Privacy Policy
General Data Protection Regulation (GDPR)
1.) General
PhysPlus, with the object of providing Health Services as a “Physiotherapy Center” and with its headquarters in Stavroupoli and Address, 564 30, Abelokipon 5, Thessaloniki, hereinafter referred to as “The Company”, attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you communicate or cooperate with us, including but not limited to prospective or active customers, consumers, website visitors, employees, suppliers, vendors, traders, individuals, consumers, passengers or third party partners.
This Privacy Policy also describes how we use, share and protect your personal data, the choices you have regarding your personal data, and how you can contact us. This Privacy Policy complies with the terms under European Regulation 679/2016 and any other relevant applicable legislation. By using our website and signing the relevant consent form, you unconditionally accept the practices described herein, the terms of which govern the contractual relationship between us and are incorporated into the terms of use of each of our services.
We respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide (“Personal Information”) on the PhysPlus.ca website (“Site” or “Service”) and any of its related products and services (collectively, ” Services “), and our practices for collecting, using, maintaining, protecting and disclosing such Personal Information. It also describes the choices available to you regarding our use of your Personal Information and how you can access and update it.
This Policy is a legally binding agreement between you (“User”, “you” or “your”) and PhysPlus (“PhysPlus”, “we”, “us” or “our”). If you are entering into this Agreement on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Agreement, in which case the terms “User”, “you” or “your” refer to such entity. If you do not have such authority or if you do not agree to the terms of this Agreement, you must not accept this Agreement and you may not access and use the Site and Services. By accessing and using the Site and Services, you acknowledge that you have read, understand and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies we do not own or control or to persons we do not employ or manage.
2.) What is your personal data
Your personal data includes any information on paper or electronic media that can lead, either directly or in combination with others, to your unique identification or to your identification as a natural person. This category includes, where applicable, information such as your full name, VAT number, social security number, physical and e-mail addresses, landline and mobile phone numbers, calling and called telephone numbers, SMS/MMS message recipients, your bank account details, bank/debit/credit/prepaid card details, e-mail addresses, your online browsing history (log files, cookies, etc. etc.), and any other information that allows your unique identification in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), Law 4624/2019, the applicable Greek legislation and the decisions of the Data Protection Authority (DPA).
3.) Automatic information collection
When you open the Website, our servers automatically record information sent by your browser. This data may include information such as the IP address of your device, browser type and version, operating system type and version, language preferences or the web page you visited before visiting the Site and Services, pages of the Site and Services that you visit , the time spent on those pages, the information you search for on the Site, the times and dates of access, and other statistics.
The information automatically collected is used only to identify possible cases of abuse and to generate statistical information on the use and traffic of the Website and Services. This statistical information is not otherwise collected in such a way that any particular User of the system can be identified.
4.) Collection of personal information
You may access and use the Site and Services without telling us who you are or revealing any information that would identify you as a specific, identifiable individual. If, however, you wish to use some of the features offered on the Site, you may be asked to provide certain Personal Information (for example, your name and email address).
We receive and store any information that you knowingly provide to us when you create an account, post content, make a purchase or complete any forms on the Website. Where required, this information may include the following:
Account details (such as username, unique user ID, password, etc.)
Contact details (such as email address, phone number, etc.)
Basic personal information (such as name, country of residence, etc.)
Some of the information we collect is directly from you through the Site and Services. However, we may also collect Personal Information about you from other sources, such as public databases and joint marketing partners.
You may choose not to provide us with your Personal Data, but then you may not be able to take advantage of some of the features of the Website. Users who are unsure of the required information are welcome to contact us.
5.) Use and processing of the information collected
We act as data controllers and data processors under the GDPR when handling Personal Information, unless we have entered into a data processing agreement with you, in which case you will be the data controller and we will be the data processors.
Our role may also differ depending on the specific situation involving personal information. We act in the capacity of a data controller when we ask you to submit your personal information necessary to ensure access to and use of the Site and Services. In such cases, we are a data controller because we determine the purposes and means of processing Personal Information and comply with the obligations of data controllers set out in the GDPR.
We act in the capacity of data processor in cases where you submit Personal Information through the Site and Services. We do not own, control or make decisions about the submitted Personal Information and such Personal Information is processed only in accordance with your instructions. In such cases, the User providing Personal Information acts as a responsible data controller under the GDPR.
6.) Legal processing
The company will use your information for the following lawful processing purposes (under Article 6 GDPR), where applicable, with your explicit consent which you may freely withdraw at any time, or for the performance of a contract or pre-contractual relationship with you, or to serve our legitimate interests or to defend your vital interests, namely:
To manage your calls to seek information in order to complete requests.
To respond to your requests and queries regarding our products/services and to inform and respond to your suggestions and comments on how to improve our products and services.
To analyze our website traffic and improve your experience and to provide you with information about products, services, special offers and promotions.
For our internal operations and analysis such as internal management, fraud prevention, use of information systems for administration, billing, accounting, invoicing and control.
The provision of the Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or may be optional.
If you refuse to provide the data that is considered mandatory, it may, for example, make it impossible for the Company to fulfill the sales contract or provide the other services available on its Sites.
7.) What are the principles of collection and processing?
This Privacy Policy aims to inform you of the terms of collection, processing and transfer of your personal data that we may collect as Data Controllers. The company and its staff apply the ten Processing Principles of the GDPR 2016/679 (lawfulness, objectivity, transparency, purpose limitation, data minimisation, accuracy, storage time limitation, integrity, confidentiality and accountability). The Company protects and safeguards your eight Rights regarding the use of your Personal Data (information, access, rectification, erasure, erasure, restriction of processing, portability, opposition and non-automated decision-making based on profiles, as specified in Greek legislation). The above applies without distinction and applies to all processing we carry out and to all services we provide independently.
8.) Cookies Policy
In accordance with the European E-Privacy Directive 2009/136/CE (which will be replaced by the ePrivacy Regulation) and the 25.2.2020 Guidelines of the Hellenic Data Protection Authority, our website accepts the use of “cookies”. These are online tools for collecting and analysing information from social networking platforms or third-party partner websites in order to measure traffic, improve the operation, content and overall appearance of our website and adapt it to the needs of our customers.
When using our website, your personal data is processed by third parties, such as social networks and search engines, e.g. Google Analytics, Facebook social Plug-ins, etc., without any involvement, influence or control on the part of the Company and are transmitted either within or outside the European Economic Area (27 EU member states plus Iceland, Liechtenstein and Norway), for which these third parties are solely responsible. If you do not wish third parties, such as Google, Facebook, Twitter, to receive information from your browser when you visit the Company’s websites you may opt out of the terms provided by the relevant User Policy on each such third party’s website. Although most browsers automatically accept the use of cookies, you can go to change the settings on your computer by choosing not to accept cookies, or by being asked to accept each cookie individually. However, you should be aware that doing so will limit the range of browsing options available to you on any online website and the user experience.
Our website and services use “cookies” to help you personalise your online experience. A cookie is a text file placed on your hard drive by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server on the domain that issued you the cookie. If you choose to decline cookies, you may not be able to fully experience the features of the Site and Services. You can learn more about cookies and how they work in this guide.
We may use cookies to collect, store and track information for security and personalisation purposes, for the operation of the Website and Services and for statistical purposes. Please note that you have the option to accept or reject cookies. Most web browsers automatically accept cookies by default, but you can modify your browser settings to reject cookies if you prefer.
9.) Transfer of your data to third parties
As a general rule, our Company does not transmit your personal data to third parties, except when we act as intermediaries and to the extent necessary to complete your order and fulfil requests relating to the services provided by us. Such third parties may be official governmental and supervisory bodies (e.g. law enforcement and prosecution authorities, e-crime prosecution, DPAA, EETT) when we are required to comply with the law and prevent unlawful acts against us and our customers (e.g. telephone fraud, insult, defamation, invasion of privacy, etc.). Third parties may even be accounting and law firms.
At our Company we choose trusted providers and try to place contractual restrictions on third parties receiving your personal data to ensure that it is used lawfully. However, we cannot guarantee that they will not use or disclose this data without your permission. For this reason, we recommend that you carefully review the privacy practices of any third party providers/suppliers whose products or services you purchase through our websites.
In order for us to process your data, we may need to transfer your information to other countries, including countries mostly within and extremely outside the European Economic Area (EEA), based on EU adequacy decisions, corporate binding rules, standard contracts and approved codes of conduct.
Access to your Data is available to the Company’s strictly necessary personnel, who are bound by confidentiality obligations, and our business partners or third party service providers who process your Data as Processors on our behalf and in accordance with our instructions.
10.) How is your Data shared?
Disclosure of Data by our Company
The Company shares your Data with:
Third party service providers that process personal data on behalf of the Company, for example (but not limited to) for credit card and payment processing, transfers and deliveries, hosting, management and maintenance of our data, email distribution, research and analysis, management of promotions, and management of certain services and data. When we use third-party service providers, we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.
Other third parties, to the extent required for the following purposes: (i) compliance at the request of a body of the Greek State, court order or applicable law, (ii) prevention of illegal uses of our Websites and Apps or violations of the Website Terms of Use Our Sites and Apps and our policies, (iii) our own protection against third-party claims, and (iv) helping to prevent or investigate cases of fraud (e.g. counterfeiting).
other third parties to whom you yourself have given your consent.
Sharing of Data by you
When you use certain social media features on our Sites or Apps, you may create a public profile that includes information such as your username, profile picture, and city. You may also share content with your friends or the general public, including information about your interaction with the Company. We encourage you to use the tools we provide to manage Company social media sharing to control the information you make available through Company social media assets.
11.) What is the policy we apply with the third party Processors of your Data according to the above:
We provide only the information needed to perform their specific services.
They can only use your Data for the exact purposes we set out in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of the data they hold will be deleted or anonymized.
To improve your experience as a customer on our Websites and Apps, we use the following companies, who will process your Personal Data as part of their contracts with us:
Mailchimp
In case you wish to receive more information about sharing your Data with third parties, please contact us by email at info@PhysPlus.gr
12.) How do we ensure that Processors respect your Data?
The Processors on our behalf have agreed and contractually committed to the Company:
to observe confidentiality, not to send your Data to third parties without the Company’s permission, to take appropriate security measures, to comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU (otherwise known as GDPR).
13.) Security of your personal data
In any case, we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of your data. We aim to ensure that your personal information is transferred, stored and processed in accordance with appropriate international security standards and procedures. At the Company we have trained and responsible staff, while we recognize the importance of protecting your privacy and all your personal information. For this purpose, we have appropriate security policies and use appropriate technical and operational tools, such as anonymization, pseudonymization, data encryption, tokenisation, use of firewalls, establishment of access levels, authorized employees, staff training, periodic audits, compliance with international security and operational standards continuity.
Any of our partners who have access to the above information, uses it to exclusively serve the above purposes. We share the information you give us exclusively in the ways described in this Policy and in accordance with your express and specific consent per type of processing which you can freely revoke at any time by contacting us.
14.) Data Transfer
The personal data we collect (or process) in the context of our Websites and Apps will be stored within the European Union. However, some of the Data recipients with whom the Company shares your Personal Data may be located in countries other than the one in which your Personal Data was originally collected. The legislation in those countries may not provide the same level of data protection compared to the country that originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the US, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.
We take measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries is adequately protected under data protection rules. These include signing the Contractual Clauses, certifying that the recipient has adopted the European binding rules or adheres to the EU-US and Switzerland-US Privacy Shield.
15.) How long do we keep your Data?
We retain your Personal Data for as long as necessary to fulfill the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). Generally this means that we will keep your Personal Data for as long as you have an account with our Company. In relation to your Personal Data relating to product purchases, we retain this data for a longer period in order to comply with our legal obligations (such as tax and commercial law and for warranty purposes where applicable). At the end of this retention period, your data will be completely deleted or anonymized, for example by aggregating with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of Customer Data retention periods:
Orders
When you place an order, we will keep the personal data you have given us for five years so that we can comply with our legal and contractual obligations.
Guarantees
If your order included a warranty, the relevant Personal Data will be retained until the end of the warranty period.
Newsletter
Your declaration of consent for sending a newsletter is kept for as long as the newsletter is sent to you by the Company and in any case no more than six months from the cessation of its sending.
16.) Display of targeted advertisements
Provided you have given us written consent, we may use your personal data together with other information we have collected, after human intervention by our commercial department, to display advertisements relevant to your apparent preferences, on our website or on another website.
However, we do not use automated tools to identify and evaluate your consumer profile and genetic preferences with other personal information (such as your email address) in order to display advertisements or send you personalized information. In addition, we do not share your personal information with third parties so that they can send you relevant advertisements, unless you have expressly consented to them in writing. If you want us to stop sending you updates or offers, you can use the unsubscribe link at the end of every email you may have received from us (unsubscribe).
17.) Is your Data secure?
We are committed to safeguarding your Personal Data.
Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum security.
The isotope
www.physplus.gr uses the TLS 1.2 protocol, for secure online commerce. This encrypts all Data you provide, including your credit card number, name and address, so that it cannot be decrypted or changed in transit over the Internet.
In addition, the information used to identify you as an account user is two: the Login Code (Username) and the Personal Secret Security Code (Password). Each time you register your details, you are given access to your personal account. This specific process is achieved safely through encryption during their transfer to the internet and the Company’s servers. By the same standards, you are given the possibility to change your Personal Secret Security Code (Password) as often as you wish. After entering the desired code, the new code is coded and stored in the Company’s systems. For this reason, the only person who knows your password is yourself and you are solely responsible for keeping the password confidential from third parties.
These measures are reviewed and amended when deemed necessary.
18.) Unsolicited Commercial Communication
Our Company does not allow the use of our website or our services for the transmission of bulk or unsolicited commercial e-mail messages (spam). Furthermore, we do not allow messages from and to our customers that use or contain invalid or falsified headers, invalid or non-existent domain names, techniques to hide the origin of each message, false or misleading information or violate website terms of use. We do not in any way allow the collection of email addresses or general information of our customers and subscribers through our website or services. We do not permit or authorize any attempt to use our services in a manner that could damage, disable, overburden any part of our services, or interfere with anyone who wishes to lawfully use our services.
If we believe there is any unauthorized or inappropriate use of any of our services, we may, without notice, at our sole discretion, take appropriate action to block messages from a particular domain, message server email, or an (IP) address. We have the ability to delete any account using our services that, in our sole discretion, transmits or links to the transmission of any messages that violate this policy.
19.) What are your rights?
You have the right to access your Personal Data.
This means that you have the right to be informed by us if we are processing your Data. If we process your Data, you can ask to be informed about the purpose of the processing, the type of your Data we keep, to whom we give it, how long we store it, whether automated decision-making takes place, but also about your other rights, such as correction, deletion of data, restriction of processing and filing a complaint with the Personal Data Protection Authority.
You have the right to correct inaccurate personal data.
If you find that there is an error in your Data you can submit a request to us to correct it (eg correct a name or update a change of address).
You have a right to erasure/right to be forgotten.
You can ask us to delete your data if it is no longer necessary for the above-mentioned processing purposes or you wish to revoke your data in the event that this is the only legal basis.
You have the right to portability of your Data.
You can ask us to receive the Data you have provided in readable form or ask us to pass it on to another controller.
You have the right to restrict processing.
You can ask us to restrict the processing of your Data pending the consideration of your objections to the processing.
You have the right to object and withdraw consent to the processing of your Data.
You can object to the processing of your Data and we will stop processing your Data, unless there are other compelling and legitimate reasons that override your right. If you have given your consent to the collection, processing and use of your personal data, you can withdraw your consent at any time with future effect:
Opting Out of Receiving Marketing Communications.
You can choose not to receive marketing communications by changing your email and sms registrations, clicking the delete link or following the instructions included in the message.
Alternatively you can contact us using the contact details we give you in term 17 below.
In case we rely on our legitimate interest: In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must then do so unless we believe we have a compelling legitimate reason to continue processing your Personal Data.
20.) How can you exercise your rights?
To exercise your rights, you can submit a request to the email address info@PhysPlus.gr with the title “Exercise of Right” and we will examine it and answer you as soon as possible.
21.) Where can you go if we violate the applicable law for the protection of your Personal Data?
You have the right to submit a complaint to the Personal Data Protection Authority (postal address Kifisias 1-3, P.K. 115 23, Athens, tel. 210. 6475600, e-mail address (e-mail) contact@dpa.gr ), if you consider that the processing of your Personal Data violates the applicable national and regulatory legal framework for the protection of personal data.
22.) Validity of Privacy and Personal Data Protection Policy
We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post an update to this on our website before the changes take effect and we will notify you as soon as possible.
We encourage you to read this Policy periodically to know how your Data is protected.
23.) Acceptance of this Policy
You acknowledge that you have read this Policy and agree to all of its terms and conditions. By accessing and using the Site and Services and submitting your information you agree to be bound by this Policy. If you do not agree to comply with the terms of this Policy, you are not authorized to access or use the Site and Services.
Last Updated: 13/06/2023
