Privacy Policy

Privacy Policy

Processing of Personal Data

For the purposes of this Policy, the following clarifications apply:

COINBUX IKE, as the lawful owner and administrator of this website “www.meet-sally.com”, is designated by law as the “Controller” and therefore, among other things, collects, stores, uses and processes personal data when the data subject visits or uses in any way the websites/pages of this Website.

As the protection of personal data is extremely important to the Website and its owning business, this Policy sets out our obligations, the manner of use, disclosure and protection of the data we receive, as well as the way of resolving any related matters.

1. Definitions

1.1 “Data Protection Legislation” means any law relating to the processing of personal data, privacy and security, including, without limitation, Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)” (“GDPR”), Directive 2002/58/EC “on privacy and electronic communications”, as incorporated, in force and applied in the Greek legal order, as amended from time to time, or other applicable or replacement international or national laws or rules relating to the protection of personal data, including Law 4624/2019 (implementation measures for the GDPR and transposition of Directive (EU) 2016/680), as well as relevant regulations, directives or guidelines of competent administrative authorities, such as the Hellenic Data Protection Authority (“HDPA”).

1.2 “Controller”, “processor”, “data subject”, “personal data” and “processing” have the meaning assigned to them by applicable Data Protection Legislation.

1.3 “Personal Data” means all personal data (as defined by applicable Data Protection Legislation) that is disclosed or may be disclosed to a processor or made available to it for the purposes and within the scope of the relevant communication and/or that a processor (and/or any of its agents or subcontractors) collects, stores or otherwise processes on behalf of the Website.

1.4 “Website” means the address “www.meet-sally.com”, which is the website and which offers information about medical services that are provided exclusively at the physical premises of the business by specialized and licensed medical personnel, as provided by the applicable legislative provisions.

1.5 “Processing” of Personal Data means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Purpose of Processing and Duration

2.1 Before the Controller provides data to a processor that falls within the scope of Data Protection Legislation and for which the Controller is responsible and/or accountable under such legislation (the “Controller’s Personal Data”), the Controller must have obtained from the data subject any consent required for such transfer. The same applies where the processor collects and generally processes personal data received directly from the data subject on behalf of the Controller.
2.2 The Website processes Personal Data for the purpose of browsing the website only. Thereafter, it uses Personal Data only when absolutely necessary and to the extent required to fulfil its obligations, in accordance with the terms and conditions imposed by law.
2.3 Personal Data is always protected as Confidential Protected Information.

3. Data Collection

We take care to collect only the absolutely necessary Personal Data required for lawful processing. Such data includes:
- data about your browsing, in order to continuously improve your experience (you always have the option not to share such data),
- data relating to website traffic statistics,
- data and information collected through the use of cookies in your browser (see the Cookies Policy),
- data relating to technical information about your internet connection and browser, as well as the country and phone code where your computer is located, the websites displayed during your visit, the advertisements you choose to view and your search terms,
- data relating to your social media username, only if you interact with us through those channels, so that we can respond to your questions or comments.

4. Use of Personal Data

Depending on the case, we use your data either to develop and improve the website or to comply with our contractual obligations to consumers, or pursuant to legal provisions or in execution of court decisions.

Processing of your data is carried out either by the specifically authorized personnel of the Website or through IT systems and electronic devices by the Website and, exceptionally, by third parties who, having contractually committed to confidentiality and protection of your data, carry out processing necessary to achieve purposes strictly connected with the use of our websites and their services and the sale of products and/or services through them.

5. Legal Basis for Processing

The legal basis for processing your personal data is:
● data protection legislation, which provides various grounds on which a Website may collect and process your personal data, including the terms of our contractual relationship,
● the Website’s obligations arising from law,
● the legitimate interest of our Website. In specific cases, we collect your data in a way that is reasonably expected as part of operating our business and that does not materially affect your rights, freedoms or interests.

6. Recipients of the Data

Access to your data is granted only to the strictly necessary personnel of the Website and its administrator, who are bound by confidentiality obligations.

7. Disclosure of Data

The Website shares your data with:
● third‑party service providers who process personal data on behalf of the Website (e.g., management and maintenance of data). When we use such providers, we enter into agreements requiring them to implement appropriate technical and organizational measures to protect your personal data,
● other third parties, to the extent required for the following purposes: (i) compliance following a request by an authority of the Hellenic State, a court decision or applicable law, (ii) prevention of unlawful uses of the Website or breaches of our Terms of Use and policies, (iii) protection of ourselves from third‑party claims, and (iv) contribution to the prevention or investigation of fraud.

8. Policy with Third‑Party Processors

● We provide only the information required for the provision of their specific services.
● Third parties may use your data only for the precise purposes we set out in our contract with them.
● We work closely with them to ensure that your privacy is respected and protected at all times.
● If we stop using their services, any data they hold will be deleted or anonymized.

9. Ensuring Data Protection

Processors acting on our behalf have agreed and undertaken:
● to maintain confidentiality,
● not to send your data to third parties without the Website’s authorization,
● to take appropriate security measures,
● to comply with the legal framework for the protection of personal data, in particular Regulation 2016/679/EU (GDPR).

10. Data Transfers

The personal data we collect (or process) will be stored within the European Union. However, some of the recipients with whom the Website shares your personal data may be located in countries outside the country where your personal data was originally collected. The laws in those countries may not provide the same level of protection. Nevertheless, when we transfer your personal data to recipients in other countries, including the USA, Switzerland, etc., we are committed to protecting your personal data as described in this Policy and in accordance with applicable law.

We take measures to comply with applicable legal requirements for transfers of personal data to recipients in countries outside the EEA or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that personal data transferred to such countries receives adequate protection in accordance with data protection rules, including signing Standard Contractual Clauses, certification that the recipient has adopted European binding rules, or that it complies with the EU‑US and Swiss‑US Privacy Shield.

11. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes set out in this Policy (unless a longer retention period is required by applicable law or public authorities).
At the end of the retention period, your data will be fully deleted or anonymized (for example by aggregation with other data), so that it can be used in a non‑identifiable manner for statistical analysis and business planning.

12. Data Security

We are committed to safeguarding your personal data. Recognizing the importance of personal data security, we have taken all appropriate organizational and technical measures to secure and protect your data against any form of accidental or unlawful processing. We use the most modern and advanced methods so that the highest possible level of security is ensured.

Our website uses modern and secure protocols. In this way, all data you provide is encrypted so that it cannot be decrypted or altered during transmission over the internet.
These measures are reviewed and modified when deemed necessary.

13. Your Rights

You have the right of access to your personal data. This means you have the right to be informed by us whether we process your data. If we process your data, you may request information about the purpose of processing, the categories of data we hold, the recipients, how long we store it, and your other rights (such as rectification, erasure, restriction, and lodging a complaint with the HDPA).

You have the right to rectification of inaccurate personal data. If you find that your data is incorrect, you may submit a request for us to correct it.

You have the right to erasure / the right to be forgotten. You may ask us to delete your data if it is no longer necessary for the above purposes or if you wish to withdraw your consent where consent is the only legal basis.

You have the right to data portability. You may ask to receive, in a readable form, the data you have provided or ask us to transmit it to another controller.

You have the right to restriction of processing. You may ask us to restrict processing of your data for the time your objections regarding processing are being examined.

You have the right to object and to withdraw consent. You may object to the processing of your data and we will stop processing if there are no other compelling and lawful grounds overriding your rights. If you have given consent for collection, processing and use of your personal data, you may withdraw it at any time with future effect.

14. Exercising Your Rights

To exercise your rights, you may submit a request to info@meet-sally.com with the subject “Exercise of Right” and we will review it and respond as soon as possible.

15. Response to a Request

We respond to your requests free of charge, without delay, and in any event within one (1) month from receipt. If your request is complex or there is a large number of requests, we will inform you within one month if we need an extension of an additional two (2) months, within which we will respond.

16. Applicable Law

Applicable law is Greek law, as shaped in accordance with the GDPR 2016/679/EU, Law 4624/2019 and, in general, the applicable national and European legislative and regulatory framework for the protection of personal data.

Any dispute arising out of or relating to the protection of your personal data is subject to mediation in accordance with the Mediation Rules of the European Organization for Mediation and Arbitration (EOMED). If the dispute or part of it is not resolved through mediation, the dispute or the unresolved part shall be resolved exclusively, finally and irrevocably by an arbitral tribunal appointed and conducting the arbitration in accordance with the EOMED Arbitration Rules.
In any case of dispute, the competent courts are the competent courts of the city of Athens.

17. Recourse in Case of Infringement of Rights by the Website

You have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address: 1‑3 Kifisias Ave., TK 115 23, Athens, tel. +30 210 6475600, website: dpa.gr, email: contact@dpa.gr), if you consider that the processing of your personal data violates the applicable legal framework.

18. Privacy Policy Updates

We update this Privacy Policy whenever necessary. If there are significant changes to this Policy or to the way we use your personal data, we will publish the updated version on our website before the changes take effect and we will notify you by any appropriate means.
We encourage you to read this Policy periodically to know how your data is protected. This privacy policy was last modified on 14/11/2023.

We remain at your disposal for any further information and concerns that may arise from this Statement – Privacy Policy. Please contact us at: info@meet-sally.com