Privacy Policy
We change lives
The first specialized Hair Transplant and Restoration Clinic in Athens for both men and women.
ΚΛΕΙΣΤΕ ΔΩΡΕΑΝ ΡΑΝΤΕΒΟΥ ΔΙΑΓΝΩΣΗΣPrivacy Policy
1. About Us
1.1. Welcome to the privacy statement of the clinic “Papaggelopoulos Ioannis”, which operates under the distinguished titles “HAIRTRANSPLANT CLINIC & Aesthetic Dermatology Clinic”.
We respect your privacy and are committed to protecting your personal data.
This privacy statement informs you about how we handle your personal data as a client and provides information about your privacy rights and how you are protected by the law.
Our clinic is responsible for the collection, management, and processing of your personal data.
2.1. Your Rights
You have all the rights in accordance with the provisions of Regulation 2016/679 of the EU and the relevant European and national legislation. We will process your personal data only when the law permits it.
- We will use your personal data in the following cases:
- When we have your explicit consent to do so.
- When it is necessary for our legitimate interests (or the interests of a third party), and your interests and fundamental rights do not override those interests.
- When we need to comply with a legal or regulatory obligation.
- When it is required for reasons of public interest.
Purposes for Processing Your Personal Data
We process personal data that you provide voluntarily and with your prior explicit consent, when the processing is necessary for the performance of our contract or to take steps at your request before entering into the contract. The specific purposes are defined as follows:
Categories of Information We Collect
Medical Consultation (Diagnosis/Treatment) for aesthetic or clinical dermatology services, including hair transplant procedures.
Marketing Purposes for our services, specifically in advertising our services for the patient’s postoperative progress.
We reserve the right to collect, process, store, and transfer different types of personal data regarding you, which we have grouped as follows:
3. Categories of Information We Collect
We reserve the right to collect, process, store, and transfer different types of personal data regarding you, which we have grouped as follows:
- Identity Data includes full name, patronymic, date of birth, Identity Card (number, issue/expiry date, and place of issue) or Passport (number, issue/expiry date, and place of issue), as well as photos taken for hair transplant and blepharoplasty services.
- Contact Data includes residential address, email, fax, phone numbers, and, where necessary, medical history, including photographic records.
- Financial Data includes tax identification number (AFM), bank account details, payment card information.
- Marketing Data includes full name, phone numbers, email.
We collect Sensitive Personal Data related to our medical activities, after obtaining your consent, which includes:
Health Data including medical records, details regarding your health, treatments, and any medical information necessary for your care.
Medical Procedure Data includes visit dates, number of grafts (for hair transplants), patient medical history (for prevention and appropriate treatment), medication, and surgical techniques (for hair transplants).
4. How We Collect Your Information
We collect personal data about you whenever you use our services, either directly from us, through customer service offices, or other physical locations where our company operates legally. We collect data in written form, when you use our websites, when you use our call centers or any mobile apps, and via email communications with our clinic.
We collect information from each client-patient during medical visits and follow-up appointments, such as name, address, phone number, credit card details, tax ID number (AFM), etc. (as outlined in paragraph 3).
We may collect information with your consent in various ways, including, but not limited to, phone calls, customer service contacts, websites, and other sources (e.g., doctoranytime).
5. How Long We Retain Your Personal Data
We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including fulfilling any legal or accounting obligations or reporting duties.
To determine the appropriate retention period for personal data, we consider the quantity, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, in accordance with applicable legal requirements.
- Tax Data: Retained for a period of ten (10) years from the year of issuance of the relevant tax document for tax auditing purposes by the competent tax authorities, as part of the statutory limitation period for tax claims.
- Medical Visit Data (Diagnosis/Treatment for aesthetic or clinical dermatology services): Retained for a period of one day.
- Hair Transplant Medical Visit Data: Retained for a period of three years.
- Marketing Data, including sensitive personal data: Retained for a period of three years.
In some cases, you have the right to request the deletion of your data: Please refer to the section below about data deletion requests for more information.
It is clarified that in cases where you have requested and received an offer for our services, and we have collected your personal data, this data will be deleted if an appointment for a medical visit has not been scheduled within two months. Data related to hair transplants, as described above, are excluded from this rule.
6. Security of Personal Data
We have taken all modern and appropriate organizational and technical measures to ensure the security of your personal data and protect it from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and any other form of unlawful processing.
7. Who Are the Recipients of Your Data
Our company guarantees that we will not transfer, disclose, assign, or share your data with third parties (other than those mentioned in this document) for any purpose or use, unless required by applicable law or necessary for public or judicial authorities.
Access to your data is granted only to the essential personnel of the Company, who are committed to confidentiality, as well as to our business partners who are compliant with the provisions of Regulation 2016/679 of the EU and process your data as Joint Data Controllers or as Data Processors on our behalf and according to our instructions.
Recipients of your data include:
- “YGEIA” Hospital (for medical procedures, treatments, etc.)
8. How Do We Ensure That Processors & Sub-processors Respect Your Data?
The Data Processors acting on our behalf have agreed and committed contractually with the Company to:
a) Maintain confidentiality,
b) Not send your data to third parties without the Company’s consent,
c) Implement appropriate security measures,
d) Comply with the legal framework for personal data protection, particularly with Regulation 679/2016/EU (GDPR),
e) Acknowledge and adhere to all applicable legislative and regulatory provisions for the protection of personal data.
The Processors, during the execution of their duties, may engage other individuals, known as Sub-processors. In such cases, the Data Controller must authorize them to handle all or part of the data processing. As a result, the Sub-processor has the same obligations and rights as the Processor, as outlined in this Policy, and is fully responsible for their actions alongside the Processor.
9. Your Rights
You have the right to:
a) Request Access to Your Personal Data (“Data Subject Access Request”). This allows you to obtain a copy of the personal data we hold about you and confirm that we are processing it in compliance with the law.
b) Request Correction of Your Personal Data. This allows you to correct any incomplete or inaccurate data or to complete data we hold about you. However, we retain the right to request that you validate the accuracy of the new data you provide.
c) Request Deletion of Your Personal Data, subject to the retention period outlined in paragraph 5. However, as you are aware, we may not always be able to comply with your deletion request for specific legal reasons, which we will notify you of, if necessary, upon submission of your request.
d) Object to the Processing of Your Personal Data when you believe that your fundamental rights and freedoms are being violated. You also have the right to object when we process your personal data for direct marketing purposes.
e) Request Restriction of Processing of Your Personal Data. This gives you the ability to ask us to suspend the processing of your personal data in the following cases:
- (a) if you want us to verify the accuracy of the data,
- (b) when the use of your data is unlawful, but you do not want us to delete it,
- (c) when you need us to retain your data even if we no longer need it, in case it is required for the establishment, exercise, or defense of legal claims,
- (d) if you have objected to our use of your data, but we need to confirm whether we have overriding legitimate grounds to process it.
f) Request Data Portability. This allows you to receive your personal data in a structured, commonly used, and machine-readable format or to transmit it to a third party you designate. This right applies only to data we collected with your consent under a contract or later.
g) Withdraw Your Consent if you find that it is no longer valid. However, this will not affect the lawfulness of processing carried out prior to the withdrawal of consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
If you wish to exercise any of the rights described above, please contact us.
10. How to Exercise Your Rights
For any clarification regarding this privacy statement, including any requests to exercise your legal rights, you may send an email to: papaggelopoulos@yahoo.gr.
You also have the right to lodge a complaint at any time with the supervisory authority of your country regarding data protection matters. In Greece, this authority is the Hellenic Data Protection Authority (HDPA), and you can find relevant details via the following link: www.dpa.gr. However, we would appreciate the opportunity to address your concerns before you approach the data protection authority, and we kindly ask you to contact us first using the contact details provided above.
11. No Fee Usually Required
You will not need to pay any fee to access your personal data (or to exercise any other of your rights). However, we reserve the right to charge a reasonable fee if your request is manifestly unfounded, repetitive, or excessive.
12. What We May Need from You
We reserve the right to request specific information from you to verify your identity and ensure that you have the right to access your personal data (or exercise any other of your rights). This is a protective measure to ensure that personal data is not disclosed to any individual who is not authorized to receive it. We also reserve the right to contact you for further information regarding your request in order to reduce response time.
13. Response Timeframe
We strive to respond to all legitimate requests within one month. However, we may need more than one month to respond if your request is particularly complex or if you have submitted a series of requests. In this case, we will notify you accordingly.
14. How You Will Be Informed of Any Changes to This Policy
We reserve the right to amend this statement and apply any changes to the information previously collected, as provided by law. If there are significant changes to the Policy or the way we use your Personal Data, we will post an update on our website, and you can stay informed about any changes there. Please note that these changes will take effect from the date of publication in our Privacy Policy on the official website of our company.
We encourage you to read this Policy periodically to be aware of how your Data is being protected.