We are committed to safeguarding your privacy, with a particular focus on the Personal Data that pertains to you. We have established this Data Protection Policy to provide you, our website visitors (https://drpapaioannou.gr/), with information about the kinds of data we handle, the reasons for collecting and processing this data, how we handle your data in general, who receives it, your rights and choices, and how to reach out to us for any matters related to your personal data.

This Data Protection Policy covers the following:

Information Regarding the Data Controller:

Our company, known as “ΠΑΠΑΪΩΑΝΝΟΥ ΠΛΑΣΤΙΚΗ ΧΕΙΡΟΥΡΓΙΚΗ Ι.Κ.Ε.,” is headquartered in Thessaloniki, Greece, at 94 G. Papandreou Street, Postal Code 54655.

Phone: +30 2310 42 66 06

Email: [email protected]

Data We Collect:

“Personal Data” refers to any information that can be used to identify an individual. Our company, ΠΑΠΑΪΩΑΝΝΟΥ ΠΛΑΣΤΙΚΗ ΧΕΙΡΟΥΡΓΙΚΗ, collects such information when you use or interact with our website. Specifically:

When navigating our website, you have the option to post comments in all comment fields using the “leave a reply” service, after providing your name and email address. Your email address remains unpublished, and you can use “ANONYMOUS” as your name if you prefer not to disclose your real name.

Furthermore, while communicating with us through our company’s social media channels (e.g., Facebook, LinkedIn, etc.), you may share your personal information based on your privacy settings on those social networks.

Purpose of Data Collection and Processing, and Legal Basis:

We collect and process your personal data for the following purposes:

  1. Communication: Your name and email address are used to respond to your inquiries and provide information about our services.
  2. Appointments: When using the appointment booking form, we collect your name, email address, and phone number to arrange your appointment at our clinic.
  3. Comments: When you leave comments on our website, we collect your name and email address. Your email address is not published, and you have the option to use “ANONYMOUS” as your name if you prefer not to disclose your real name.
  4. Telemedicine: When using the telemedicine service, we collect your name, surname, email address, and phone number to clarify details about your appointment or exchange information before your arrival in Thessaloniki.

Security Measures to Protect Your Personal Data:

Safeguarding your personal data is our utmost priority. We’ve implemented suitable technical and organizational measures to ensure the security and confidentiality of your personal data. These measures encompass encryption, access controls, and regular security audits.

Retention Period for Your Personal Data:

We retain your personal data for a specific period, depending on the purpose for which it was collected. Generally:

Your Rights and How to Exercise Them:

You have specific rights regarding your personal data, including the right to access, correct, or delete your data, as well as the right to restrict or object to its processing. You can exercise these rights by contacting us using the contact details provided in this policy.

Automated Data Collection:

During your visit to our website, certain data is automatically collected from your device or web browser (known as “cookies”). Cookies are small text files containing information that websites use to enhance your user experience. For detailed information about the types of data collected through automated means, please refer to our Cookie Policy.

Information Regarding Minors:

Our website and services are not intended for use by individuals under the age of 15. We do not knowingly collect Personal Data from individuals under the age of 15 without the consent of a parent or guardian. In any case, we delete any personal data of individuals under the age of 13. If you are a parent or guardian of a child under the age of 15 and are concerned that your child may have provided us with personal information, please contact us at [email protected].

Why Do We Use Your Personal Data?

We use your data for the following purposes:

  1. To respond to your requests for information regarding the services we provide.
  2. To schedule appointments at our clinic.
  3. To operate our telemedicine service (Virtual Consultation), initiate communication, and exchange information.
  4. To address comments you wish to share on our website.
  5. To manage, process, and secure your payments, including financial transactions and invoice issuance.
  6. To handle any complaints you may have.
  7. To create, store, and maintain a database of our clientele.
  8. To fulfill your rights regarding your personal data.
  9. For transaction security.
  10. For business analysis and improvements in our business activities and services, including the provision and optimization of our services in the market and improving your experience and service by us.
  11. For market research, statistical analysis, marketing strategy development, and marketing campaign management (including collecting statistical data on website traffic).
  12. To detect, prevent, and address fraud or other unlawful activities.
  13. To protect our rights, assets, and those of third parties.

For these purposes, we will collect and process only the data that is compatible with the processing purpose.

To Whom Do We Disclose Your Personal Data?

Personal data we collect may be disclosed to third parties, specifically:

  1. To any competent supervisory, public, or judicial authority, as required by applicable legal frameworks or judicial decisions.
  2. To other external partners who perform processing on our behalf and are contractually bound to provide an equivalent level of data protection, such as law firms, financial advisors-accountants, advertising agencies, IT service providers, or support for all types of information systems, etc.

We do not disclose your personal data to third parties outside the European Union in countries where there is no appropriate data protection regime. However, in the event of such data transfer being necessary, we will take all necessary measures to ensure that your data is treated securely, such as using Standard Contractual Clauses (SCC) as mandated by the Commission.

Legal Bases for Processing Your Personal Data

Papaioannou Plastic Surgery relies on four legal bases when processing your personal data, which are as follows:

  1. Contract Performance: When processing your personal data is necessary to fulfill our obligations arising from a contract.
  2. Legal Obligation: When we are required to process your personal data to comply with a legal obligation, such as maintaining records for tax purposes or providing information to a public authority or law enforcement agency.
  3. Legitimate Interest: We may process your data when we have a legitimate interest, provided it does not override your interests and rights. This may include ensuring the continuity of our lawful activities, as long as it does not conflict with your interests.
  4. Your Consent: Occasionally, we may ask for your specific consent to process certain personal data. Processing will only occur with your consent, and you can withdraw it at any time without retroactively affecting processing.

Your Rights

Your rights according to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) are as follows:

  1. The right to access your personal data that we process.
  2. The right to correct any incomplete or inaccurate data that we hold at PAPAIANNOU PLASTIC SURGERY.
  3. The right to have your personal data deleted.
  4. The right to limit the processing of data.
  5. The right to data portability to yourself or to third parties. You can receive your personal data in a structured, commonly used, machine-readable format and transmit it, under the legal conditions, to another data controller, provided that this does not adversely affect the rights and freedoms of others (only for automated processing of data you provided to us with your consent or for the performance of a contract between us).
  6. The right to object to the processing of your personal data at any time. PAPAIANNOU PLASTIC SURGERY may not comply with this right if it demonstrates compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
  7. The right to lodge a complaint with the Data Protection Authority (www.dpa.gr) if you believe that your rights are being violated in any way (the right to lodge a complaint with the Authority). Postal Address: 1-3 Kifisias Avenue, Postal Code 115 23, Athens, telephone center: +30 210 6475600, email: [email protected].

For any additional information and to exercise the above rights, please contact us in writing at the following address: 94 G. Papandreou Street, Thessaloniki, Postal Code 54655, or via email at [email protected]. Generally, your request will be satisfied within one month from the date of receipt. Information, communication, and any actions taken under Articles 15 to 22 and 34 of the GDPR are provided free of charge.

Security and Retention of Your Personal Data

We retain your personal data only for the time necessary for the purposes of data processing, i.e., for the duration of our contract, your consent, our legal obligations (such as tax compliance), and our legitimate interests on a case-by-case basis.

The processing of personal data is carried out in a way that ensures the confidentiality of the data. Our company, PAPAIANNOU PLASTIC SURGERY, applies appropriate technical and organizational measures to ensure the adequate level of data security against risks of accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and any other form of unlawful processing.

The data you provide to us is protected with appropriate information security techniques to ensure both secure transmission over the Internet and secure storage in Information Systems.

Special Categories of Data

We ask you not to disclose your banking data or sensitive personal data to us via email. The processing of personal data in this category does not serve the purposes of processing as defined above.


Our website contains links to other websites. This privacy statement does not apply to the user’s access to other websites. Please refer to the privacy policies of those websites for more information on how they handle your data.

The Data Controller is not responsible for the content and services of other third parties to whom links, hyperlinks, or banners are provided (including, without limitation, social networking sites such as Facebook, Twitter, YouTube, Instagram). The Data Controller does not guarantee or control the availability, content, and personal data management policy of the websites linked by a link. Therefore, for any problems encountered during your visit/use, you should contact the respective websites that bear sole responsibility for providing their services. Access using the links provided on the respective website takes place with the exclusive responsibility of the user.

Update of this Policy

The last update of this policy was made on March 15, 2023.

We inform you that this policy may change periodically. If we decide to change our policy, we will inform you through notifications that will appear on our website.

If we decide to make substantial changes to the processing of your personal data, you will receive prior notice or, where required, your consent will be sought before the new policy is implemented.


For any questions or comments regarding this policy and the practices we follow, please do not hesitate to contact us at the following email address: [email protected].