Privacy Policy

Privacy Policy of Supreme Physio Lab physiotherapy centre of Evangelos Dimou

(2, Paleon Polemiston Str., Glyfada, Attica, GR-16674).

This text provides any person interested in receiving the services of the Supreme Physio Lab physiotherapy centre of Evangelos Dimou (hereinafter 'the Centre') and all visitors/users of our website (https://www.supremephysiolab.gr/) with concise and clear information regarding the practices followed for the handling and protection of your personal data.

What is the purpose of this Policy?

The purpose of this Policy is to provide information about the way in which our customers' personal data are collected, stored, used and transmitted, the security measures taken by the Centre to protect the personal data, the reasons and the period for which they are stored, and the type of personal data collected. The Centre unilaterally reserves the right to update, amend, add, change its services and this Policy, from time to time, whenever it deems it necessary, without prior notice, always within the applicable legal framework and in accordance with any changes in the existing legislation on personal data protection. The Centre encourages all interested parties to regularly review this Policy, so as to keep track of all relevant changes.

What are personal data?

Personal data is information relating to an identified or identifiable living natural person whose identity can be verified. Different information which, if collected together, can lead to the identification of a specific person is also personal data.

How are personal data collected?

The personal data processed and stored by the Centre may be obtained:

• Orally, upon your arrival at the reception and service point of the Centre
• By phone when planning a visit to the Centre
• By filling out the documents that are intended to form your file, following information you give us, and those generated after your assessment by your physiotherapist, as well as the results of the diagnostic tests/examinations that you provide us upon your arrival
• When you send us an email to obtain information or use our services or make an online booking
• Through the special form to submit your complaints, evaluations, comments, etc
• Through the special form that is available on the Centre's website, by the persons accompanying you or having the legal right to act on your behalf if you are under 16 or are unable to provide those details yourself
• Automatically through the browser or mobile device you use to access our website
• Our Centre maintains pages on the following social media platforms:
  Facebook https://www.facebook.com/SupremePhysioLab/
  Instagram https://www.instagram.com/supremephysiolab/
• You can contact us through our website to receive more information about our services by selecting to send us a message. In order to answer your relevant enquiries, we collect and process your social media username and other information that is publicly available through your profile.

What personal data are collected and for what purpose?

The personal data collected by the Centre which are the subject of processing include the necessary information for the visit of a client and the handling of their file in order to optimally provide personalised services to clients.

In summary, the personal data collected (whether in paper or electronic format or a combination of both) and further processed include:

• the name, address and general contact details (including email address and telephone number). In particular, your full name and mobile phone number are additionally used to send you a relevant reminder SMS 24 hours before your next scheduled appointment;
• health data related to services provided by our Centre or health data for medical services that have not been provided by us, but have been reported to us either by you or by a third party;
• information you give us for our payment, such as bank card information;
• handling of your file if you have received physiotherapy services from our Centre. Your personal file is the point of collection and keeping of all the information recorded in each of your contacts with our Centre as a client and is created to support the initial assessment, the course and completion of your treatment, the safety and improvement of the health care provided. Your file also contains a record of health data (such as details of surgeries, previous health care, clinical symptoms, medical history, examination results, etc.) that you provide to us;
• submitting inquiries in relation to services connected to our Centre;
• in the case of visitors to our website, information is collected from the use of the website and all kinds of digital platforms that the Centre uses or may use in the future, in order to inform third parties about the services it provides. Specifically, technical information that constitutes personal data may be collected, such as the Internet Protocol address of the visitor's device (e.g. computer, laptop, tablet, smartphone), browsing patterns, information about the use of a website, browser history, geolocation data, HTTP protocol data, etc. This technical information is used for the smooth operation and performance of the website and electronic services, and is not permanently stored in the infrastructure of the Centre, while the data are kept in an aggregated form so that users cannot be identified.

Transmission to third parties

Personal data are collected and processed by the authorised employees of the Centre, who are committed to maintaining confidentiality for the sole purpose of providing the respective service. At your order, your personal data may be transmitted to third parties (e.g. other therapist or physician of your choice). However, the Centre reserves the right, in exceptional cases, to transmit your personal data without your consent, if this is required by law and/or by court decisions or prosecutorial orders/provisions.

The Centre undertakes not to market your personal data by making it available for sale/rent, giving/transferring/publishing or disclosing them to third parties or use them in any other way and for other purposes that may jeopardise your privacy, rights or freedoms, unless required by law, court decision/order, administrative act.

Legal Basis of Processing

The Centre obtains and processes personal data based on the following legal bases as part of its operation and for the fulfilment of its objective purpose (providing paramedical services):

• Article 6(1)(b) of the GDPR: the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering a contract
• Article 9(2)(h) of the GDPR: the processing is necessary for purposes of preventive or occupational medicine, medical diagnosis, provision of health or social care or treatment or management of health and social systems and services under the EU law or the law of an EU Member State or pursuant to a contract with a health professional
• Article 9(2)(f) of the GDPR: the processing is necessary for the establishment, exercise or support of legal claims or when the courts act in their jurisdictional capacity

How long are my personal data kept?

The retention period of the personal data of the clients who are treated or examined is 10 years, in accordance with the obligation imposed by the applicable legislation, unless there are legal proceedings pending, in which case the retention period is extended until the delivery of an irrevocable court decision. This period may also be extended in the case of repeated visits by clients, so that, if you come back to the Centre, we have all the data of previous visits to facilitate the provision of a more complete service to you.

After the retention period, the Centre ensures that personal data are anonymised or destroyed in a secure manner.

What are my rights? What can I do if I have an issue with the processing of my personal data?

You have the right at any time to ask us which of your personal data we process, for what purposes we process them, if we give them to third parties and to whom, and other relevant information. You also have the right to receive a free copy of your personal data upon your request. Other rights you have under the relevant legislation on the protection of personal data include the right to request the updating and/or rectification of your data, the termination and/or limitation of their processing and their erasure from the Centre's systems if there is no other statutory obligation to retain them. You also have the right to portability and/or to object to the processing of your personal data.

You can exercise all of your above rights by submitting a written request to dimou.dc@gmail.com.

Any request submitted should be accompanied by the appropriate proof of identification. The Centre may request the provision of additional information that is necessary to verify your identity.

In any case, you have the right to contact the competent Hellenic Data Protection Authority (HDPA, www.dpa.gr).

The Centre will make every effort to respond to requests without delay and in any case within one month of their receipt. This deadline may be extended by another two (2) months, taking into account the complexity of the request and the number of requests.

Are my data safe?

The Centre takes all appropriate organisational and technical measures designed to protect information from loss, misuse, unauthorised access, disclosure, distortion or destruction and cares for the legitimate and legal collection and processing of personal data, as well as their safe retention in accordance with the relevant provisions of both Greek, EU and international laws on the protection of individuals from the processing of personal data, and the decisions of the Hellenic Data Protection Authority, maintaining the privacy and confidentiality of any information of which it becomes aware.

Access to the contact information of visitors/users of our website is limited to authorised persons (employees), who are bound to maintain confidentiality under non-disclosure clauses, and is reasonably considered necessary for them to know such information to perform their work. Due to the importance of privacy and the protection of your private life, we carry out strict regular checks for the protection of your data, as well as periodic regular training of our staff for the correct observance of the procedures, as set forth in the applicable legislation.

Finally, we take all security measures (technical and organisational) for the security of data processing through Facebook and other Social Media, such as, for example, restriction of persons with access to the management of our Social Media account. The Centre is not liable whatsoever for the way in which social media platforms process your data. You can find out how social media platforms process your data in the respective privacy policies of Facebook, Instagram, ΥouTube.