Privacy Policy
Last updated: February 2026
1. Data Controller
SΩMA Physio
Daidalou 44, Agios Dimitrios 173 42, Athens, Greece
Email: info@somaphysio.gr
Phone: +30 210 9858 157
2. Data We Collect
- Appointment booking: name, email, phone, date/time, service
- User account: email, encrypted password, profile info
- Medical documents: files uploaded by the user (referrals, reports)
- Contact form: name, email, phone, message
- Newsletter: email address
3. Purpose & Legal Basis
- Contract performance: managing appointments, providing services
- Consent: newsletter, analytics/advertising cookies
- Legitimate interest: website improvement, security
4. Cookies & Tracking
- Essential (always active): login, bookings, language preference
- Analytics (consent required): Google Analytics — understand visitor behavior
- Advertising (consent required): Google Ads — measure ad effectiveness
You can change your cookie preferences at any time using the cookie banner at the bottom of the page.
5. Data Sharing
We never sell your data. We share only with:
- Supabase: database hosting & auth (EU servers)
- Google: Analytics & Ads (only with consent)
- Netlify: website hosting
6. Data Retention
- Account data: until account deletion
- Appointment/medical data: 5 years (Greek legal requirement for medical records)
- Contact form: 1 year
- Newsletter: until unsubscribe
7. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Access to your data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restriction of processing
- Data portability
- Withdraw consent
Exercise your rights by emailing info@somaphysio.gr. We will respond within 30 days.
8. Supervisory Authority
Hellenic Data Protection Authority (HDPA)
www.dpa.gr
9. Policy Changes
We will notify you of material changes via a notice on our website.