1. Privacy Policy

Last updated: May 2026

1.1 Introduction

This Privacy Policy describes how Chariklia (Lilika) Vergi, operating as a sole trader under the trading name Lilika Vergi – Counselling & Psychotherapy, collects, processes, stores and protects your personal data when you visit lilikavergi.com or use the mental health counselling services offered through this website.

The protection of your personal data is a core value of this professional practice. All processing is carried out in full compliance with Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR) and applicable Greek and European law.

1.2 Data Controller

Name: Charikleia (Lilika) Vergi

Trading name: Lilika Vergi – Counselling & Psychotherapy

Address: Agias Varvaras 57, Patras 265 04, Greece

Email: [email to be completed]

Phone: [phone to be completed]

Website: www.lilikavergi.com

1.3 Data We Collect

1.3.1 Data you provide directly

• Full name and contact details (email, phone)

• Information you share when booking an appointment or completing the contact form

• Health and mental health information shared in the context of counselling sessions — classified as a special category of personal data under Article 9 GDPR

• Payment information (processed via Revolut Pro — we do not store full card details)

1.3.2 Data collected automatically

• IP address, browser type, device type

• Pages visited and time spent on the site

• Data collected via cookies (see Cookie Policy, Section 3)

1.4 Legal Basis for Processing

• Consent (Article 6(1)(a) GDPR) — for newsletter subscriptions and non-essential cookies

• Contractual necessity (Article 6(1)(b)) — for processing data required to provide the counselling service

• Legal obligation (Article 6(1)(c)) — for compliance with applicable professional and tax law

• Legitimate interests (Article 6(1)(f)) — for website analytics and security

• Explicit consent for special category data (Article 9(2)(a)) — for mental health information shared during sessions

1.5 How We Use Your Data

• Appointment scheduling and session management

• Communication before, during and after the therapeutic relationship

• Professional record-keeping in accordance with the Hellenic Counselling Association Code of Ethics

• Payment processing

• Website functionality and improvement

• Newsletter and informational updates (only with your explicit consent)

1.6 Confidentiality & Professional Secrecy

All information shared within the therapeutic relationship is treated as strictly confidential and is protected by professional secrecy, in accordance with the Hellenic Counselling Association Code of Ethics.

Exceptions — the only circumstances in which confidentiality may be broken are:

• Immediate risk to life (yours or another person's)

• Legal obligation under court order

• Mandatory reporting under Greek law

In all other cases, information is never shared with third parties without your written consent.

1.7 Data Sharing

Your data is not sold or rented to third parties. It may be shared with:

• SimplyBook.me — appointment management platform (GDPR compliant)

• Revolut Pro — payment processing

• Hosting provider (Hostinger) — website hosting (GDPR compliant)

• Professional supervisors or supervisory bodies — only in anonymised form, as required by professional standards

All third-party providers have been assessed for GDPR compliance.

1.8 International Transfers

Services are offered to Greek-speaking clients worldwide. Where data is transferred outside the European Economic Area, appropriate safeguards are applied (Standard Contractual Clauses or equivalent) in accordance with Chapter V GDPR.

1.9 Retention Periods

• Therapeutic records: retained for 5 years after the last session, in accordance with the Hellenic Counselling Association Code of Ethics

• Financial records: retained for 10 years in accordance with Greek tax law

• Contact / website enquiry data: retained for 12 months

• Newsletter subscriber data: retained until you withdraw consent

1.10 Your Rights

Under GDPR, you have the following rights:

• Right of access — to receive a copy of your personal data

• Right to rectification — to correct inaccurate or incomplete data

• Right to erasure ('right to be forgotten') — subject to legal and professional retention obligations

• Right to restriction of processing

• Right to data portability

• Right to object to processing

• Right to withdraw consent at any time (without affecting prior processing)

To exercise any of these rights, please contact: [email to be completed]

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr, Tel: 210 6475600.

1.11 Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction. Video sessions are conducted via end-to-end encrypted platforms. All data is stored on secure servers.

1.12 Policy Updates

This policy may be updated periodically. Material changes will be communicated via the website. The date of the last update appears at the top of this page.