Legal

GDPR Compliance

Last updated: February 2026

1. Our Commitment

MedGemma IATRIKI TECHNOLOGIA & KAINOTOMIA P.C. (GEMI No.: 191929003000, Vasileiou Voulgaroktonou 16, 12462 Haidari, Greece), hereinafter "MEDGemma", is fully committed to compliance with the European Union's General Data Protection Regulation (GDPR). We implement appropriate technical and organizational measures to protect the personal data we process and ensure that all processing is carried out in accordance with the principles of the Regulation.

2. Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

  • Consent: When you have given us explicit consent for a specific purpose
  • Contract performance: When processing is necessary for the performance of a contract with you
  • Legal obligation: When required to comply with a legal obligation
  • Legitimate interest: When processing is necessary for our legitimate interests, provided your rights do not override them

3. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you
  • Right to rectification: You can request the correction of inaccurate or incomplete data
  • Right to erasure: You can request the deletion of your personal data under certain conditions
  • Right to restriction: You can request the restriction of processing of your data
  • Right to portability: You can receive your data in a structured, commonly used format
  • Right to object: You can object to the processing of your data for specific purposes

4. Data Protection Officer

For any data protection related matters, you can contact our Data Protection Officer at info@med-gemma.com.

5. International Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

6. Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. If the breach is likely to pose a risk to your rights and freedoms, we will also inform you without undue delay.

7. Contact

For questions about GDPR compliance or to exercise your rights, contact us at info@med-gemma.com. Postal address: Vasileiou Voulgaroktonou 16, 12462 Haidari, Greece.