Introduction
The controller of your personal data is the company “L. Kyritsis Orthopedics S.A.”, headquartered in Chalandri, 297 Mesogeion Avenue – 15231. The company is legally represented, with VAT number: 093104675, registered with the Tax Office: KEFODE Attikis, and business registration number (GEMI): 004390601000. Phone: +30 210-6775555, email: eshop@kyritsis-orthopedics.com
For the proper operation of our services and to better serve you, we process your personal data in accordance with Law 2472/1997 and its relevant amendments.
We process data from individuals who:
- Have made a purchase through our website
- Have filled out any contact form on our website
- Have participated in promotional campaigns via forms
- Visit our physical stores
What Constitutes Personal Data
Personal data refers to information related to an identified or identifiable living individual. Multiple pieces of data that, when combined, can identify a specific person also qualify as personal data. Data that has been anonymized, encrypted, or pseudonymized but can still identify a person is still considered personal data and falls under the GDPR. Only data that has been irreversibly anonymized so that the person is no longer identifiable ceases to be considered personal data. The GDPR protects personal data regardless of the technology used to process it. It applies to both automated and manual processing, whether data is stored digitally or in physical format.
Sensitive Personal Data
When you visit us, we may collect sensitive data such as gender, financial, and medical information, for:
- Issuing orthopedic product/service order forms
- Providing requested paramedical services
The legal basis for this is the execution of the contract between us (Article 6(1)(b) and Article 9(2)(h) of the GDPR). Retention period: 20 years, in order to provide long-term support (e.g., repeat constructions, treatment tracking, etc.)
Personal Data of Minors
If it becomes necessary to process data of minors under 15 years old, we do so only with the written and explicitly expressed consent of their legal guardians. We take reasonable steps to verify that the consent has indeed been given by the person with parental responsibility, including ID checks and supporting documents.
Data Protection Compliance
Our company fully complies with:
- The General Data Protection Regulation (GDPR 2016/679)
- Any specific national or European data protection legislation
- Law 3471/2006 on electronic communications
- The Medical Professional Code of Conduct
- Decisions of the Hellenic Data Protection Authority (DPA)
We collect personal data only for clear and lawful purposes, and do not process it further in any way that is incompatible with those purposes.
On kyritsis-orthopedics.com, we only collect the personal data required to process your order, in a lawful, fair, and transparent manner.
Collected data includes: Full name, address, phone number, and email address.
Data Sharing and Security
- User data will never be disclosed, published, or sold to third parties unless required by law (e.g., Law 2225/1994 or Directive 24/2006)
- Depending on the selected payment method, relevant data (e.g., credit card number) may be shared with the respective bank and deleted from our system after the order is completed for enhanced security.
- Depending on the shipping method, relevant personal data may be processed by third-party logistics or customer service providers (e.g., courier companies or call centers). These parties may act as joint or independent controllers or processors, and must follow the same security standards.
- If a customer requests delivery to a third party, the customer accepts full responsibility for informing that third party and obtaining their consent for data sharing.
Data collected through contact forms is stored and used only to respond to your request. The legal basis is your consent (Article 6(1)(a) GDPR). Data is deleted after your communication is completed, unless legal obligations require otherwise.
We do not transfer personal data outside the EU. If necessary (e.g., for cloud services), such transfers will comply with GDPR Articles 44 and onwards.
Your Rights
You have the right to:
- Access
- Correct
- Delete (or anonymize)
- Restrict processing
- Object to processing
To exercise these rights, email: eshop@kyritsis-orthopedics.com
If you have placed orders, account data cannot be deleted due to ERP system requirements—but it can be anonymized.
In the event of a data breach or suspected breach, we are obligated to inform both the affected individuals and the Hellenic Data Protection Authority within 72 hours. Only authorized personnel have access to personal data, following strict procedures. Customer data is stored with all necessary security technologies (encryption, firewalls, antivirus, etc.).
Newsletter Subscription
Subscribing to our newsletter via kyritsis-orthopedics.com is optional and not required for browsing or placing orders. By entering your email and confirming it, you give explicit consent to receive promotional content about products, events, and marketing messages.
While we make every effort to ensure proper delivery, the company is not liable if newsletters end up in spam. You can unsubscribe at any time via the link in each newsletter.
Transaction Security
Our website uses SSL (Secure Sockets Layer) encryption to securely exchange data between devices, protecting your personal information..
IP Address Tracking
We may track your IP address for informational (e.g., Google Remarketing), statistical (e.g., Google Analytics), and security purposes.
You can disable IP tracking through your browser settings, but this may limit access to certain features of the site.
Complaints & Contact
You may submit complaints to the Hellenic Data Protection Authority (DPA): 1-3 Kifisias Ave., 11523 Athens, Phone: +30 210 6475600, Website: https://www.dpa.gr
Cookies Policy
We collect digital visitor data using cookies. Cookies are not required for the site to function, but they improve your browsing experience.
What Are Cookies?
Cookies are small text files stored on your computer or device when you visit a website. Each browser (e.g., Chrome, Firefox, Safari) stores cookies that may contain anonymized info about pages visited and devices used.
Cookie Usage
You can delete or block cookies at any time. However, some site features may not function properly without them. Cookies are also used by third parties like Google and Facebook for, Statistics (Google Analytics), Advertising (Google Display, Facebook Ads), Remarketing (Google Remarketing).
You may opt out of Google cookies here.
All cookie-related information is used only as described and not for personal identification.
Types of Cookies Used
- Necessary (Functional)
- Statistical
- Promotional/Marketing
You can change your cookie preferences here.