Privacy Policy

This Privacy Policy explains how Elevated Medicine ("the site," "we," "us") collects and uses information from visitors. Elevated Medicine is a personal educational publication written by Dr. Katerina Katsiki, a Greek-licensed physician based in Athens.

This Privacy Policy is intended to meet the requirements of the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and Greek data protection law (N. 4624/2019). Reading this policy will take you a few minutes. We have written it in plain language because we believe transparency matters.

The data controller for this site is:

Dr. Katerina Katsiki, MD
Athens, Greece
Contact: info@elevatedmedicine.ai

For any question about your data, write to the email above. We will respond within thirty days, as required by GDPR.

We collect the following categories of personal data:

Email address. When you subscribe to the newsletter, complete the Lifestyle Medicine assessment, or contact us through any form on the site, we collect your email address. We collect only your email, not your name, unless you choose to provide it.

Assessment responses. If you complete the Lifestyle Medicine assessment, your responses are processed to generate your personal score. We may store aggregated, anonymized assessment data for research and editorial purposes.

Usage data. We use Plausible Analytics, a privacy-friendly EU-hosted analytics service, to understand how visitors interact with the site. Plausible does not use cookies, does not track individuals across sites, and does not collect personally identifiable information. The data collected includes page views, time on page, scroll depth, country-level geographic location, referring source, and device type.

We do not collect health information about you, payment information, or any other sensitive personal data unless you voluntarily include such information in a message you send to us. If you do include sensitive information in a message, we will treat it confidentially and use it only to respond to your question.

Each category of data serves a specific purpose:

Email address for communicating with you. We use your email to send you the newsletter you subscribed to, to deliver your personal assessment results if you completed the assessment, and to respond to messages you send us. We do not sell, rent, or share your email with any third party for marketing purposes.

Assessment responses for generating your results. Your responses are processed to calculate your personal score. Aggregated anonymized data may be used to improve the assessment over time and may inform future editorial content. Individual responses are not shared with anyone outside Elevated Medicine.

Usage data for improving the site. We use anonymized usage data to understand which content is most useful to readers, to identify technical issues, and to inform editorial decisions about what to write next.

Under GDPR, we process your data on the following lawful bases:

Consent. When you subscribe to the newsletter or complete the assessment, you give us specific, informed consent to process your email and responses. You can withdraw this consent at any time by unsubscribing or contacting us.

Legitimate interest. We have a legitimate interest in understanding how our site is used and in improving the editorial content we publish. This processing uses privacy-friendly analytics and does not involve tracking individuals.

We use the following third-party services to operate the site. Each has its own privacy obligations:

Mailchimp (The Rocket Science Group LLC, USA). We use Mailchimp to send newsletters and manage email subscriptions. When you subscribe, your email is transferred to and processed by Mailchimp in the United States. Mailchimp is GDPR-compliant and operates under Standard Contractual Clauses approved by the European Commission for international data transfers. Mailchimp's privacy policy is available at mailchimp.com/legal/privacy.

Lovable (Lovable AB, Sweden). Lovable hosts the technical infrastructure of the site. Lovable is GDPR-compliant and EU-based, so no international data transfer is involved.

Plausible Analytics (Plausible Insights OÜ, Estonia). Plausible provides our analytics. It is EU-based, GDPR-compliant by design, and does not use cookies or collect personal data.

We do not use any other third-party services that process your personal data.

Because Mailchimp is based in the United States, your email address is transferred outside the European Economic Area when you subscribe to the newsletter. This transfer is legally protected under Standard Contractual Clauses (SCCs) approved by the European Commission. Mailchimp also self-certifies under the EU-US Data Privacy Framework.

If you do not wish your data to be transferred to the United States, please do not subscribe to the newsletter. The educational content on the site is freely accessible without any data transfer.

Newsletter subscribers: We keep your email for as long as you remain subscribed. When you unsubscribe, your email is removed from our active mailing list within thirty days, and from Mailchimp's records according to Mailchimp's retention policies.

Assessment responses: Individual responses are retained for the duration of your subscription. Aggregated anonymized data may be retained indefinitely for research and editorial purposes.

Contact messages: Messages you send us are retained for as long as needed to respond and to maintain a record of correspondence, typically two years.

Analytics data: Plausible aggregates and anonymizes data automatically. No individual identifiers are retained.

You have the following rights regarding your personal data:

Right of access. You can ask us what data we hold about you. We will provide it within thirty days.

Right to rectification. You can ask us to correct any inaccurate data we hold about you.

Right to erasure ("right to be forgotten"). You can ask us to delete your personal data. We will do so unless we have a legal obligation to retain it.

Right to restrict processing. You can ask us to limit how we use your data.

Right to data portability. You can ask us to provide your data in a structured, machine-readable format so you can transfer it to another service.

Right to object. You can object to our processing of your data, particularly for marketing purposes.

Right to withdraw consent. Where we process your data based on consent, you can withdraw that consent at any time.

To exercise any of these rights, email us at info@elevatedmedicine.ai. We will respond within thirty days.

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Hellenic Data Protection Authority:

Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
Kifisias Avenue 1-3
115 23 Athens, Greece
www.dpa.gr

You may also lodge a complaint with the data protection authority in your country of residence if you are based elsewhere in the EU.

This site is intended for adults. It is not directed at children under sixteen years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us and we will delete it.

We use Plausible Analytics, which does not use cookies and does not track individuals. We do not use advertising trackers, social media pixels, or any other cross-site tracking technology.

If you sign up for the newsletter or complete the assessment, our systems may set technical cookies necessary for the form to function correctly. These are not used for tracking and expire when you close your browser.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated to newsletter subscribers by email. We encourage you to review this policy occasionally.

For any question about this Privacy Policy or about how your data is handled, write to:

info@elevatedmedicine.ai