Privacy Policy

This Privacy Policy describes the manner in which the company GURU DERMA Private Practice Single-member Private Capital Company, headquartered in Nea Erythraia, Iroon Polytechneiou 2-4, P.C. 14671, Tax Identification Number 802714344, Tax Office KEFODE Attica, telephone 211 444 2000 and email address info@guruderma.com (hereinafter referred to as “the Company”), collects, stores, uses and protects the personal data of visitors, users and patients, in accordance with Regulation (EU) 2016/679 (GDPR), Law 4624/2019, Law 3418/2005 (Code of Medical Ethics) and the instructions of the Athens Medical Association (ISA).

The Company recognizes that personal data concerning health constitutes sensitive data and is committed to processing it exclusively for specific, lawful and transparent purposes, strictly adhering to the prescribed security and confidentiality measures. The use of the website
www.guruderma.com and its services implies acceptance of this Policy.

The Company collects personal data such as name, contact information (email, telephone), as well as, optionally, photographs sent by the user as part of a preliminary evaluation. In addition, technical data (IP address, cookies, navigation data) is collected to improve the user experience and functionality of the website. This data is used exclusively for communication purposes, case evaluation, appointment scheduling and information regarding services or offers, always with the user’s consent.

The processing of health data is carried out only if the interested party has provided explicit consent, in accordance with article 9 par. 2 of the GDPR and article 14 of Law 3418/2005. Sending photos or medical information through the website constitutes explicit acceptance of their processing exclusively for the purposes of preliminary assessment by an authorized physician and for communication regarding the patient’s request.

The Company ensures that data is not shared with third parties, except for collaborating physicians or external partners (such as website hosting providers, support technicians or communication management companies) who are bound by confidentiality agreements and an obligation to comply with the GDPR. No data is transferred outside the European Union.

The legal basis for data processing may be based on the consent of the subject, the performance of pre-contractual actions or the fulfillment of legal obligations of the Company. In the case of medical data, the Company has an obligation, based on article 14 of the Code of Medical Ethics (Law 3418/2005) and the instructions of the Athens Medical Association (ISA), to retain medical records and relevant information for at least ten (10) years from the last medical procedure or communication with the patient. This preservation is done in a secure manner, exclusively for the purposes of medical documentation, protection of the patient’s rights and compliance with applicable legal obligations.

After the retention period has expired, the data is deleted or destroyed in a secure and irreversible manner. If the Company needs to retain data for a longer period of time (e.g. for legal or accounting obligations), this is only done under the conditions of the GDPR.

The Company implements all necessary technical and organizational security measures, such as the use of SSL encryption, limited access to authorized personnel, internal confidentiality policies and regular review of security systems, in order to ensure the confidentiality, integrity and availability of data.

Users and patients have the right to access their data, the right to rectification, erasure or restriction of processing, as well as the right to object and portability. They may also withdraw their consent at any time without affecting the lawfulness of the processing carried out prior to the withdrawal. To exercise these rights, interested parties may contact the Company at info@guruderma.com.

In case the user or patient considers that the processing of his/her personal data violates Regulation (EU) 2016/679, he/she has the right to submit a complaint to the Personal Data Protection Authority (www.dpa.gr), which is based in Athens (Kifisias 1-3, 115 23).

The Company may modify this Privacy Policy at any time in order to adapt it to new legislative provisions or operational needs. The changes will be published on this website and will be effective from the moment of their posting.