Privacy Policy

How we protect your personal data

Protecting your personal data is important to us. This policy explains what data we collect, for what purpose, and on what legal basis, in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and Greek Law 4624/2019.

1. Data Controller

The data controller for your information is:
Katerina Saroukou, Neurologist
Zografou 8, Heraklion 71201, Crete, Greece
Tel: +30 697 249 6162
Email: katerina.saroukou@gmail.com

2. Data We Collect

We collect the following data:

  • Contact & appointment-request data: name, phone, email, preferred date and a short description of the reason for your visit — when you submit the appointment form or contact us directly.
  • Medical data (special category, Art. 9 GDPR): history, diagnoses, test results, treatments. Stored securely at the practice and used solely for the provision of healthcare.
  • Local storage: your language preference (el/en/de) and your cookie-banner choice. These stay in your browser — they are not sent to us.
  • Analytics & advertising data (only after your consent): pseudonymised IP address, device/browser type, pages viewed, interactions (e.g. clicks on the phone number) — see Section 5.

3. Purpose of Processing

We use your data to:

  • Schedule and manage appointments.
  • Provide medical care and follow-up.
  • Communicate regarding your treatment.
  • Comply with legal obligations to maintain medical records.
  • Analyse website traffic and measure advertising effectiveness (only if you explicitly consent).

4. Legal Basis

  • Art. 6(1)(b) GDPR — performance of the contract for medical services (appointment booking, examination, treatment).
  • Art. 9(2)(h) GDPR — processing of health data for healthcare purposes by a health professional bound by medical confidentiality.
  • Art. 6(1)(c) GDPR — compliance with the legal obligation to retain medical records.
  • Art. 6(1)(a) GDPR — your consent, for analytics & advertising cookies (you may withdraw it at any time).

5. Cookies, Local Storage and Tracking

When you first visit the site, a consent banner appears. Following Google Consent Mode v2, analytics and advertising cookies are denied by default — nothing is set until you choose "Accept".

  • Strictly necessary (always on): preferred-language and cookie_consent_state in localStorage. Never sent to a server.
  • Analytics — Google Analytics 4 (G-YCNS2E1TX6): only after your consent. Records page views, session duration and interactions. IP address is pseudonymised.
  • Advertising — Google Ads (AW-17860746570): only after your consent. Tracks conversions (e.g. phone clicks) to measure the performance of our ads.
  • Withdrawing consent: click here to change your cookie preferences, or clear cookies/site data for saroukouneuro.gr in your browser settings.

6. Recipients & Third-Party Processors

  • Google LLC / Google Ireland Ltd — Google Tag Manager, Google Analytics 4, Google Ads, and the embedded Google Map on the contact page.
  • Web3Forms (Better Stack): processes and forwards appointment-form submissions to our email.
  • Netlify Inc. — hosting provider (CDN, HTTP access logs).
  • Meta (Facebook): the link to the practice's Facebook page opens in a new window; we do not embed any pixel or plugin.

7. International Transfers

Some of the above providers (Google, Netlify, Web3Forms) may process data on servers outside the EEA (mainly in the United States). These transfers are covered by the European Commission's Standard Contractual Clauses (SCCs) and/or the EU–US Data Privacy Framework where applicable.

8. Data Retention

  • Medical records: at least 10 years, in accordance with Greek law.
  • Email/form correspondence: up to 2 years after the last contact, unless a contractual relationship arises.
  • Analytics cookies: up to 14 months.
  • Google Ads cookies: up to 90 days.

9. Your Rights

You have the right to:

  • Request access to your data (Art. 15 GDPR).
  • Request correction or completion of inaccurate data (Art. 16).
  • Request deletion ("right to be forgotten", Art. 17), where it does not conflict with our record-keeping obligations.
  • Restrict processing (Art. 18) or object to it (Art. 21).
  • Withdraw your consent to analytics/advertising cookies at any time.
  • Lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifisias Ave., 11523 Athens).

10. Security

The site is served exclusively over HTTPS (TLS) with HSTS enabled. We apply additional technical and organisational measures (access control, physical record storage at the practice, medical confidentiality) to protect your data against unauthorised access, loss or destruction.

11. Contact & Updates to this Policy

For questions about the protection of your data or to exercise your rights, contact us at katerina.saroukou@gmail.com or +30 697 249 6162. We may update this policy from time to time; substantive changes will be announced in a prominent place on the site.

Last updated: May 2026