• WORKING HOURS: MONDAY - SUNDAY 10:00 - 18:00

Privacy Policy

1. Introduction – Identity of the Data Controller

Welcome to alphavet.gr. Alphavet LP (address: Filosofon 40 & Agraulis Str., 14564 Nea Kifissia, Greece) operates this website and is the Data Controller for any personal data collected through it. We are committed to protecting your privacy and processing your personal data in compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and applicable Greek data protection law. This Privacy Policy explains in clear terms what personal data we collect, how and why we use it, and how we safeguard it when you visit our website or use our veterinary services. Please read this policy carefully. By using our website, you acknowledge that you have been informed of our data practices. If you have any questions or concerns about your personal data, do not hesitate to contact us.

2. What Personal Data We Collect

We may collect and process various categories of personal data from you, either provided directly by you or gathered automatically when you interact with our site:

  • Identification and Contact Information: This includes data you provide when contacting us or using our services, such as your name, email address, telephone number, and any other information you choose to include in communications. For example, if you fill out a contact form or send us an email, we will collect your name, email address, phone number (if provided), and the content of your message in order to respond to your inquiry. Similarly, if you call us by phone, we may collect your name and phone number and any details you share during the call.

  • Automatically Collected Data (Usage Data): When you visit our website, certain data is collected automatically by our IT systems and analytics tools. This data may include your device’s IP address, browser type and version, operating system, the date and time of your visit, the pages you viewed, the website that referred you to our site, and your navigation path on our site. We also use cookies and similar technologies to collect information about your interactions with the site (see Section 8 on Cookies). This usage data is generally collected in log files or via third-party analytics services and helps us understand how visitors use our site. Although we do not typically use this information to identify you, an IP address is considered personal data under GDPR when it can be linked to you.

  • Client and Service Data: If you become a client of Alphavet or book an appointment for our veterinary services, we will collect personal data necessary to provide those services. This may include your full name (or the name of the pet’s owner/guardian), contact details (address, email, phone), and information related to the veterinary service (e.g. appointment date and time, the type of procedure or examination required, and basic details about your pet). We limit the information to what is needed for the specific medical or diagnostic service. (Note: Information about your pet’s health or medical condition is not considered personal data of the owner under GDPR, since GDPR applies to data of identified individuals, not animals. Nevertheless, since your pet’s data may lead to your identification and for deontology reasons we treat all such information with confidentiality and in accordance with professional standards.)

We do not intentionally collect any sensitive personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health or genetic information about you) through our website, nor do we seek to collect data from children under 16 without parental consent. We ask that you refrain from providing such sensitive information via our contact forms or emails. In the event you voluntarily provide sensitive data (for example, by describing a medical condition of yours), we will treat it with strict security and confidentiality.

3. Purposes and Legal Bases for Processing

We only use your personal data for specific and legitimate purposes, and only where we have a legal basis to do so under GDPR Article 6. Below we describe the purposes for which we process personal data and the corresponding legal bases:

  • To Communicate with You and Provide Services: We process your contact information and any details you provide to respond to your inquiries, schedule appointments, and deliver our veterinary services to you. For instance, we will use your phone number or email to confirm appointments or to send you reports/results regarding your pet’s diagnostic tests. The legal basis for this processing is to take steps at your request prior to entering into a contract or to perform a contract (GDPR Art. 6(1)(b)), i.e. providing the services you requested. In cases where no formal contract exists (e.g. you simply ask a question via the website), we rely on our legitimate interest in effectively communicating with prospective clients and answering inquiries, or on your consent when you voluntarily submit your information for us to contact you. In any event, we will use such data only to fulfil your request or provide our services.

  • For Administrative and Legal Obligations: We may process your data as necessary to comply with our legal obligations and for internal administrative purposes. This includes using and retaining certain data for billing/invoicing and accounting (e.g. maintaining records of services provided and payments, which contain personal identifiers) as required by tax law, or to comply with other laws and regulations relevant to our veterinary practice (such as maintaining a record of diagnostic results). The legal basis here is compliance with a legal obligation (GDPR Art. 6(1)(c)). For example, Greek tax law requires us to keep transaction records for a number of years, and veterinary regulations may require us to document certain information about treatments or diagnoses. We will not use this data for any purpose other than meeting such obligations and internal record-keeping.

  • Marketing and Newsletters (Direct Marketing): With your explicit consent, we may use your contact details to send you promotional communications, such as newsletters, special offers, or updates about our clinic and services. For instance, if you subscribe to our newsletter, we will use your email address to send you periodic updates or articles that might interest you. The legal basis for this is consent (Art. 6(1)(a) GDPR). You have the right to withdraw your consent at any time (see Section 5 on Rights) and we will immediately stop sending you such communications. Opting out of marketing emails will not affect your ability to use our services.

  • Website Analytics and Improvement: We process usage data (as described in Section 2) to analyze how our website is used and to improve its content, layout, and performance. This helps us understand user behavior and preferences, allowing us to optimize user experience (for example, by ensuring popular pages are easy to find, or improving site navigation). Wherever possible, we use this data in an aggregated or anonymized form (not linked to you personally). The legal basis for analytics that are not strictly necessary is typically your consent (via acceptance of analytics cookies). However, for basic analytics related to site performance and security, we may rely on our legitimate interest (Art. 6(1)(f)) in improving our services and understanding usage patterns. We ensure that this interest is balanced against your rights – for instance, by anonymizing IP addresses in Google Analytics. You can object to or opt out of analytics as explained in the Cookies section.

  • Security and Fraud Prevention: We use personal data (mainly technical data like IP addresses and log entries) to protect our website, our clients, and our business from threats such as fraud, cyber-attacks, or unauthorized access. For example, our systems automatically log IP addresses when an unusual number of failed login attempts occur, and we may analyze log files to detect and prevent malicious activities (such as Denial-of-Service attacks). This processing is necessary for compliance with our legal obligations under data protection laws to ensure data security (Art. 6(1)(c)), and it also falls under our legitimate interest in maintaining the integrity and safety of our IT systems and services (Art. 6(1)(f)). Such data will not be used for any other purpose and will only be retained for as long as needed for security monitoring and incident response.

We will not use your personal information for any purpose that is incompatible with the original purposes without first notifying you and, if required, obtaining your consent. We also do not engage in any automated decision-making (including profiling) that produces legal effects or similarly significant effects on you, as defined in GDPR Article 22. All processing of personal data is done either manually by our staff or with minimal automation that does not impact you in such a way.

4. Data Retention Period

We retain personal data for no longer than is necessary to fulfill the purposes described above, in accordance with the GDPR principle of storage limitation. In practice, this means:

  • Communications Data (queries, emails, contact form submissions): We keep personal data from inquiries and correspondence only as long as needed to respond to you and conclude the matter at hand. Once your inquiry has been addressed or your issue resolved, we will delete or anonymize the related personal data after a reasonable period, unless further retention is justified. For example, if you email us with a question, we may retain that email and our reply for a short period (e.g. a few months) in case you follow up with additional questions or for our own service quality review, but generally such correspondence is deleted when no longer needed. If an inquiry leads to you becoming a client, relevant information may be moved into your client file and retained as described below.

  • Client Service Data (appointment and medical records): For clients who receive veterinary services, we will retain your personal data and related service records while you remain a client and as long as necessary thereafter to comply with legal obligations or for legitimate business purposes. For instance, your basic contact details and the record of the diagnostic services provided to your pet will be kept on file. After we have finished providing services to you, we generally retain service records and associated personal data for a period required by law or recommended by professional guidelines. Typically, we might retain client records for up to ten (10) years from the date of your last visit/service, since Greek law may require medical service providers to keep records for a number of years and tax laws require retention of invoices and payment records for at least 5 years. We will not keep identifiable data longer than necessary; for example, if records older than the mandatory retention period are no longer needed, we will securely destroy or anonymize them.

  • Web Visit Logs and Analytics: Web server logs that contain IP addresses and visit information are generally kept for a short period for security, troubleshooting and analytics, and then automatically deleted. For instance, server log files are typically stored for up to 40 days before being purged, unless an issue is detected that requires retaining logs for longer (such as investigating a security incident). Analytics data may be retained in aggregate form (without personal identifiers) for longer to allow historical comparisons, but personal data within analytics (if any) is either deleted or anonymized once it’s no longer needed for our analysis. Cookies have varying lifespans; see our Cookie Policy for details on the retention of cookies (many expire or are deleted by your browser automatically after a defined period).

In determining retention periods, we take into account the nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes of processing, and applicable legal requirements. In all cases, when personal data is no longer necessary for the purposes it was collected, or if you validly request its deletion, we either irreversibly anonymize the data or securely erase it. If we keep data for statistical purposes, we will ensure it is no longer linked to any individual (anonymous).

5. Your Rights as a Data Subject

Under GDPR, you have a number of important rights regarding your personal data. We respect your rights and have processes in place to enable you to exercise them easily. Your principal rights are:

  • Right of Access: You have the right to obtain confirmation as to whether or not we are processing personal data concerning you, and if so, to access that data and be provided with information about the processing. This means you can ask us to confirm if we hold any of your personal information, and request a copy of that information, as well as an explanation of how we use it. We will provide a copy of the personal data undergoing processing free of charge (unless your request is repetitive or excessive, in which case we may charge a reasonable fee or refuse, with justification, as permitted by law). This right allows you to be aware of and verify the lawfulness of the processing.

  • Right to Rectification: You have the right to request that we correct any inaccuracies or complete any incomplete personal data we hold about you. If you become aware that we have incorrect information (for example, misspelt your name or an outdated contact detail), please let us know and we will rectify it promptly. We may need to verify the new information you provide, but we will correct any confirmed inaccuracies.

  • Right to Erasure: Also known as the “right to be forgotten,” this right allows you to request the deletion of your personal data in certain circumstances. You can ask us to erase your personal information, for example, if it is no longer necessary for the purpose we collected it, you have withdrawn your consent (and no other legal basis exists), or you believe we are processing it unlawfully. We will assess your request and, if no exemption applies, we will comply and delete your data. Please note, sometimes we may have legal obligations or compelling legitimate grounds to keep some data (for instance, we cannot delete records that we are required to maintain by law, such as invoices, until the retention period expires). In any case, we will inform you of the outcome.

  • Right to Restriction of Processing: You have the right to request that we limit the processing of your data under certain conditions. This means we would mark the data so that it is only used for certain purposes. You can exercise this right if you contest the accuracy of your data (for a period enabling us to verify it), if the processing is unlawful but you oppose erasure, if we no longer need the data but you need us to keep it for legal claims, or if you have objected to processing (pending verification of overriding grounds). When restriction is in place, we will store your data securely and only process it with your consent or for specific reasons such as legal claims, protection of others’ rights, or important public interest.

  • Right to Data Portability: Where the legal basis of our processing is your consent or performance of a contract and the processing is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format and to have that data transmitted to another controller (where technically feasible). In plain terms, this allows you to obtain and reuse your data across different services. For example, if you requested it, we could provide you with a copy of your basic account or contact details in a CSV or XML file for you to import into another system. Alternatively, if you wish and it’s feasible, we can directly transfer the data to a third party you designate.

  • Right to Object: You have the right to object to our processing of your personal data at any time, on grounds relating to your particular situation, when such processing is based on our legitimate interests (Art. 6(1)(f) GDPR). If you lodge an objection, we must stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless we need to continue processing for the establishment, exercise, or defense of legal claims. You also have the right to object to processing for direct marketing purposes. This means if you object to use of your email for newsletter or marketing, we will cease those activities immediately (there is no balancing test in that case). We provide easy ways to opt out of marketing (e.g., an “unsubscribe” link in emails).

  • Right to Withdraw Consent: In cases where we rely on your consent as the legal basis for processing (see Section 3), you have the right to withdraw that consent at any time. For example, if you subscribed to our newsletter, you can later opt out, and we will stop sending it. Withdrawal of consent will not affect the lawfulness of processing done before you withdrew it, but once consent is withdrawn we will cease the relevant processing. You can withdraw by contacting us or, where applicable, through automated means (for instance, clicking “unsubscribe” in an email or toggling off certain cookies in our cookie preference center).

  • Right Not to Be Subject to Automated Decisions: As noted, we do not engage in solely automated decision-making (including profiling) that has legal or similarly significant effects on you. Should that change, you would have the right to not be subject to a decision based solely on automated processing which produces such effects, unless an exception in Art. 22 GDPR applies. You would also have the right to express your point of view and contest the decision. We include this here for completeness, but in our case it is not applicable since we do not make such automated decisions about our clients or users.

  • Right to Lodge a Complaint: If you believe that we have infringed your data protection rights or GDPR in the course of processing your personal data, you have the right to file a complaint with a Data Protection Authority. Our lead supervisory authority in Greece is the Hellenic Data Protection Authority (HDPA). You can contact the HDPA at (www.dpa.gr) or by other means as indicated on its website, to report any concerns or seek guidance. We would appreciate the chance to address your concerns before you approach the DPA, so please consider reaching out to us first. However, this does not affect your right to complain directly to the supervisory authority.

You can exercise any of these rights by contacting us (see the Contact section below). We will respond to your request without undue delay and within one month as mandated by GDPR, unless an extension is permitted (we will inform you if we require more time, e.g. due to complexity). We generally do not charge any fee for handling a rights request. However, if your request is manifestly unfounded or excessive (for example, repetitive requests), we may charge a reasonable fee or refuse to act on the request, as allowed by GDPR – but we will provide our reasoning in such case. To ensure we do not disclose data to the wrong person, we might need to verify your identity before fulfilling certain requests (especially for access, deletion, or portability). This is to safeguard your information from unauthorized access.

6. Disclosure to Third Parties / International Transfers

We treat your personal data as private and confidential. We do not sell or rent your personal data to third parties for marketing purposes. We only share your data with third parties under the following circumstances:

  • Service Providers (Processors): We share personal data with trusted third-party service providers who perform functions on our behalf and under our instructions. These include services such as website hosting and server infrastructure, email delivery and storage, data backup, analytics tools, and professional advisors (e.g. IT or security consultants). For example, our website may be hosted on a third-party server provider’s infrastructure, which means the provider technically processes data (like IP addresses in logs or data entered on the site) for us. These service providers are bound by contractual agreements to process personal data only for our purposes, in accordance with our instructions, and with appropriate confidentiality and security measures. They are not permitted to use your data for their own purposes or to disclose it to others. We regularly assess our processors to ensure they meet GDPR requirements. Where required, we have signed Data Processing Agreements (DPAs) with them.

  • Business Partners and Joint Controllers: In certain cases, we might work with other entities in providing services, and your data might be shared with those partners. For instance, if your primary veterinarian (external to Alphavet) needs to be consulted or informed of results, we would share information with them at your request. In such cases, those parties would either be independent controllers of your data or joint controllers with us for that specific data exchange. We ensure that any such sharing is transparent to you and that the other party is also obliged to protect your data. (Note: This is generally limited to scenarios like referrals from or to other veterinary professionals and would involve your knowledge and consent.)

  • Legal Obligations and Vital Interests: We will disclose personal data to third parties if we are legally compelled to do so, or if it is necessary to protect your vital interests (or those of another person). For example, we may disclose information in response to lawful requests by public authorities (such as law enforcement or regulatory agencies). If a court order or subpoena requires us to provide information, we will comply after verifying the legitimacy of the request. Additionally, if needed to handle an emergency medical situation (say, coordinating with an emergency clinic for your pet), we might share relevant personal details to ensure proper care – this would typically also be done with your involvement. We may also share data with our professional legal advisors or insurance providers if necessary to manage legal claims or disputes (e.g. in defending against a lawsuit). In all such cases, we will only share the minimum information necessary and document the disclosure.

  • Corporate Transactions: In the unlikely event of a business transfer, merger, acquisition or sale of Alphavet (or its assets), personal data may be transferred to the new owner or third party involved, as part of the transaction. If this happens, we will ensure that the recipient agrees to respect your personal data in a manner consistent with this Privacy Policy and applicable law. You would be notified of any change in data control resulting from such a transaction.

  • International Data Transfers: By default, we aim to process and store personal data within the European Economic Area (EEA). We do not routinely transfer your data to countries outside the EEA. However, some of our third-party service providers may be located or may store data on servers outside the EEA (for example, a cloud service or email provider might use data centers in the United States or other countries). If your personal data needs to be transferred to a “third country” (outside EEA), we will ensure that adequate safeguards are in place as required by GDPR Chapter V. These safeguards may include:
    – Ensuring the destination country is one deemed by the European Commission to have an adequate level of data protection; or
    – Implementing Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent contractual obligations, with the data importer; or
    – Relying on any other valid transfer mechanism under GDPR (such as Binding Corporate Rules, or explicit consent from you when permitted, etc.).

For example, if we use a US-based service provider to send newsletters, we will have SCCs or an equivalent lawful mechanism in place with them to protect your data. We will also verify that any such provider has robust privacy and security practices. You can contact us for more information about any specific transfers of your data outside the EEA and the safeguards applied.

Other than as described above, we will not disclose your personal data to any third party unless you have been informed and, if legally required, given consent. We also ensure that, whenever we share data, we share only the minimum necessary for the purpose and that the third recipient is obligated to keep it secure and confidential.

7. Data Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the personal data processing. We have implemented industry-standard security practices to protect your data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include, for example:

  • Encryption: Our website is secured with SSL/TLS encryption, which means that any data transmitted between your device and our server is encrypted in transit. You can verify this by the presence of the padlock icon and “https://” in our website URL.

  • Access Control: Personal data is accessible only to authorized personnel who need access to perform their job duties. We employ user authentication, role-based access controls, and policies to ensure that staff members only access data on a need-to-know basis. All staff are bound by confidentiality obligations.

  • Secure Data Storage: We store electronic data on secure servers with measures such as firewalls and anti-malware protection. Regular backups are performed to prevent data loss. When physical records exist (e.g., printed service forms or consent forms), they are kept in locked cabinets with restricted access.

  • Monitoring and Testing: We monitor our systems for possible vulnerabilities and attacks, and we periodically review and update our security measures. Software and systems (including the website CMS and plugins) are kept updated to patch security vulnerabilities. We may also conduct security assessments or employ experts to test our defenses.

  • Pseudonymization and Minimization: Where feasible, we pseudonymize or minimize personal data within our systems. For instance, analytics data is anonymized (IP addresses truncated or hashed) such that it cannot easily be traced back to individual users.

Despite all our efforts, please be aware that no method of transmission over the Internet, and no method of electronic storage, is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. However, we have incident response plans in place. In the unfortunate event of a data breach that poses a high risk to your rights (for example, personal data being compromised), we will notify you and the relevant Data Protection Authority as required by law, and we will take all necessary steps to mitigate the impact.

We also encourage you to play a role in keeping your data secure. Ensure that any passwords or credentials are kept confidential and not shared. If you suspect any unauthorized access or encounter any security issues on our website, please notify us immediately.

8. Cookies and Usage Tracking

Our website uses cookies and similar tracking technologies to enhance user experience and to collect information about how our site is used. Cookies are small text files placed on your device (computer, smartphone, etc.) by websites that you visit. They allow the website to recognize your device and remember certain information about your visit – for example, your preferred language or other settings, so you don’t have to re-enter them on each visit. Cookies also help in providing features like remembering what’s in your shopping cart, if our site had e-commerce (ours does not, but cookies might remember form inputs or other preferences temporarily).

Here is an overview of the types of cookies and tracking technologies we use:

  • Essential Cookies: These cookies are necessary for the site to function correctly. They enable core functionality such as security, network management, and accessibility. For instance, if our site has a login area or a contact form, essential cookies might be used to maintain your session or remember the information you enter as you navigate between pages. These cookies do not require consent, as they are needed for the service you requested (the website) to work properly.

  • Marketing Cookies: Our site may integrate content and services from third parties, such as videos, social media plugins (like a Facebook “Like” button or Instagram feed), or Google Maps for location. These third parties might set cookies on your device when you interact with them on our site. Additionally, if we ever run online advertising or remarketing campaigns, cookies could be used to track your browsing across sites to show you relevant ads. Currently, we do not host third-party ads on alphavet.gr, but we do have social media presence which might involve cookies when you click those links. Cookies set by platforms like Facebook and Instagram could collect information about your device and browsing behavior for advertising purposes. Such cookies will only be used on our site with your consent, and you can opt out. Be aware that third-party cookies are subject to the privacy policies of those third parties. We recommend reviewing Facebook’s and Instagram’s privacy policies to understand how they use information collected via cookies. We strive to anonymize or limit the data sent to third parties (for example, our social media plugins may use cookies only after you interact with them).

Upon your first visit to our site, you will see a cookie consent banner or pop-up that allows you to accept or decline non-essential cookies. You can choose to accept all cookies, reject non-essential ones, or customize your preferences. If you accept some or all cookies and later change your mind, you can adjust your preferences at any time. This can typically be done by clicking a “Cookie Settings” link on our site or by clearing cookies in your browser and revisiting our site to bring up the consent banner again.

In addition to using our site’s tools, you can manage cookies via your browser settings. Most web browsers allow you to see what cookies are stored and to delete them, and also to block cookies from all or specific sites. You can find more information on aboutcookies.org on how to control and delete cookies in various browsers. Please note, however, that if you disable cookies entirely, some parts of our website might not function properly.

For detailed information on each cookie and tracker in use (names, purposes, duration, providers), please refer to our dedicated Cookie Policy page. By continuing to use our website with cookies enabled in your browser (after having been presented with our cookie notice), we assume you consent to our use of cookies as described.

9. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us. We are here to help and address any issues you may have. You can reach the Data Controller (Alphavet) at:

Alphavet – Veterinary Imaging Center
Address: Filosofon 40 & Agraulis, 14564 Nea Kifissia, Athens, Greece
Phone: +30 210 620 1459
Email: info@alphavet.gr

When contacting us with a data-related request, please provide your name and a clear description of your query or request (for example, if you are requesting access to your data, specify what information you are seeking). We may need to verify your identity for certain requests, but we will respond as soon as possible and no later than one month, in line with our obligations.

We will gladly assist you with exercising any of your rights described in Section 5, or with providing additional information you may need about our processing activities. Our aim is to be transparent and helpful regarding your personal data.

If you feel that we have not adequately addressed your concerns or your data protection rights have been infringed, you also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) or your local supervisory authority. The HDPA can be contacted at 210-6475600 and more information is available on its website (www.dpa.gr). We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please consider reaching out to us first. We value your trust and will do our utmost to ensure your personal data is secure and your privacy is respected.

Last Updated: September 2025. This Privacy Policy may be updated from time to time to reflect changes in our practices or legal requirements. We will post any changes on this page and indicate the revision date. We encourage you to review this Policy periodically