Skip to content Skip to footer
145 74 Athens, Greece |5708 Voss, Norway
info@anastasiaolympiou.com
+47 939 95 477 |+30 698 065 5183
Make an appointment
0 items - 0.00 kr 0
HomePrivacy Policy
Close

Privacy Policy 

Last updated: [18 February 2026]

1. Who is responsible for your personal data (Data Controller)

This website and the services described here are operated under the name Anastasia Olympiou (“the Provider”, “we/us” in this Policy).

Data Controller: Anastasia Olympiou
Website: https://anastasiaolympiou.com
Email: info@anastasiaolympiou.com
Business address: Available on request
Country of establishment: Norway

Personal data is processed in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, as incorporated in Norway through the Norwegian Personal Data Act (personopplysningsloven).

2. Scope of services and professional status

a) Services delivered in Norway
In Norway, services are provided strictly as education, seminars, and training in mental wellbeing and psychological skills, together with health coaching guidance. These services are not provided as regulated healthcare under Norwegian law. No psychotherapy, diagnosis, clinical assessment, or services under the protected title “psychologist” are offered in Norway.

b) Health Coaching (Norway and international)
Anastasia Olympiou is registered in Norway as a Health Coach (Helse Coach) and may provide health coaching services in Norway and internationally. Health coaching is delivered within an educational and coaching framework focused on wellbeing skills, self-regulation, lifestyle habits, stress management, and health-related behaviour change.

c) Online psychological counselling (Greece and EU/EEA where permitted)
Anastasia Olympiou is a practitioner psychologist registered in Greece. Psychological counselling under the professional title “psychologist” is provided online to clients located in Greece only where professional practice requirements are met and where invoicing/payment is lawfully arranged under Greek rules (including, where applicable, via a legally established invoicing structure). Requests from clients located in other EU/EEA countries are accepted only where permitted under the rules of the client’s country of residence and where any required recognition/registration has been completed. Where this is not permitted or not applicable, support is limited to health coaching and educational services.

3. Personal data protection and professional confidentiality

Applicable data protection law
Personal data is processed in accordance with applicable national and European/EEA data protection legislation, including the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, adopted on 27 April 2016 and applicable from 25 May 2018, and (where relevant) the Norwegian Personal Data Act (personopplysningsloven) implementing GDPR in Norway.

Professional confidentiality (Greece)
For psychological counselling provided under Greek registration, professional confidentiality applies in accordance with Greek legal and ethical requirements. Under Greek Law 991/1979, Article 9, confidentiality and anonymity are established within the professional ethics framework, including that:

  • Information learned or understood during the exercise of the profession must be kept confidential.

  • Breaches may be subject to sanctions under Article 371 of the Greek Criminal Code, including the relevant provisions referenced therein.

Professional and ethical frameworks followed
Practice is conducted in line with applicable professional standards and ethical frameworks, including:

  • the European framework on professional qualifications (Professional Qualifications Directive 2005/36/EC, as applicable),

  • the Code of Conduct of the Association of Greek Psychologists (SEPS), and

  • the Code of Ethics and Conduct of the British Psychological Society (BPS).

4. What personal data is collected

Depending on how the website is used, the following categories of data may be collected:

A. Website usage data (technical data)

  • IP address (may be collected by the server/logs), device and browser type, pages visited, time stamps, approximate location (derived from IP), and basic security/log data.

B. Contact and enquiry data

  • Name, email address, phone number (if provided), country of residence, and the content of the message.

C. Booking / seminar registration data (if applicable)

  • Name, email, billing details, attendance status, and any practical information required to deliver the seminar/training.

D. Payment and invoicing data (if applicable)

  • Invoice details and transaction references. (Payment card data is typically processed by the payment provider, not stored by us.)

E. Special category data (sensitive data)

  • Special category data (health-related information) should not be submitted via general website forms unless explicitly requested through a secure process.

  • For telehealth counselling offered to Greek residents, health-related information may be processed as part of service delivery with appropriate safeguards.

5. Purposes of processing and legal basis (GDPR)

Personal data is processed only for specific purposes and on a lawful basis under the GDPR.

A. To respond to enquiries and communicate

Purpose: To reply to messages, provide requested information, and follow up on enquiries.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) and/or consent (Art. 6(1)(a)) depending on the context and the nature of the request.

B. To provide educational services in Norway (seminars, training) and related administration

Purpose: Registration, attendance management, delivery of seminars/training, participant communication, and customer support.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).

C. To provide Health Coaching (Norway and international)

Purpose: To deliver health coaching services, manage scheduling and administration, communicate regarding coaching services, and provide relevant educational materials and guidance within a coaching framework.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)). Where consent is used for optional elements (e.g., newsletters), the legal basis is consent (Art. 6(1)(a)).

D. To provide online psychological counselling to clients located in Greece (where applicable)

Purpose: To deliver online counselling, manage scheduling/administration, and maintain necessary communication related to service delivery.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) and, where health-related information is processed, an applicable special-category condition under GDPR Art. 9 (for example explicit consent under Art. 9(2)(a), or another applicable basis depending on the specific service and legal requirements).
Additional clarification: Counselling services are offered to clients located in Greece only where professional requirements are met and where invoicing/payment is lawfully arranged under Greek rules.
Safeguards: Access limitation, confidentiality, secure systems, and data minimisation.

E. To ensure website security and prevent abuse

Purpose: To protect website integrity, detect and prevent abuse, and maintain security logs where necessary.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).

F. Analytics and improvement (only where consent is required and given)

Purpose: To understand website performance and improve content and usability.
Legal basis: Consent (GDPR Art. 6(1)(a)) for cookies/tracking where applicable, in line with Norwegian rules on cookies (ekomloven § 3-15).

6. Cookies and tracking technologies

Cookies are small text files stored on your device. Under Norwegian rules (ekomloven § 3-15), consent is required for non-essential cookies and similar tracking technologies.

Essential cookies may be used to make the website function properly (e.g., security, load balancing, basic functionality). These do not require consent.

Non-essential cookies (e.g., analytics, marketing) are used only if consent is provided through the cookie banner/settings. Consent can be withdrawn at any time by adjusting cookie settings.

If Google Analytics or similar tools are used, they are configured to respect consent choices and to limit data where possible (e.g., IP anonymisation where applicable).

7. Embedded content (third-party services)

Pages may include embedded content (e.g., YouTube, Instagram). Embedded content may behave as if you visited the third-party website directly and may set cookies or collect data according to that provider’s policies. Non-essential embedded content should be loaded only after consent where required by cookie rules.

These third-party services may collect data about visitors, use cookies or similar tracking technologies, and monitor interaction with the embedded content—particularly if the visitor has an account with that service and is logged in.

Where required under Norwegian cookie rules and GDPR, embedded content that uses non-essential cookies/tracking is configured to load only after consent has been provided through the cookie banner/settings.

The following third-party services may be used for embedded content:

Facebook / Meta
Embedded Facebook content (such as a page plugin or feed) is provided by Meta. Meta’s own privacy and cookie policies apply. Where applicable, such content is not loaded until consent is provided.

Instagram / Meta
Embedded Instagram content (such as a feed or posts) is provided by Meta. Meta’s own privacy and cookie policies apply. Where applicable, such content is not loaded until consent is provided.

YouTube (Google)
Embedded YouTube videos are provided by Google. YouTube’s own privacy and cookie policies apply. Where applicable, videos are not loaded until consent is provided.

8. Who receives your data (processors and third parties)

Personal data may be processed by trusted service providers (data processors) to run the website and deliver services. Examples may include:

  • website hosting provider, One.com

  • email provider, One.com

  • booking/registration provider, Bookly.com

  • payment/invoicing provider, Fiken.no

  • analytics provider (only with consent where required), Google.com.

Each processor is subject to appropriate data processing agreements where required.

No personal data is sold to third parties.

9. International transfers

Data may be stored or processed in Norway, the EEA, or other jurisdictions depending on your providers. Where personal data is transferred outside the EEA, an approved transfer mechanism is used (for example Standard Contractual Clauses) and additional safeguards are applied as necessary.

(Note: references to the “EU/US Privacy Shield” should be removed, as it is not a valid GDPR transfer mechanism.)

10. Data retention (how long data is kept)

Personal data is retained only for as long as necessary for the purposes described in this Policy, unless a longer or shorter period is required by law.

A typical retention approach may be:

  • Enquiry emails/contact messages: e.g., up to 24 months from last contact

  • Seminar/training admin records: e.g., up to 24 months, or longer for accounting obligations

  • Invoices/accounting data: retained according to applicable accounting laws

  • Website logs: e.g., 30–180 days unless required for security investigations

Retention periods can be refined based on your actual systems.

11. Security measures

Appropriate technical and organisational measures are used to protect personal data, including:

  • encrypted connections (SSL/HTTPS),

  • access controls and strong authentication,

  • minimisation of stored data,

  • secure hosting practices,

  • regular updates and monitoring.

In the event of a personal data breach, required notifications will be made to relevant authorities and affected individuals in accordance with GDPR.

12. Your rights under GDPR

Subject to legal conditions, you have the right to:

  • access your personal data,

  • correct inaccurate data,

  • request deletion (“right to be forgotten”),

  • restrict processing,

  • object to processing based on legitimate interests,

  • withdraw consent (where processing is based on consent),

  • data portability (where applicable).

Requests can be made by emailing: info@anastasiaolympiou.com. Identity verification may be required before completing a request.

Right to complain:
Complaints may be submitted to the Norwegian Data Protection Authority (Datatilsynet) or to the supervisory authority in your country of residence.

13. RELEASE OF YOUR DATA FOR LEGAL PURPOSES

At times it may become necessary to the Psychologist, for legal purposes, to release your information as permitted or required by law in response to a court order, public order or order of any person or administrative body with legal authority to compel disclosure of such information. If we have reasonable grounds to believe that your Personal Data might be useful in investigating improper or illegal activity, we may disclose such information to law enforcement agencies or other appropriate research authorities.

You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.

Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.

14. Children (minors)

The website and services are not intended for children under 18 unless explicitly stated for specific educational offerings with appropriate parental/guardian involvement. Where parental consent is required, it must be obtained before any personal data is submitted.

This website and the services described are intended for adults (18+). Psychological counselling (where applicable) and coaching/educational services are not directed at minors.

Persons under the age of 18, or persons who do not have full legal capacity under the laws that apply to them, should not submit personal data through this website, by email, by telephone, or by any other means without the prior consent of a parent or legal guardian. Where a minor’s participation is specifically required for an educational seminar or training, any necessary contact and data collection will be arranged with the parent/legal guardian.

If personal data relating to a minor is submitted without appropriate consent, deletion may be requested by contacting info@anastasiaolympiou.com.

15. Legal obligations and disclosure

Personal data may be disclosed when required by applicable law, a lawful request by authorities, or to protect legal rights, safety, or prevent fraud. Any disclosure is limited to what is necessary and lawful.

16. Changes to this Privacy Policy

This Policy may be updated from time to time. The latest version will always be published on this page with an updated “Last updated” date.

Psychologist Licensed

Rodopoli Attica 
Athens, 14574, Greece 

Mental Health Coach Office

Voss, Vestland 
5708, Norway 

Viber | WhatsApp | Tel

+47 939 95 477

Email

info@anastasiaolympiou.com

Mental Helse Tjenester og Opplæring, Olympiou-Hansen, Org. nr. 927901536 © 2026. All Rights Reserved.

E-mail
Password
Confirm Password