosed, including to third countries outside the EU, to:
i) institutions, authorities and public bodies for institutional purposes;
ii) professionals, independent consultants and other providers supporting website operation (e.g., IT services, cloud computing) for the purposes stated;
iii) third parties in the context of mergers, acquisitions, business transfers, audits or similar events.

Recipients receive only the data necessary for their functions and process them for the specified purposes in line with data protection laws.

For transfers outside the EU/EEA, even to countries without an EU-adequate level of protection, the Controller will use GDPR-compliant mechanisms (e.g., Standard Contractual Clauses, adequacy decisions, user consent).

  1. Your rights (detail)

You may at any time exercise your rights under GDPR Arts. 15–22 (access, recipients, purpose, rectification, restriction, deletion). Please send your request from the contact email you have provided, attaching proof of identity, to the addresses shown above. You retain the rights set out by applicable data protection laws, including the right to object and to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

  1. Security of personal data

We apply specific technical and organisational procedures to protect personal data against loss, misuse, alteration or destruction. Our partners supporting this website also comply with these provisions. We retain personal data only for as long as needed for the purpose collected, or until deletion is requested (if earlier), unless further retention is required by law.

  1. Revisions to this Statement

We reserve the right to amend or revise this Statement periodically at our discretion. Any changes will be recorded with the date of modification, and the updated Statement will apply from that date. We encourage you to review this Statement periodically to stay informed about how we manage your personal data.
This Statement constitutes a Compliance Declaration with EU Regulation 2016/679 and the applicable national implementing law.