Loading
Last updated: March 2026
This website is operated by Vasiliki Koumantaki, Clinical Psychologist, based in Ilioupoli, Athens, Greece. As the data controller, I am responsible for the personal data collected through this website.
When you submit the request form on this website I collect your name, email address, an optional phone number, the reason you are contacting me (selected from a fixed list), and the free-text message you choose to write. If you select a therapy-related reason, the message you write may include health-related information — I only see what you voluntarily choose to share in that field.
When you submit the request form I also record a one-way hashed identifier derived from your IP address (the raw address is not stored) and a truncated copy of your browser user-agent string. This metadata is used only for fraud prevention and abuse investigation, and is automatically deleted 90 days after submission.
I use your personal data to respond to your request, schedule and manage appointments where relevant, send confirmations and reminders, and communicate with you about your enquiry or sessions. For non-therapy enquiries (business, media, supervision, or general questions) the data is used solely to respond to your message.
General personal data (name, email, phone, message content, technical metadata) is processed on the basis of your explicit consent under GDPR Art. 6(1)(a), given when you tick the consent checkbox on the request form. For therapy-related enquiries, any health information you include in your message is a special category of personal data under GDPR Art. 9. I process this information only on the basis of your explicit consent under Art. 9(2)(a), given when you tick the second, dedicated health-data consent checkbox. You may withdraw either consent at any time by contacting me using the details below.
Submission records are retained while they remain operationally relevant (typically until your enquiry is resolved, or a therapy relationship is concluded). Where you become a client, clinical records are retained for the period required by Greek healthcare regulations (commonly ten years). Technical metadata (hashed IP and user-agent) is automatically deleted after 90 days. If you request deletion of non-clinical data, I will comply within 30 days, except where retention is required by law.
Your submission is stored on my hosting provider (Railway) and the transactional emails are sent through a third-party email provider (Resend). Both act as data processors on my behalf under appropriate contractual safeguards. Your data is not shared with anyone else, is not used for marketing, and is not sold.
Under the General Data Protection Regulation (GDPR), you have the right to: access your personal data, request correction of inaccurate data, request deletion of your data, request restriction of processing, data portability, and object to processing. For special-category health data you may additionally withdraw your Art. 9(2)(a) consent at any time. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA / ΑΠΔΠΧ) at www.dpa.gr.
This website uses only essential cookies required for the site to function (session management and language preference). I do not use any tracking, analytics, or advertising cookies.
For any questions about this privacy policy, to exercise your rights, or to withdraw a consent, please contact me at [email protected] or call 210 9968965.