youtube.com/@HealthBridge9030

PRIVACY POLICY

Introduction

This Privacy Policy aims to inform website users about the way in which the Company collects, processes, stores and protects personal data concerning them, in the context of the provision of its services.


This Policy describes the types of data processed, the purposes and legal bases of the processing, the recipients of the data, the rights of the subjects, as well as the measures taken to ensure compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the applicable legislation.

1. Data Controller – Data Protection Officer (DPO)

1.1 Data Controller

The Data Controller of the personal data collected and processed through this website is:

  • Name: HEALTH BRIDGE 9030 SINGLE MEMBER PC
  • Legal form: SINGLE MEMBER PC
  • Registered Seat: Kavala, Greece
  • Contact email address : healthbridge 9030@gmail.com

The Data Controller determines the purposes and means of the processing of personal data.

1.2 Data Protection Officer (DPO)

The Controller has appointed a Data Protection Officer (DPO):

  • Full name : Georgios Apostolidis
  • Contact email : apostolideslaw@gmail.com
  • Location : Kavala, Greece

The DPO is the point of contact for any issue related to the processing of personal data and the exercise of the rights of the subjects.

2. Categories of Personal Data – Purposes of Processing – Retention Time

2.1 Data categories

The Company collects and processes:

a) Simple personal data , such as:

  • full name,
  • sex,
  • country and city of residence,
  • contact details (telephone, email),
  • travel planning details, if provided.

b) Special categories of data (health data) , provided that they are provided voluntarily and with explicit consent, such as:

  • information about health status,
  • medical opinions,
  • medication,
  • results of tests or imaging tests,
  • treatments administered to the patients in their country and their results and
  • family health history

2.2 Purposes of processing

The processing is carried out exclusively for:

  • communication with the subject at his/her request,
  • the evaluation of the information provided,
  • matching with an appropriate hospital, clinic or healthcare professional,
  • the coordination of hospitality and transportation services through collaborating providers,
  • compliance with legal obligations and
  • airport transfer

The Company does not provide medical services or make diagnostic or treatment decisions.

2.3 Retention time

The data is kept in temporary storage for a period of up to six (6) months.
It is deleted earlier if:

  • cooperation does not proceed, or
  • the subject exercises his/her right to erasure.

2.4 Access to data

Access to the data is exclusively granted to:

  • authorized employees of the Company, within the scope of their duties,
  • collaborating hospitals, clinics and healthcare professionals, to whom the data is transferred upon consent and who act as independent Data Controllers,
  • third parties that will arrange the necessary accommodation, transport and transfer, to whom the data is transferred upon consent and who act as independent Data Controllers and
  • webmasters and hosting providers

3. Data Transfer to Third Countries (Turkey)

Personal data may be transferred to and temporarily stored on servers located in Turkey, which is a third country within the meaning of the GDPR and does not have an adequacy decision from the European Commission.

The transfer takes place exclusively with the express consent of the subject, in accordance with Articles 49(1a) and 9(2a) GDPR.
The subject is informed of possible risks and retains the right to withdraw consent at any time.

4. Legal Basis for Processing

The data processing is based on:

  • in article 6 par. 1b GDPR, for taking measures at the request of the subject,
  • in article 6 par. 1a GDPR, upon consent,
  • in article 9 par. 2a GDPR, for health data, upon explicit consent.

5. Rights of Data Subjects

5.1 Right of access

The subject has the right to receive confirmation of the processing of his data and access to it, as well as information on the purposes, categories, recipients and retention period.

5.2 Right to rectification

The subject may request the correction of inaccurate or the completion of incomplete data without undue delay.

5.3 Right to erasure (right to be forgotten)

The subject may request the deletion of their data, in particular when they are no longer necessary or when they withdraw their consent.

5.4 Right to restriction of processing

The subject may request the restriction of processing, in particular in case of doubt about the accuracy or lawfulness of the processing.

5.5 Right to portability

The subject may receive his/her data in a structured and machine-readable format and transmit them to another controller, under the conditions of Article 20 GDPR.

5.6 Right to object

The subject may object at any time to processing, in particular for direct marketing purposes.

5.7 Right to withdraw consent

Consent can be revoked at any time, without affecting the lawfulness of previous processing.

5.8 Exercise of rights – Response deadline

All requests are submitted exclusively to the Data Protection Officer (DPO) .
The Company makes every effort to respond within five (5) business days and in any case within the legal deadline of article 12 par. 3 GDPR.

6. Cookies, Tracking Technologies and Advertising Tools

The website uses strictly necessary cookies, analysis cookies and marketing
cookies. The use of non-necessary cookies is only possible after consent through a cookie management mechanism.

Third-party services (Google, Meta, TikTok, YouTube) may be used, which act as independent Data Controllers, in accordance with their own privacy policies.

Certain cookies are strictly necessary for the proper operation, security and basic functionality of the website. These cookies are automatically activated when you access or navigate the website and do not require your prior consent, as they are technically essential for the provision of the service requested by the user. By continuing to use and navigate the website, you acknowledge that such strictly necessary cookies are required for its operation.

Consent can be revoked or modified at any time through cookie settings.

7. Data Security – Breach – DPIA

The Company implements appropriate technical and organizational security measures (Article 32 GDPR).
In the event of a data breach, the notification procedures of Articles 33 and 34 GDPR are followed.

a Data Protection Impact Assessment (DPIA) has been or is being carried out in accordance with Article 35 GDPR.

8. Data Processing Through AIChatbox

Using Chatbox with Artificial Intelligence (AI) and Communication with a Natural Person

The website provides communication via a digital chatbox that operates with artificial intelligence (AI) technology, for the purpose of initial information, recording requests and facilitating users' communication with the Company.

Personal data provided by the user through the chatbox (including, where applicable, health data) is processed in accordance with this Privacy Policy and is treated with the same level of protection as data collected through other communication channels.

The processing of data through the chatbox includes, but is not limited to, the collection, temporary storage, evaluation and, if the subject requests or chooses it, their transmission to an authorized natural person (employee or associate of the Company), exclusively for the purposes described in this Policy.

The user retains, at any time, the ability to request direct communication with a natural person, in which case the processing of his data continues under the responsibility of the Company, in accordance with the same legal bases, guarantees and rights provided for in the GDPR.

The Company takes appropriate technical and organizational measures so that the use of the chatbox with artificial intelligence does not lead to automated decision-making that produces legal effects or significantly affects the data subject, within the meaning of Article 22 GDPR.

9. Right to Complain

The subject has the right to submit a complaint to the competent supervisory authority:

Personal Data Protection Authority (PDPA)
www.dpa.gr

10. Update

This Policy may be amended. The updated version will be posted on the website with a relevant indication of the date of the last update.

 

Kavala, (14.02.2026)