Privacy Policy

Ortho Reform respects your privacy and is committed to protecting your personal data. We have written this Privacy Policy in clear, plain language to explain how we collect, use, and safeguard your information when you use our website. Our clinic is based in Greece, and we comply with the European Union's General Data Protection Regulation (GDPR) and Greek data protection laws.

No Cookies or Trackers: This website does not use any cookies, tracking tools, analytics, or third-party scripts. The only personal data we collect is what you choose to give us via our contact form (for example, when booking an appointment).

Consent via Contact Form: Before you submit the contact form, we will ask you to check a box stating “I agree to the Privacy Policy.” (This checkbox provides a link to this Privacy Policy so you can read it first.) By ticking this box and submitting the form, you confirm that you have read and accepted how we will handle your data, as explained below.

The only personal data we collect through our website is the information you provide when you fill out our appointment contact form. Specifically, we may ask for:

• First Name and Last Name: So we know who you are and how to address you.
• Email Address: To contact you with information or confirmation about your appointment request.
• Phone Number: To call or text you if needed for scheduling or urgent communication about your inquiry.
• Message: Any additional details you choose to provide about your appointment request or question.

We collect this information only so that we can respond to your inquiry, schedule the appointment you requested, or provide the information you need. Providing this data is voluntary, but if you don't provide the necessary contact details, we won't be able to get in touch with you or book the appointment.

Please do not include any sensitive personal or medical information in the message field. The contact form is intended for general inquiries and appointment requests only. For any detailed medical information or personal health issues, please speak directly with our medical staff in person or via a secure channel. This is to protect your privacy, since email is not intended for sharing confidential health details.

Under the GDPR, we must have a legal reason (lawful basis) to collect and use your personal data. For the contact form on our site, our lawful bases are:

• Consent: By checking the “I agree to the Privacy Policy” box and submitting the form, you give us your consent to process (use) your information for the purposes described. This consent is clear and voluntary.
• Legitimate Interest: We have a legitimate interest in responding to people who contact us for our services. If you request an appointment or information, it's in both your interest and ours to use your data to reply and assist you. This is another legal basis under GDPR for us to handle your data in the context of your inquiry.

We only use your data in ways you would expect when contacting a medical clinic. You have the right to withdraw your consent at any time (see Your Rights below), but note that if you do so, we will not be able to continue communication unless we have another lawful basis to rely on.

We use the personal information you provide only for the following purposes:

• To contact you in response to your inquiry or appointment request (for example, replying to your email or calling you if you provided a phone number).
• To schedule, confirm, or manage an appointment that you asked for.
• To provide information or answer questions you have asked about our medical services.

We do not use your data for any other purpose. We will never use your information for marketing, advertising, or newsletters, and we will not send you any unrelated communications you didn't ask for. We also never sell or share your personal information with marketers or other companies.

Additionally, we do not use your data for any kind of automated decision-making or profiling. Every decision or communication involving your data (such as confirming an appointment) is done by our human staff, not by algorithms.

When you submit the contact form, your information is sent directly to our clinic's email inbox. We use a secure email service (a premium Gmail account through Google Workspace) to receive and manage these messages. This means your form submission is stored as an email in our Gmail inbox. Google Workspace is a professional service that meets European data privacy standards (GDPR-compliant) and it stores data securely on Google's servers.

We take appropriate measures to protect your personal data. Our website is encrypted using HTTPS, so the information you send through the form is transmitted securely. Our email systems are protected with strong passwords and security protocols. We also keep our devices and network secure to prevent unauthorized access to your information.

Only authorized clinic staff can access the contact form submissions in our email. This typically includes our front-desk staff responsible for scheduling and the medical professionals who will attend to your appointment. All staff members are bound by confidentiality agreements and the ethical duties of patient privacy. We treat your personal information with the same care as we treat medical records.

We do not share your personal data with any third parties. Your information stays within our clinic. The only external service involved is our email provider (Google), which simply stores and forwards the emails for us. Google does not access or use the content of our emails for any purpose other than delivering and storing them. Aside from that, we do not give anyone outside the clinic access to your details. We also do not use any third-party cloud databases or external tools to store your data — everything is contained in our secure email system.

We keep your personal data for only as long as necessary to fulfill the purposes we collected it for (responding to you and scheduling your appointment). We do not keep your information indefinitely.

For contact form inquiries, we will typically retain the email (with your name and contact details) for no longer than 12 months after our last interaction with you. Keeping the email for a short period helps us refer to our conversation if you contact us again or have a follow-up question within that time. After that period, we will delete the email and any personal data contained in it.

We may keep your information for a longer period only if it is necessary for an ongoing service you are using or if we are required by law to retain it. For example, if you end up scheduling an appointment and receiving treatment, we might need to retain certain information as part of our medical records obligations. In all cases, we will not keep data longer than needed.

You also have the right to ask us to delete your information at any time. If you request deletion (see Your Rights below), we will erase your personal data from our records (unless we are legally required to keep it for a certain time).