Wellness Systems

PRIVACY POLICY

Last updated: 22/03/2026

1. Controller

For the processing described in this Privacy Policy, the controller is:

SmilePerfection.HDBC IKE
Zalokosta 8, 10671, Athens, Greece
admin@smileperfectionhdbc.com

2. Scope

This Privacy Policy applies to:

• website visitors,

• organizational representatives submitting inquiries,

• users of gated non-clinical governance or access features,

• recipients of communications from SmilePerfection.HDBC.

This Privacy Policy does not cover clinical care delivered by independent licensed professionals or clinics.

3. Categories of Personal Data

We may collect and process:

• identification data (name),

• contact data (email, phone),

• professional or organizational data (company, role, affiliation),

• account data (where gated access exists),

• communication content,

• technical and usage data (IP address, browser, device, cookies, logs).

We do not seek to collect medical or dental records through general website forms unless a separate, clearly defined, role-based framework is activated and governed by distinct notices and controls.

4. Purposes of Processing

We process personal data for:

• responding to inquiries,

• evaluating requests for access or collaboration,

• administering governance framework access,

• protecting website security,

• managing communications,

• internal record-keeping and compliance,

• analytics and service improvement.

5. Legal Bases

Depending on context, processing is based on:

• legitimate interests,

• consent,

• steps taken at your request before entering into a relationship,

• legal obligations where applicable.
  These bases must be applied consistently with the GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity/confidentiality and accountability.

6. Medical and Clinical Data Boundary

SmilePerfection.HDBC IKE does not act as a healthcare provider and does not process clinical records as part of ordinary website use.

Any clinical data, where applicable in a future controlled framework, must remain subject to explicit separate governance, distinct notices and legally appropriate role allocation.

7. Recipients

Personal data may be shared only with:

• hosting and technical service providers,

• website infrastructure providers,

• email and communications providers,

• legal, compliance or professional advisers where necessary,

• competent authorities when required by law.

We do not sell personal data.

8. International Transfers

If data is transferred outside the EEA, appropriate safeguards must be used, such as adequacy decisions or Standard Contractual Clauses, as required by EU data protection rules.

9. Retention

We retain personal data only for as long as necessary for the purposes described above, unless a longer retention period is required by law or needed for legal defense.

10. Your Rights

Subject to applicable law, you may request:

• access,

• rectification,

• erasure,

• restriction,

• objection,

• portability,

• withdrawal of consent where consent applies.

Requests may be sent to: [EMAIL]

11. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse or unlawful disclosure.

12. Complaints

You may lodge a complaint with your competent supervisory authority, including the Hellenic Data Protection Authority where relevant.