Privacy Policy

Last updated: [date]

1. Data Controller

This Privacy Policy is issued by [Full legal name / natural or legal person], with registered address at [full postal address] (hereinafter "Controller", "we", "us", or "our").

Contact details for privacy matters:
Email: info@rhodesmedicalservices.com
Phone: +30 2241 031123
Data Protection Officer (if appointed): [Full name / DPO email]

2. Scope of This Policy

This Policy explains how we collect and process personal data through our website, communication channels, online appointment forms, and medical service operations. It applies to patients, prospective patients, website visitors, and any individual who communicates with us.

3. Categories of Personal Data

Depending on your interaction with us, we may process the following categories:

  • Identification and contact data (name, email, phone number).
  • Appointment and service data (requested specialty, date/time preferences, notes).
  • Payment and transaction data (where applicable).
  • Medical and health data necessary for diagnosis, treatment, and follow-up.
  • Communication records (messages, call notes, support requests).
  • Technical and usage data (IP address, device/browser data, log and cookie data).

4. Purposes of Processing and Legal Bases

We process personal data for the following purposes and legal bases under the GDPR:

  • To arrange and provide medical care and related administration, based on medical diagnosis and healthcare provision obligations.
  • To respond to requests and manage appointments, based on pre-contractual steps and contract performance.
  • To comply with legal, tax, accounting, and regulatory obligations, based on legal compliance.
  • To protect patients, staff, and services and to secure systems, based on legitimate interests.
  • To use non-essential cookies or similar tools, based on your consent where required.

5. Data Recipients

Personal data may be shared, only when necessary, with:

  • Authorized medical professionals and internal staff bound by confidentiality.
  • IT, hosting, and technical support providers acting under contractual safeguards.
  • Laboratories, diagnostic partners, or referral providers where clinically required.
  • Accountants, legal advisors, and auditors under confidentiality obligations.
  • Public authorities and regulators when disclosure is legally required.

6. Transfers Outside the EEA

If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

7. Data Retention Period

We retain personal data only for as long as necessary for the purposes described in this Policy, including compliance with legal and regulatory retention obligations. Retention periods may vary depending on data type, medical obligations, and applicable law.

8. Security Measures

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, misuse, alteration, or unlawful disclosure. Access is restricted on a need-to-know basis and subject to confidentiality obligations.

9. Data Subject Rights

Subject to applicable law, you may exercise the following rights: access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent where processing relies on consent.

To exercise your rights, contact us at info@rhodesmedicalservices.com and include enough information for us to verify your request.

10. Cookies and Similar Technologies

Our website uses cookies and similar technologies for technical operation, security, analytics, and user experience improvements. Non-essential cookies are used only where permitted by law and, where required, based on your consent. See our Cookie Policy for details.

11. Minors

Our services and website are not intended for unsupervised use by minors. Where processing concerns a minor, we apply the protections required by law and, where necessary, involve a parent or legal guardian.

12. Medical Confidentiality

Medical information is handled under strict professional confidentiality and applicable healthcare privacy rules. Access to medical data is limited to authorized personnel directly involved in care delivery or legally required administrative processes.

13. Complaint to the Hellenic Data Protection Authority

If you believe your data protection rights have been violated, you may lodge a complaint with the Hellenic Data Protection Authority (HDPA/APDPX), without prejudice to any other administrative or judicial remedy.

14. Policy Updates

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes. The latest version will always be published on this page with the updated date shown above.