The first specialized Hair Transplant and Restoration clinic in Athens for men and women.
Book a free diagnosis Appointment1. About Us
1.1. Welcome to the privacy statement of Papaggelopoulos Ioannis's medical practice, known as "HAIRTRANSPLANT CLINIC & Aesthetic Dermatology Clinic."
We value your privacy and are dedicated to protecting your personal information.
This privacy statement explains how we take care of your personal data as a client and provides information about your privacy rights and how you are protected by law.
Our clinic is responsible for collecting, managing, and processing your personal data.
2.1. You have all the rights granted by the provisions of the EU Regulation 2016/679 and the relevant European and national legislation. We will process your personal data only when the law permits us to do so.
We will use your personal data in the following cases:
When we have your explicit consent to do so.
When it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
When we need to comply with a legal or regulatory obligation.
When it is required for reasons of public interest.
2. For what purposes do we process your personal data?
We process personal data that you voluntarily provide to us and after we have obtained your prior explicit consent, when processing is necessary for the execution of the contract between us or to take measures at your request before the contract is finalized. Specifically, the purposes are defined as follows:
Medical visit (Diagnosis/Treatment) for aesthetic or clinical dermatology services, including hair transplantation.
For marketing purposes of our services, specifically in advertising our services related to the postoperative progress of the patient.
3. Categories of information we collect
We reserve the right to collect, process, store, and transfer different types of personal data about you, which we have grouped as follows:
Identity data includes your full name, father's name, date of birth, ID card (number, date of issue/expiry, and place of issue) or passport (number, date of issue/expiry, and place of issue), as well as taking photographs for hair transplant and blepharoplasty services.
Contact data includes home address, email, fax, and phone numbers, and where required, medical history, including photographic records.
Financial data includes your Tax Identification Number (TIN), bank account details, and payment card information.
Marketing data includes your full name, phone numbers, and email address.
We collect sensitive personal data for our medical activities, with your consent, which includes information about your health, such as:
Marketing data includes photographs and video recordings.
Medical procedure data includes the date of visit, number of grafts (for hair transplantation), patient's medical history (for prevention and appropriate treatment), medication, and the technique used for the procedure (for hair transplantation).
4. How we collect your information
We collect personal data about you whenever you use our services, whether the services are provided directly by us, through our customer service offices, or other physical locations where our company legally operates. This includes collecting your information in paper form, when you use our websites, our call centers, any mobile applications, and our clinic's email.
We collect information from every client-patient during the medical visit and follow-up, such as full name, address, phone number, credit card details, Tax Identification Number (TIN), etc. (as specified in paragraph 3). We may collect information with your consent in various ways, including but not limited to phone calls, customer service contacts, websites, and other sources (e.g., doctoranytime).
5. How long we retain your personal data
We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including the fulfillment of any legal, accounting, or reporting obligations.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Customer tax data is retained for a period of ten (10) years from the year of issuance of each tax document for the purposes of inspection by the competent tax authorities within the legal statute of limitations for tax claims. Data related to a medical visit (Diagnosis/Treatment) for aesthetic or clinical dermatology services is retained for a period of one day.
Data related to a medical visit for hair transplantation is retained for a period of three years.
Data related to Marketing, including sensitive personal data, is retained for a period of three years.
In certain cases, you have the right to request that we delete your data. Please refer to the section below on the deletion request for more information.
It is clarified that if you have requested and received an offer for our services and we have collected your personal data, this data will be deleted if no appointment for a medical visit is scheduled within two months. Exceptions are data related to hair transplantation, as described above.
6. Personal Data Security
We have implemented all modern and appropriate organizational and technical measures to ensure the security of your personal data and to protect it from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and any other form of unlawful processing.
7. Who are the recipients of your data
Our company guarantees that it will not transfer, disclose, or grant your data to third parties (other than those mentioned herein) for any purpose or use, except where required by applicable law or demanded by public/judicial bodies/authorities.
Access to your data is granted to the absolutely necessary personnel of the Company, who are bound by confidentiality agreements, as well as to partner companies that comply with the provisions of EU Regulation 2016/679. These partners process your data either as Joint Data Controllers or as Data Processors on our behalf and according to our instructions.
Recipients of your data are:
1) "HYGEIA" Hospital
How do we ensure that Data Processors and Sub-processors respect your Data?
The Data Processors acting on our behalf have agreed and contractually committed to the Company to:
a) maintain confidentiality,
b) not send your Data to third parties without the Company's permission,
c) take appropriate security measures,
d) comply with the legal framework for the protection of personal data, especially Regulation 679/2016/EU (also known as GDPR).
e) have acknowledged and comply with all applicable legislative and regulatory provisions for the protection of personal data.
The Data Processors may, in the performance of their duties, employ other persons, known as Sub-processors. In this case, the Data Controller must authorize them to handle the processing of Data in whole or in part. As a consequence, the Sub-processor has the same obligations and rights as the Data Processor, as outlined in this Policy, and always within the scope of their assigned duties, bearing full responsibility alongside the Data Processor.
9. Your Rights
You have the right to:
a) Request access to your personal data (“data subject access request”). This allows you to receive a copy of the personal data we hold about you and to verify that we are processing it in accordance with the law.
b) Request correction of the personal data we hold about you. This allows you to correct incomplete or inaccurate data or to supplement data we hold about you, although we reserve the right to ask you to verify the accuracy of the new data you provide us.
c) Request deletion of your personal data, subject to the retention period stated in paragraph 5. However, as you may be aware, we may not always be able to comply with your deletion request for specific legal reasons, which we will notify you about, if applicable, upon your request submission.
d) Object to the processing of your personal data when you believe it violates your fundamental rights and freedoms. You also have the right to object when we process your personal data for direct marketing purposes.
e) Request restriction of the processing of your personal data. This gives you the possibility to ask us to suspend the processing of your personal data in the following cases: (a) if you want us to confirm the accuracy of the data, (b) when our use of the data is unlawful, but you do not want it deleted by us, (c)when you wish us to retain your data even if we do not request it, in the event that it is necessary for you to assert, exercise or defend legal claims, or (d)you have objected to our use of your data, but you must confirm whether we have compelling legal reasons to do so. f) Request the transfer of your personal data to you or to a third party. We will provide you, or a third party you designate, with your personal data in a structured common machine readable format. This right only applies to information that we received with your consent at the time of the conclusion of the contract or later, until the time of submission of the request. g) Withdraw your consent in case you find and can document that it has ceased to be lawful. However, this is something that cannot affect the lawful processing that took place before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
If you wish to exercise any of the rights described above, please contact us.
10. How you can exercise your rights
For any clarification regarding this privacy statement, including any requests to exercise your legal rights, you can send an email to: [email protected].
You reserve the right to lodge a complaint at any time with your country's supervisory authority for data protection issues. In Greece, this authority is the Hellenic Data Protection Authority, and you can find relevant details at the following link: www.dpa.gr. However, we would appreciate it if you gave us the opportunity to address your concerns before approaching the data protection authority, so please contact us first using the contact details provided above.
11. No fee usually required
You will not need to pay any fee or charge to access your personal data (or to exercise any of your other rights). However, we reserve the right to charge a reasonable fee if your request is clearly unfounded, repetitive, or abusive.
12. What we may need from you
We reserve the right to request specific information from you to verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who does not have the right to receive it. We also reserve the right to contact you for further information regarding your request to expedite our response.
13. Response Time Limit
We aim to respond to all legitimate requests within one month. We may need more than one month to respond if your request is particularly complex or if you have made a series of requests. In this case, we will notify you to keep you informed about the status of your request.
14. How you will be informed about any changes to this Policy
We reserve the right to change this statement and to apply any changes to the information previously collected, as permitted by law. If there are significant changes to the Policy or the way we use your Personal Data, we will post an update on our website, and you can check there for any updates. It is clarified that these changes will take effect from the day they are posted in our Privacy Policy on our official company website.
We encourage you to periodically review this Policy to stay informed about how your Data is protected.
Fill out the form below and we will contact you to book a completely free diagnostic appointment for examination. The diagnosis is made by Dr. Ioannis Papangelopoulos (MD, PhD).
