Privacy Policy

Privacy Policy

Effective date: August 19, 2025
Operator / Controller: Health and Iasis S.A. — Anapafseos 30, Vrilissia, Athens, Greece
Websites covered: https://health-iasis.net and https://ultrasonicbonecutter.eu
Contact for privacy matters: This email address is being protected from spambots. You need JavaScript enabled to view it.

1. Overview / scope

This Privacy Policy explains how Health and Iasis S.A. collects, uses, stores, shares, and protects personal data you provide when you use the Site(s) and contact us via the contact form. The Policy applies to the two websites listed above.

2. Data we collect

We collect only the personal data you voluntarily provide via the contact form and technical data necessary for security and site operation.

A. Contact form data (you provide):

  • Full name (required)

  • Email address (required)

  • Message content / optional additional fields you choose to include

B. Technical / automatically collected data (collected when you visit the Site):

  • IP address and approximate location derived from IP

  • Browser type and version, device type, operating system

  • Referrer URL and pages visited, timestamps and log data

  • Cookies and similar technologies restricted to essential/session cookies (see Cookies section)

We do not require or collect payment data, health records, or other sensitive categories through the contact form.

3. Legal bases for processing (GDPR)

Where GDPR applies, our legal bases for processing personal data are:

  • Legitimate interest: to respond to your inquiries, communicate with you about your request, and maintain records of correspondence.

  • Legal obligation: where required to comply with applicable laws or accounting obligations.

  • Consent: we will request explicit consent if we later collect personal data for marketing purposes (note: by default we do not send marketing emails).

4. How we use your data (purposes)

We use personal data for the following purposes:

  • To respond to your inquiries and communicate with you about the services or information you request.

  • To maintain internal records of communications and to prevent abuse of the contact form.

  • For security, fraud prevention, and site operation.

  • To comply with legal obligations.

We do not use contact-form data for profiling, behavioral advertising, or automated decision-making.

5. Sharing and disclosures

We may share personal data as follows:

  • Service providers / processors: we employ third-party processors to host the Site and to deliver email. These processors act only on our instructions and are required to protect your data.

  • Legal compliance: if required by law, legal process, or government request, or to protect rights and safety.

  • Business transfers: in the event of a merger, sale, reorganization, or acquisition, personal data may be transferred as part of the transaction; we will seek to ensure continued protection.

We do not sell personal data for monetary consideration. If your jurisdiction defines “sale” differently, we will follow applicable law and disclose any such activity.

6. International transfers

Data may be processed or stored in countries outside the EU/EEA if our service providers operate there. When transferring data to countries without an adequacy decision, we will implement appropriate safeguards.

7. Data retention

  • Contact form messages and associated email addresses: retained for 2 years from the date of submission, unless you request earlier deletion.

  • Backups and logs: retained for a limited period (typically up to 12 months) for security and operational purposes.

  • If you request deletion of your personal data (see “Your rights” below), we will erase your data unless we must retain it to comply with legal obligations or to defend legal claims.

8. Your rights (data subject rights)

Depending on applicable law, you may have the right to:

  • Access the personal data we hold about you.

  • Request rectification of inaccurate or incomplete data.

  • Request erasure (the “right to be forgotten”), subject to exceptions.

  • Request restriction of processing.

  • Object to processing based on legitimate interests.

  • Data portability (where applicable).

  • Withdraw consent where processing is based on consent.

  • Lodge a complaint with a supervisory authority (in Greece, the Hellenic Data Protection Authority).

To exercise any rights or for privacy inquiries, contact: This email address is being protected from spambots. You need JavaScript enabled to view it.. We may ask for information to verify your identity before responding.

9. Cookies & similar technologies

We use essential cookies strictly necessary for site operation (session handling, security). We do not use analytics cookies, advertising cookies, or tracking for marketing by default. If we later add analytics or marketing tools, we will update this policy and implement any required consent mechanisms.

10. Security measures

We implement reasonable technical and organizational measures to protect personal data, including:

  • TLS (HTTPS) for data in transit.

  • Access controls and restricted access to data within our organization.

  • Regular backups and basic incident detection.

  • Staff training and policies for handling data.

While we take security seriously, no transmission or storage system is 100% secure. We will notify affected individuals and authorities if required by law in the event of a personal data breach.

11. Children’s privacy

The Site is not intended for children under the applicable minimum age (see Eligibility above). We do not knowingly collect personal data from children. If we learn that we have collected data from a child in violation of this policy, we will delete it.

12. Third-party links and embeds

The Site may contain links to third-party websites. This Privacy Policy does not govern their practices. Please review the privacy policies of any third-party sites you visit.

13. Changes to this Privacy Policy

We may update this Privacy Policy. Material changes will be reflected by updating the “Effective date” at the top. Where required by law, we will provide a more prominent notice.

14. Contact

For questions or to exercise your rights: This email address is being protected from spambots. You need JavaScript enabled to view it..

15. Complaints / supervisory authority

If you believe we processed your personal data unlawfully, you may lodge a complaint with the competent supervisory authority (for Greece: Hellenic Data Protection Authority).

16. International users / cross-border access

If you are located outside Greece, please note your data may be transferred to, stored, and processed in Greece and other jurisdictions. By using the Site and submitting your personal data, you consent to such transfers as described above.