Privacy Policy

The Greek sole proprietorship (medical practice) with the name “ATHANASIOS EYTHYMIOU”, with the corporate purpose of providing medical advice and services in the specialty of Pathology (main activity), Education services through training seminars, other services related to human health, visiting and support services for people with disabilities and guidance services for people with problems (secondary activities) and in particular internal pathology services with full pathological evaluation, diagnosis, treatment and follow-up (monitoring, re-evaluation of clinical picture), lifestyle modification approaches (diet, exercise, smoking, lifestyle medicine modification), home visits upon request, lifestyle modification approaches (diet, exercise, smoking, lifestyle medicine modification) and Health Coaching services, which is located in Athens, Spirou Mercouri Street No. 35-37, contact address efthimiou.md@gmail.com main and owner of the website https://thanosefthimiou.gr/ , is concerned about privacy issues and has as its priority the safeguarding of your personal data. For this reason, we make every effort, when collecting and processing the personal data you provide us, to ensure the highest level of security.

The management and protection of the personal data of the customers of this website is subject to the terms of this privacy policy as well as to the provisions of national, Community and international law on the protection of individuals with regard to the processing of personal data, as applicable.

Any possible future relevant legislation will be subject to this privacy policy. In any case, the company reserves the right to change the terms of protection of personal data to comply with the current legal framework.

These personal data protection terms may therefore be subject to review and update at any time. Our company. For this reason, we recommend that you periodically check these terms for any changes, as your continued use of the website implies your acceptance of all possible modifications

By using the website https://thanosefthimiou.gr/ and providing your personal data to us and by giving your explicit consent when you register as a user, you declare that you have been fully and clearly informed of the terms included in it, that you are aware of your legal rights and that you give your consent to the processing of your personal data by the company.

 

1. What is personal data?

The term “personal data” means any information that can identify you directly (e.g. your full name) or indirectly (e.g. your telephone number). This means that personal data includes, but is not limited to, information such as email address, home address, usernames, personal preferences and shopping habits.

The person (natural person) to whom the data refers is called the data subject.

 

2. What is data processing?

Data processing is any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission to third parties, dissemination, alignment, combination, restriction, erasure and destruction of personal data.

Any natural or legal person in the public or private sector who holds and processes personal data is called a controller.

Any natural or legal person in the public or private sector to whom the processing of data on behalf of the controller is entrusted shall be called a processor.

 

3. What data do we process about you?

The website https://thanosefthimiou.gr/ is designed so that you are able to visit it without necessarily providing your personal data if you do not wish to do so. The company ATHANASIOS EYTHYMIOU as the controller, collects the personal data of visitors/users of the above website only when they themselves voluntarily provide them and only for the processing purposes stated herein.

Our business collects three types of information about customers:

  1. Information that the visitor gives us when registering as a user.
  2. Information that the visitor/user provides us for the registration to the newsletter service of the company.
  3. Data that the visitor/user provides us through the acceptance of cookies.

The personal data that may be collected are the following:

  • Full name
  • Address of residence
  • Postal Code
  • E-mail address
  • Contact telephone number
  • IP address

Personal Data of Patients of a medical practice

(a) “Personal data”. 1 of Regulation 2016/679 – GDPR, defines that “personal data is any information relating to an identified or identifiable natural person (“data subject”); an identified natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person’.

(b) “Health data – medical data”. According to Article 4.15 of Regulation 2016/679 – GDPR, “health-related data are personal data relating to the physical or mental health of a natural person, including the provision of health care services, and which reveal information about the state of health of that person”.According to Article 4.15 of Regulation 2016/679 – GDPR, “health-related data are personal data which relate to the physical or mental health of a natural person, including the provision of health care services, and which reveal information about the state of health of that person. In the past, the definition of health data given by Council of Europe Recommendation NoR (97) 5 was as follows: “Health or medical data means everything that has a clear or close connection with health, all information relating to the biological, mental or psychological state of a person, past, present or future”.

Moreover, this information concerning a person’s health does not only concern “strictly speaking” medical operations, such as the results of medical examinations, keeping a patient’s file, etc., but now covers a wider range of information. That is, ‘information about a person’s health which is generated and used in the environment of the doctor’s office and hospital, but also in connection with the management of medical/pharmaceutical services and benefits and/or in the context of insurance relationships and contracts’. Health data also includes information on the state of health of an individual and on the use of certain substances, such as medicines, drugs, alcohol, smoking, etc. (c) “Sensitive personal health data”: according to the Data Protection Authority (DPA), “information relating to an individual’s health constitutes ‘sensitive’ personal data. Health means any information that goes back to both the biological and psychological state of a person’s health (e.g. disability, incapacity). Health data also includes genetic data, insofar as they reveal information about health or predisposition to disease. Biometric data, where it reveals the existence or predisposition to a disease or reveals the genetic identity of a person, also falls under sensitive personal health data. Finally, data held in the records of donors and recipients of human tissues and organs also fall under sensitive personal data.”

(d) “Genetic data”: according to Article 4 par. 13 of Regulation 2016/679 – GDPR, genetic data are “personal data concerning the genetic characteristics of a natural person, inherited or acquired, as resulting, in particular, from an analysis of a biological sample of that natural person, which provide unique information about the physiology or health of that natural person”.

(e) “Biometric data”. 14 of Regulation 2016/679 – GDPR, defines biometric data as “personal data which result from specific technical processing linked to the physical, biological or behavioural characteristics of a natural person and which allow or confirm the unambiguous identification of that natural person, such as facial images or fingerprint data.”

Such personal data may be given either by mail or in person in paper or electronic form or verbally in person or remotely by telephone or other means (e.g. Skype, Viber, Zoom, etc.).

The above medical data of the patients of the clinic’s clients may be collected in order to be used for statistical and research purposes only by the company, after being necessarily anonymized. A prerequisite is the prior written consent of the patient/client of the practice.

4. What is our cookies policy?

This website uses cookies so that we can improve the services we offer you and provide you with certain features that you may find useful.

Cookies are small text files that are stored on the hard drive of each visitor/user and do not take note of any document or file from their computer. They are used to facilitate the visitor’s/user’s access to the use of specific services and/or pages of the website , for statistical purposes and in order to determine which areas are useful or popular. This information may also include the type of browser used by the visitor/user, the type of computer, its operating system, the internet service providers and other such information. In addition, the website’s information system automatically collects information about the sites visited by the visitor/user and about the links to third-party websites that the visitor/user may select through the use of the website.

This website uses 4 different categories of cookies:

  1. Absolutely Essential Cookies

We use these cookies to ensure the proper functioning and to improve the security of this website. These cookies are mandatory and cannot be disabled on this website

  1. Statistics Cookies

Our company uses statistical cookies in order to improve the quality of the services we provide online, using analytics, survey pop-ups and overall monitoring of website performance and availability. Statistics cookies help website owners understand how visitors interact with pages by collecting and reporting information anonymously. These cookies are optional and you can opt out of providing your consent to their use by choosing to exclude them in your ”cookie settings”.

  1. Preference Cookies

The company uses functionality cookies to store your credentials on our website the next time you visit it. Preference cookies allow a website to remember information that changes the way the website behaves or looks, such as your preferred language or the region you are in In addition, we use these cookies to enhance your user experience by storing certain choices you make. These cookies are optional and you can opt-out of them by choosing to opt-out of them in your ‘cookie settings’.

  1. Marketing Cookies

In order to optimise your experience as a user of the company’s website, these cookies are used to keep a record of the pages you have visited or to provide you with the pages closest to you. This may also result in targeted advertisements when you visit websites other than this https://thanosefthimiou.gr/. The above cookies also enable you to share and share on social media the pages of the site that interest you

Our website may display content from external providers, e.g. YouTube, Facebook, Tik-Tok, Instagram and Twitter. To view third-party content, you must first accept the terms and conditions set by them. These include their cookie policy, which is beyond our control. However, if you do not view this content, no third-party cookies are placed on your device.

In case you do not wish to collect information through cookies, you have the possibility through the settings of your web browser to choose to delete existing cookies, to accept or reject each specific cookie or to automatically reject all future cookies on your computer with the inevitable consequence of making it more difficult or even impossible to use certain functions of this website. Under no circumstances do we make use of cookies beyond those for which you have given your consent.

For further information about cookies and their individual applications you can visit  www.allaboutcookies.org

5. How does the newsletter service work?

The company provides the users of its Website the possibility of sending a newsletter to their e-mail address if they declare that they wish to benefit from this service. The sending of newsletters by the company is fully compatible with the mailing regulations.

You therefore have the possibility, if you wish, to request to be informed about the new services offered by the private company of Dr. Athanasios Efthymiou on the market and about any other offers, by sending promotional-informative messages to your e-mail or postal address or by telephone. There will be no abusive use of this service.

The company uses the Mailchimp service to manage its newsletter. When you register as a user you are given the option to subscribe to the newsletter. If you choose to do so, a message will be sent to your email address in order to provide us with your explicit consent for the periodic sending of the newsletter. The user of the service can in any case and at any time request to stop receiving promotional messages, since each message includes the option to withdraw consent. For any issue that may arise, you can contact the company either by e-mail efthimiou.md@gmail.com or by telephone service line 6983166193, 2107235346.

6. For what purpose do we process your data?

We collect and process your personal data solely for the following purposes:

  1. The establishment, maintenance and performance of the commercial relations between us. The data you provide us with will be used for the proper preparation and execution of service contracts and related actions (customer identification when necessary, etc.).
  2. The organization of training seminars and exhibitions. Your data is necessary for us to contact you to inform you about the times and venues of the seminars and exhibitions as well as for the issuance of the relevant certificates of attendance.
  3. The promotion and advertising of our services. We may ask for your consent in order to use your data to send you targeted or generic advertising and promotional material about new products or special offers on our website (by mail, e-mail, fax, SMS, etc.).
  4. Statistical research. Your personal data for which you have provided your consent helps us to monitor the traffic on our website.
  5. Mandatory compliance with applicable legislation. Our company processes the personal data you provide us with in order to comply with the requirements of the applicable legislation (issuance of receipts, accountability principle, data retention for a minimum period of time, etc.).

7. What is the lawful basis for processing the data?

The collection and processing of data is carried out for the support and monitoring of your transactional relations with the company, the preparation and execution of the contract between us, the organizational needs of individual seminars or reports and the best service to you and has as its legal basis your prior explicit consent regarding the type of data and the purposes of processing, within the framework of the applicable legislation.

8. Who are the recipients of your data?

Recipients of the data are: (A) The company named ATHANASIOS EYTHYMIOU, and the absolutely necessary personnel of the company, who are bound by confidentiality, (B) our partner companies, which process your data as processors on our behalf and in accordance with our instructions, (C) public or judicial authorities or independent authorities, if it results from a provision of law or a prosecutor’s order or a court decision/order.

9. How do we ensure that processors respect your data?

The processors have agreed and contractually bound themselves to our company:

  • Maintain confidentiality.
  • Do not share data with third parties without the company’s permission.
  • Take appropriate security measures.
  • Comply with the legal framework for the protection of personal data.
  • Not to process beyond what the company authorises in accordance with the processing purposes.

10. For how long are your data kept?

Personal data concerning visitors to our website are collected and kept for the absolutely necessary time required for the above processing purposes and then deleted.

The duration of data processing is determined by the retention obligation imposed by the applicable legal framework. In any case, our company shall retain the data for at least as long as the contract lasts and as long as legal claims arising from it may arise. In the case of training seminars or exhibitions, the data of the participants are also retained after the end of the specific events for as long as legal claims may arise. It is also possible to extend the period of data retention for reasons of proof before the courts regarding the fulfilment of the company’s contractual obligations or for reasons of compliance with the recommendations of public or independent authorities.

11. Is your data safe?

Our company is committed to safeguarding your personal data. To protect the personal data of visitors/users of our website, we use a secure connection (https://) via SSL (Secure Socket Layer) technology. The company uses the SSL protocol for its online store, for secure on-line commercial transactions. In this way all personal information of the visitor/user, including credit card number, name and address, is encrypted so that it cannot be read or changed during transfer on the Internet. The Secure Sockets Layer (SSL) protocol is now a global standard on the Internet for authenticating websites when they are used by network users, for encrypting data between network users and web servers. An encrypted SSL communication requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus protecting personal information during transmission. In addition, all information sent using the SSL protocol is protected by a mechanism that automatically verifies whether the data has been changed in transit.

This website, https://thanosefthimiou.gr/, has an SSL certificate from COMODO, which is a freely accessible automated certification authority of the Internet Security Research Group (ISRG).

We also take all necessary data security measures to prevent the risk of loss, misuse, unauthorized access and disclosure of their personal information. We review and modify our security measures whenever necessary.

The processing of visitor/user data in any way is only allowed to persons authorised by us, our employees and partners exclusively for the purposes stated herein. Our employees and partners have all undertaken a confidentiality commitment to the company and, as stated above, our company has ensured that the persons carrying out the processing on its behalf meet the requirements and provide sufficient assurances for the respect of the personal data of visitors/users.

Our company will not sell or otherwise transfer or disclose your personal information to unrelated third parties without your consent, with the exception of the application of relevant legal dictates and to the competent authorities only.

12. What are your legal rights?

With regard to the protection of your personal data, you have the following rights:

  • Right of access: you can ask us for information about personal data we hold about you, such as categories of personal data we hold or control, what it is used for, where it was collected from, if not from you directly, and to whom it has been disclosed, where applicable. You may obtain from us, free of charge, a copy of the personal data we hold about you. We reserve the right to charge a reasonable fee for any further copy you may request from us.
  • Right of rectification.
  • Right to erasure: You can ask us to delete your data if it is no longer necessary for the purposes for which it was collected. In addition, you have the right to request the deletion of your personal data in the event that your consent to processing is withdrawn, provided there is no other lawful basis for it.
  • Right to restrict processing: You can request the restriction of the processing of your data where the accuracy of the data is contested, unlawful or for other reasons. If you object, we will stop processing your data, provided that there are no legitimate grounds for further processing. The processing of your data for advertising purposes does not constitute a legitimate ground.
  • Right to portability: You may request that we receive your data in a structured, commonly used and machine-readable format or that it be transferred to another controller.
  • Right to object: you can object to the processing of your data or withdraw your consent. In this case, we will immediately stop processing your data, unless there are legitimate or compelling reasons that override your right.
  • Right of termination: You have the right, if you believe that your rights regarding the protection of your personal data have been violated, to lodge a complaint with the Personal Data Protection Authority, which is located in Athens (1-3 Kifissia Street, P.C. 115 23) and at the following telephone number 2106475600 and fax 2106475628 or at the email address complaints@dpa.gr

13. How can you exercise your rights?

To exercise your rights, you can send us an email describing the right you wish to exercise either to the company’s email address efthimiou.md@gmail.com with the title-request “EXERCISE RIGHT OF ACCESS/REGISTRATION/ DELETION/ RESTRICTION/ MODIFICATION” describing your request. We will then review it and respond as soon as possible.

We respond to your requests free of charge within one (1) month of receipt. However, if your request is complex or there is a large number of requests, we may obtain an extension of two (2) months if it is considered absolutely necessary and after informing you. If your requests are manifestly unfounded or excessive, in particular because of their repetitive nature, our company reserves the right not to respond to them.