Privacy Policy - GDPR

Last Updated: January 2026

I. Introduction

Dr. Danae Deligeorgi (hereinafter "Psychopedagogue") and the Associates of the "Φ" Center for Cognitive Development, which operates under her scientific guidance and supervision, provide in-person or online services supporting individuals and families with neurodivergences, specializing in the neurodivergence of giftedness. With respect for the privacy of learners and prioritizing the secure management and protection of their personal data, Dr. Deligeorgi has established and implements this Personal Data Protection Policy (hereinafter "Privacy Policy"), which sets out the fundamental principles and basic rules for ensuring lawful, fair, and transparent processing of personal data of clients, service users, candidates, and other subjects, in accordance with applicable national and EU legislative framework. The Policy provides complete information on the collection, processing, storage, and protection of data within the framework of the contract or legal relationship between clients, Dr. Danae Deligeorgi, and the Associates of the "Φ" Center for Cognitive Development.

II. Scope of the Data Protection Policy

This Policy aims to implement technical and organizational measures to ensure compliance of Dr. Danae Deligeorgi and the Associates of the "Φ" Center for Cognitive Development with GDPR and national data protection legislation. The Policy applies to all data subjects, whether existing or future clients, as well as individuals who have withdrawn, when their data is retained for lawful purposes. The goal is transparent data processing, providing complete, clear, and appropriate information regarding: the lawful purpose of collection and processing, sources of collection and retention period, data recipients, subject rights and how to exercise them, as well as data protection measures.

III. Legal Framework for Personal Data Protection

Since May 2018, the General Data Protection Regulation (GDPR, EU 2016/679) has been in effect, establishing a unified framework for the protection of natural persons against the processing of personal data, strengthening the fundamental right to privacy and ensuring the free flow of data within the EU. In parallel, Dr. Danae Deligeorgi and the Associates of the "Φ" Center for Cognitive Development apply national legislation, such as Law 4624/2019, and other applicable provisions.

IV. Data Controller

Dr. Danae Deligeorgi is the data controller for the collection, storage, and processing of personal data of clients, users, and visitors to the website, as well as participants in online or in-person sessions. Contact email is [email protected].

V. Definitions

For the purposes of this Policy, the definitions of Article 4 of the GDPR apply, such as: "Personal Data", "Processing", "Data Controller", "Processor", "Recipient", "Third Party", "Consent", "Data Breach", and "Special Categories of Data", including data collected in the context of conducting sessions. Specifically:

Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.

Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Special categories of personal data or "sensitive data" means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. This also includes data concerning criminal convictions and offenses.

VI. Categories and Methods of Data Collection

We collect and process categories of personal data concerning you and, when required, third parties. These may include:

A) Identity information, such as full name, patronymic, date of birth, age, gender, and profession, as well as contact information, such as phone number, residential address, and email address.

B) Financial data related to payment method, card type, transaction amounts, and information on financially responsible persons.

C) Third-party information, such as spouses, children, persons exercising custody, persons authorized to receive assessments or expert opinions, and persons mentioned during sessions, which may include full name, contact information, health data, education, social life, family status, and demographic data.

D) Family status information such as married, single, divorced, or widowed, number and type of children (biological, adopted, or partner's children), and possible family dysfunctions, such as alcoholism, gambling, or domestic violence.

E) Assessment results of personality and cognitive functions, neuropsychological tests, school readiness assessments, learning abilities, memory, as well as emotional profile findings.

Collection is made either directly from you or from third parties, through both physical and electronic means. Indicatively, we mention the following methods of personal data collection:

  • During electronic session scheduling.
  • During online or in-person sessions.
  • Through completion and submission of applications, questionnaires, etc.
  • During diagnostic assessments.
  • During test assessments.
  • During expert opinion procedures.
  • During your communication with us, whether by phone and/or through our website or via email.
  • When browsing our website (cookies).
  • During your payment.
  • When you submit any request to us.
  • From your interaction with us through our social media pages.
  • When you submit a request to receive a newsletter.

VII. Lawfulness of Processing

The collection and processing of your personal data is carried out in full compliance with the law, with transparency and respect for the principles of lawful, proportionate, and secure processing. Data is used only for purposes that are necessary and limited according to service needs, ensuring confidentiality and integrity.

The basic legal grounds that allow the processing of your data include:

  • Provision of services undertaken by the Psychopedagogue and her Associates upon your assignment.
  • Protection of vital interests, in cases where you cannot provide consent.
  • Prior public disclosure of data.
  • Performance of contractual obligations, e.g., session scheduling or conducting assessments, including the pre-contractual stage.
  • Provision of your explicit consent, where required.
  • Protection of the legitimate interests of the Psychopedagogue and her Associates.
  • Compliance with legal obligations, such as tax or regulatory requirements for personal data protection.
  • Conducting research or statistical analysis, always with anonymized data or with names following your written consent.

VIII. Transfer of Personal Data to Third Parties

For the proper provision of services and fulfillment of our obligations, the Psychopedagogue may share your personal data with third parties only to the extent necessary for the purpose of the transfer. Third parties are contractually bound to use the data exclusively for this purpose and to ensure adequate protection measures. Some are additionally subject to professional confidentiality and deontological obligations.

Specifically, your data may be shared with:

  • Scientific associates for assessments, expert opinions, or sessions, following your notification and consent. In some cases, Dr. Deligeorgi and the Associates act jointly as data controllers.
  • Technical or online service partners for organizing online sessions and their scheduling.
  • Legal representatives, parents, or guardians, where required by the Code of Ethics.
  • Competent authorities or persons in case of emergency and in case of unlawful acts against the Psychopedagogue, her Associates, or third parties.
  • Health professionals or scientists, when related to the provision of services to the patient, always in accordance with deontological rules.
  • Administrative staff, for organizational matters, archiving, or sending results, with limited access and confidentiality obligation.
  • Judicial, police, or other public authorities, upon their lawful request and in accordance with applicable legislation.

IX. Purpose of Processing

Your personal data is processed for specific, clear, and lawful purposes, regardless of the reason for their collection. Specifically, your data is processed by the Psychopedagogue for the purpose of providing you in-person or online services supporting neurodivergences, specializing in the neurodivergence of giftedness.

Also, your personal data is used by specialized scientific associates of Dr. Deligeorgi, who conduct tests, sessions, or assessments, bound by professional confidentiality, for the purpose of supporting the provision of the above services. Furthermore, your data is processed for the implementation of tests and assessments within the framework of the above services.

They are also used for organizing and scheduling sessions or communication, sending assessment results, tests, or expert opinions, as well as for any other communication necessary for the proper provision of our services.

Data is also processed for compliance with legal obligations, such as the application of tax legislation, adherence to deontology, and compliance with the General Data Protection Regulation. In this context, closed-circuit television and security cameras may be used for the protection of persons, facilities, and materials.

Furthermore, your personal data is processed for managing and securely executing financial transactions, sending newsletters, and for managing your requests, whether they concern personal data matters or the quality of your service. Data is also used for extracting statistical information after anonymization and for research purposes, as well as for conducting clinical studies or other scientific programs, always after anonymization or with your explicit consent. Finally, data is retained for maintaining physical and electronic files with your history for the above purposes.

X. Retention Period of Personal Data

Your personal data will remain registered and usable for as long as you continue to receive our services. After the completion of these services, data will be retained for a period proportional to their nature and processing purpose.

In case you request the deletion of your data, the possibility of satisfying your request will be evaluated, within the framework of our legal obligations and commitments.

Specifically, data retention is as follows:

  • Assessment test results will be stored for up to 15 years after their completion and possible delivery to you upon your request.
  • Information concerning expert opinions will be retained for 15 years from the completion of the corresponding work.
  • Financial information and records will be retained for 10 years, in accordance with tax and accounting obligations set by legislation.
  • Email addresses used for sending newsletters will be retained for 3 years from your last interaction, unless you have withdrawn your consent, in which case processing stops immediately.

In some cases, data may be anonymized for statistical or research purposes, resulting in no longer being linked to an identifiable person. Such information may be used for an unlimited period.

In any case, all personal data is stored with strict security measures, in order to ensure confidentiality and integrity.

XI. Basic Processing Principles

Processing is based on the principles of: lawfulness, transparency, purpose limitation, data minimization, accuracy, security, and storage limitation. The Psychopedagogue ensures protection of data from loss, destruction, or unauthorized access, and facilitates the exercise of the rights of these subjects.

XII. Data Subject Rights

When you submit personal data within the framework of our services, you retain specific rights regarding the manner of their processing. Specifically:

  • Right of access: You may request information about what personal data we process, for what reason, to whom we share it, whether we transfer it outside Greece, how it is protected, and to give you access to any data you do not have available. Access is provided following submission of an electronic request to [email protected], which will be answered within a reasonable time period.
  • Right to rectification: You have the ability to request the correction of incorrect, incomplete, or outdated data. We may contact you to verify accuracy before proceeding with the correction.
  • Right to erasure: You may request the deletion of your personal data, provided there is no legal obligation or other lawful reason for continuing their processing or if they are no longer necessary for the above-mentioned processing purposes. However, the right to erasure/right to be forgotten may not be satisfied if:
    • there is a pending dispute or legal conflict of the user with the Psychopedagogue and her Associate.
    • scheduled sessions have not been completed.
    • there are debts of the subject.
    • the subject has abused their rights within the last two years.
    • this is required for the fulfillment of tax obligations.
  • Right to restriction of processing: You may request that the use of your data be restricted in cases where: their accuracy is disputed, processing is unlawful but you do not wish deletion, or the data is no longer necessary for the original purpose but is required for legal reasons or another legal basis.
  • Right to object: The data subject may object to the processing of their data or withdraw their consent, and Dr. Deligeorgi and her Associates will stop processing their data, unless there are other compelling and lawful reasons that override the data subject's right to object.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time for future use of the data. It is clarified that withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to data portability: When processing is based on consent and automated means are used, you may request your data in machine-readable format or to transfer it directly to another data controller. This right applies only to data you provide yourself.
  • Right not to receive commercial messages: You may request that your data not be used for direct promotion of products or services.
  • Right to lodge a complaint: You may lodge a complaint with the competent supervisory authority. In Greece, this is the Hellenic Data Protection Authority (HDPA, www.dpa.gr, phone: +30 210 6475600, Fax: +30 210 6475628, e-mail: [email protected], postal: Kifisias 1-3, P.C. 115 23, Athens).

Request Procedure

All requests regarding the above rights may be submitted via electronic message to the mentioned address of the data controller. To respond effectively, please provide accurate information and a clear description of the request.

Response Time

We aim to respond within one (1) month from receipt of the request. In cases of great complexity or multiple requests, the response may be extended up to three (3) months, with notification to you of the reasons for the delay.

Costs

The exercise of your rights is free, unless the request is unfounded or excessive, in which case a reasonable fee may be imposed, taking into account the administrative costs for providing the information or executing the requested action, or the request may not be satisfied.