Πολιτική απορρήτου

Last update: September 9, 2025

1) Data Controller

The controller is: Dimitra Koutoumanou, VAT number 131777892 (Tax Office of Ionia Prefecture), G.E.M.I. 160885203000, contact email: information@dimitra.life.
This Policy explains how we collect, use and protect your personal data when you use the website. dimitra.life, the e-shop and the service online appointment booking.

2) What categories of data do we process?

Depending on your use of the website, we process, for example:

Account/identification data: name, email, phone, shipping/billing address, login details.
Order & billing data: products, amounts, payment method, billing information (where required by law).
Appointment/reservation details: name, contact details, preferred date/time, communication channel (in person/teleconference).
Contact/support: messages you send us via form or email.
Technical/browsing (cookies & logs): IP, device/browser info, pages you visit, preference/statistics/marketing cookies (only with consent where required).
Payments: we do not store card numbers; payments are processed by payment providers with their own PCI-DSS compliance.

Sensitive health data: Please don't you enter medical information in order/contact forms or free text fields. If, due to the nature of your services, special categories of data (e.g. health) need to be processed, this will be done only with explicit, informed consent, with strict minimization and appropriate additional security measures.

3) Purposes & legal bases of processing (GDPR art. 6 & 9)

Contract execution (art. 6(1)(b)):
Account management, cart/order, payment, invoicing, product delivery, appointment booking & reminder, session provision.
Legal obligation (art. 6(1)(c)):
Accounting/tax obligations, record keeping.
Consent (art. 6(1)(a) and, where necessary, 9(2)(a) for special categories):
Newsletter, promotions, statistics/marketing cookies, possible provision of health information (if explicitly requested/required). You can withdraw at any time.
Legitimate interest (art. 6(1)(f)):
System security, fraud/malicious actions prevention, basic usage analysis to improve services (with respect for your rights).

4) Cookies & similar technologies

We use:

Strictly necessary cookies (site/cart operation, security).
Statistics/analytics (e.g. Google Analytics) – only with consent.
Marketing/retargeting (e.g. Meta Pixel) – only with consent.
You can manage your preferences via banner/browser settings. Details in Cookie Settings.

5) To whom is the data transmitted?

We only transmit to the extent necessary and with binding processing agreements (DPAs):

Hosting/IT infrastructure providers and technical support.
Payment providers (e.g. banks, PayPal/Stripe) – we do not receive/store card details.
Courier/Logistics companies, for order delivery.
Email/SMS providers, to send updates/appointment reminders.
Online booking/calendar or video conference providers if used for the session.
Analytics/Ads platforms (with consent), exclusively for the stated purposes.
Notification may be required to public authorities/regulatory when required by law or judicial act.

6) International transfers

If service providers are located outside the EEA, we ensure appropriate safeguards (e.g. Standard Contractual Clauses of the EU, additional measures where necessary), so that the level of protection remains equivalent.

7) Time of observance

We keep data only for as long as necessary:

Account/orders: until 2 years after the last activity or in accordance with the respective tax obligations (minimum 5–10 years for documents, by law).
Appointments/sessions: booking details for up to 2 years from completion, unless legal obligations require longer retention.
Newsletter/Marketing: until withdrawal of consent or exercise of the right to object.
Security logs: for a reasonable period (usually up to 12 months), unless longer is required for incident investigation.

8) Your rights (GDPR arts. 15-22)

You can exercise at any time:

Access in your data,
Correction inaccuracies,
Deletion ("right to be forgotten") where permitted,
Restriction processing,
Portability (reception/transmission to another person responsible),
Opposition processed based on legitimate interest or for marketing,
Consent withdrawal without retroactive effect on legality.
Request: info@dimitra.lifeWe will respond without undue delay.

You also have the right to complain to Personal Data Protection Authority (PDPA).

9) Information security

We apply appropriately technical and organizational measures (encryption in transit, access restriction, strong administrator authentication, regular software updates, backups). Although we make every effort, no method is completely secure.

10) Minors

The services are aimed at adultsWe do not knowingly collect data from minors. If we become aware of a minor's data being collected without parental consent, we will delete the relevant data.

11) Automated decision-making/Profiling

We do not carry out decisions that produce legal effects for you exclusively with automated processing. Any basic segmentation/personalization for promotional purposes only consent and you can revoke it at any time.