Privacy Policy

Last update: 01.11.2023

1. Respect for your privacy and the management, protection, and security of your personal data are a priority for the individual business ‘ATHANASIOS PALLANTZAS,’ (‘Dr,’ ‘Company,’ ‘we,’ ‘us,’ ‘our’), headquartered at 4 Korai Street, Larissa, Greece, with branches/clinics in Kifisia and Trikala. This Privacy and Personal Data Protection Policy (hereinafter ‘Privacy Policy’) of the Company informs you, whether you are visiting the website www.beautybydesign.gr (‘Website’) or using the services displayed on the Website, either through the Website itself or at our physical clinics, participating in promotional or other Company activities related to the Services, subscribing to the Company’s newsletter, or using the Website’s social media (Social Media) or otherwise, (hereinafter ‘you,’ ”your”, ‘’visitor’’) )

  • of the types of data it collects or produces for you and,
  • of the purpose of collecting and processing your data and,
  • about how these data are processed and,
  • about their recipients and the purpose for which they are processed,
  • about your rights and choices on your personal data and,
  • about how to contact us concerning any matter you may be concerned about in relation to your personal data.

2. CHANGES IN PRIVACY POLICY

We may modify or replace all or / or part of this Policy at our sole discretion. Ιf there are substantial changes to this Policy or our practices regarding your data change in the future, we will notify you by publishing the changes to our Website. However, if you wish any clarification or information regarding the changes, or you wish to raise a dispute, a reservation or a question about such changes, you may contact us through email at  [email protected]. Please note that any information/clarification provided to you in connection with any changes to this Policy does not constitute a replacement, substitution or modification of this Policy. In any case, we recommend that you review this Privacy Policy from time to time, taking advantage of the ability to always find it as a permanent information point on our Website.

3. If you continue to navigate on our Website, this means that you automatically and unreservedly accept the modified terms of this policy. If you do not agree with this Policy or the modifications, you must not take any action or make any use of the Website οr or to unsubscribe from our newsletter and in any case you must not provide any personal data. However, you are entitled to ask for your data to be deleted. In any case, for any information or clarification, you may contact us while retaining your rights with respect to your personal data as outlined and described in Section V below.

ΙΙ. PERSONAL DATA CONTROLLER & CONTACT

1.The Data Controller of your personal data is the individual business ‘ATHANASIOS PALLANTZAS.’ Personal data is collected when accessing, browsing, and using the Website, as well as when using and being provided with ourServices, either on the Website or at our clinics.

2. You can contact the Company at the contact details, either by phone +30 210 8086930 or by email [email protected] and provide us with your feedback, queries, comments or any complaints regarding this Policy and the collection and processing of your personal data, in general. You have the right to submit any complaint regarding your personal data that may arise from their processing by the Company to the Hellenic Data Protection Authority, which is the supervisory authority of Greece. For details, see the following link www.dpa.gr. However, we consider it our obligation and duty to handle any concerns you may have about your personal data we process, so please do not hesitate to contact us.

III. DATA COLLECTION AND PROCESSING

Personal data or personal information means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be identified, directly or indirectly. Such data do not include data that are anonymous

1. WHAT types of data we collect for you

During your navigation on the Website or on the Website’s Social Media, or when you subscribe to our Newsletter, or each time you request the provision of services from us, or visit our facilities or website, or communicate with us directly using any means, or complete electronic or physical communication forms, or enter into any type of agreement, or provide services yourself or use our services, we collect and process various types of personal data about you, including simple personal data, special categories of data, such as health data, and other case-specific information, either directly from you or from third parties, or data that we collect or create using our own means (including automated means).

Specifically, and in order to provide you with our services, whether they relate to health problem restoration, prevention, or aesthetic reasons, we collect the following data concerning you:

  1. Identity Data: Name and surname, Tax Identification Number (TIN), Gender, Date of Birth, Social Security Number.
  2. Contact Data: Landline or mobile phone, email address, Home Address.
  3. Health Data: Subject to your explicit consent, we collect personal data related to your physical or mental health, including information related to your health status, in order to provide healthcare services. This information includes, but is not limited to:
    – Your medical history (past, current, or future medical examinations)
    – Your physiological or biomedical status
    – Medication
    – Photographs
  4. Public data and posts, which may consist of comments or content posted on the Website’s Services as well as message boards, discussion groups, blogs, and other public user forums. Your personal data accompanying this content, which may include pseudonyms, usernames, comments, likes, status, profile information, and photos, becomes public information. Public information and posts are always publicly available, meaning they are accessible to everyone and may appear in search engine results.
  5. Activity and other data that may be collected automatically. When you access and interact with the Website, we may automatically collect specific information about these visits (connection information, device information, network information, usage information). For example:
    – Connection Information: We record information about the use you make of the Services, including your Internet Protocol (IP) address, the type of browser you use, the access frequency, the pages viewed, the number of clicks, and the page you visited before browsing our Services.
    – Device Information: We collect information about the computer or mobile device you use to access our Services, including hardware model, operating system and version, device unique identifiers, and mobile network information.
    – Network Information: We may collect information about your network, such as network devices, nodes, settings, connection speeds, and network and application performance.
    – Usage Information: We may collect information about your use of our Services and certain tools, such as which pages on the Website you visit, how often you use the tools, the duration and quality of use, test data, job configuration settings, and center data.
  6. Data Collected by Cookies and Other Tracking Technologies. We may also collect cookies and other tracking technologies (such as browser cookies, pixels, beacons, Google Analytics) to improve your experience by allowing us to personalize our content based on your interests. These technologies can be used to collect and store activity data related to your use of the Website’s Services, such as the pages you’ve visited, the content you’ve viewed, search queries you’ve submitted, and advertisements you’ve seen. For more information, refer to our Cookie Policy.

2. HOW do we collect your Personal Data

2.1. We collect DIRECTLY BY YOU the following personal information when you request services from us, schedule appointments, intend to communicate with us, visit our facilities, our website, or when you contact us directly through any means, including our company’s Social Media platforms, or when you complete electronic or physical communication requests or forms, or when you enter into any type of contract or when you provide services yourself or use our services, or when you subscribe to our newsletter.

2.2. We AUTOMATICALLY collect the above-mentioned data and information about you through the following means (III. 1, cases v-vi):

  • Data Collected by Cookies and Other Tracking Technologies
  • Activity Data and Other Data

2.3. We collect the following data and information about you from THIRD PARTIES:

  • Public Data (III. 1, case iv.)
  • Your personal data may be shared with us by third-party independent organizations when there is a lawful basis for processing, and they have the relevant right to do so. In these cases, you should be informed about the processing of your personal data by these third-party organizations through their respective Data Protection Statements. These organizations may include social networking platforms.

2.4. Personal Data from Individuals Under the Age of 16

We do not knowingly collect any information from any person under the age of 16 unless the lawful guardian’s consent has been provided. If you are under 16 years of age, please do not use or provide any information to us, do not subscribe to our newsletter list, and do not provide any information about yourself to us, including your name, address, or contact details (phone, email, etc.). If we discover that we have collected or received personal data from an individual under the age of 16, we will delete it immediately unless lawful guardian consent has been provided. If you believe that we may have information from or about an individual under the age of 16, please contact us.

3. HOW do we use your personal information?

The main reason for collecting and processing data related to your person is to inform you and provide you with the services of our website and clinics, which are detailed on the website. This includes managing patients or clients, handling payments, conducting promotional activities, sending newsletters, updating clients and patients, overseeing the video surveillance system in the clinics. Additionally, we collect data for the following purposes:

  • To measure, analyze, and improve the services and functions of our website and clinics.
  • To provide and deliver the products and services you request, process appointment information, and send you related information, including confirmations.
  • To enhance your experience through the services of the Company (both online and offline) by providing content that you may find relevant and interesting.
  • To address technical issues related to the services and send you technical alerts, updates, security notices, and support and process-related messages.
  • To respond to your comments, questions, and requests and provide customer support services.
  • For compliance with applicable laws or legal processes and/or to respond to requests from relevant government authorities.
  • To complete a corporate transaction, such as a proposed or actual restructuring, merger, sale, joint venture, assignment, transfer, or other disposition of all or part of the business activities, assets, or shares of the company (including any bankruptcy or similar proceedings). For example, if the Company is involved in a merger or transfer of all or a substantial part of its activities, the Company may disclose and transfer your personal data to the parties participating in the transaction as part of that transaction.
  • To personalize and enhance our services and offer advertisements, content, or features that match your user profile or interests.
  • To connect or combine with information we receive from third parties to better understand your needs and improve our services.
  • To satisfy your rights concerning your personal data.
  • For other purposes as notified to you or as determined on a case-by-case basis at the point of initial collection of information about you.

4. ON WHAT LEGAL BASIS do we use your personal data?

The Legal basis on which we make use of your information is either one of the following:

1. Performance of a Contract with You as the Contracting Party
The collection and processing are necessary for the performance of a contract and the provision of services you request from the Company, as well as for compliance with legal obligations and the exercise of the Company’s legal rights as a data controller (Article 6(1)(b), (c), and (f) of the GDPR).

2. Legitimate Business Interests that Do Not Override Your Interests in Protecting Information

  • To manage and protect the Company, our website, and our clinics, including addressing issues, data analysis, testing, system maintenance, support, report preparation, and data retention.
  • To prevent and address cases of fraud and other illegal activities for the protection of the public and personal safety.
  • To manage medical services, healthcare services, or other support services, collect fees, and ensure their coverage by insurance companies or your insurance provider.
  • To create electronic health records.
  • To assess the services provided through the completion and submission of relevant surveys, and more.
  • To provide services that are useful, user-friendly, and enjoyable, including personalized communication according to your preferences.
  • To better understand our user base to develop and improve our products and services and tailor website content to your needs and preferences.
  • To measure the effectiveness of the presentation and display of our services on third-party websites.
  • For market research, evaluation, and analysis of your opinion on our services and our business policies, reputation, recognition of our commercial trademarks, and other distinguishing features.
  • To use data analysis tools to improve the website, products/services, and our relationships with users.

When relying on the legitimate interests of the Company as a legal basis for processing your personal data (including cases of automated decision-making and profiling), we must assess whether such processing might override your interests, fundamental rights, or freedoms that require the protection of your personal data. We have taken these considerations into account, and where there is a risk to any of your interests, fundamental rights, or freedoms, we will not process your personal data unless we rely on another legal basis for processing.

3. For preventive or occupational medicine purposes, medical diagnosis, the provision of health care, or treatment, or the management of health systems and services (Article 9 para. 2 (h) of the GDPR).

4. Compliance with a legal obligation to which we are bound. As part of the Company’s activities, we are obliged to process your personal data to meet obligations arising from the law (e.g., tax, social security, etc., legislation).

5. Protection of your vital interests in cases of legal or physical incapacity to consent to processing (Article 9 para. 2 (g) of the GDPR).

6. Necessary for reasons of public interest in the area of public health, such as conducting scientific research for public health interests, protecting against serious cross-border health threats, or ensuring high standards of quality and safety of healthcare and medical technology products, based on national or EU law (Article 9 para. 2 (i) of the GDPR).

7. Explicit Consent. Processing is based on your explicit consent, provided that further processing of your personal data is carried out or used for the purpose of informing you about medical matters and our Services (e.g., newsletters, contests, promotional activities, automated means and technologies, electronic communication forms, survey conduction).

5. WHO are NOTIFIED of your personal data

5.1. The Company may disclose your personal data for the purposes of Section III.3 in the following categories:

  1. As part of the operation of the Website, clinics, and the provision of their Services and to better serve you, our Company collaborates with third parties who provide support, services to us and have access only to the data that is absolutely necessary for the service they provide, provided that they accept all the terms herein. For example:
    – Company staff, doctors, and other medical, nursing, and administrative personnel.
    – Collaborating doctors, healthcare professionals, or healthcare service providers, medical diagnostic laboratories providing independent services to the Company.
    – Companies that host and manage our Website.
    – Advertising and marketing companies.
    – Data analysis and research companies.
    – Information system and software procurement and support companies.
    – Insurance companies or public insurance agencies.
    – Medical technology equipment providers.
    – Accountants and lawyers
  2. In affiliated companies, in their capacity as data controllers or data processors.
  3. To competent authorities for compliance with applicable laws.
  4. To our partners, affiliated companies, and their subsidiaries, distributors, resellers, partner channels, and/or assignees, as necessary, to provide the Services you request or to support our promotional activities, or to the extent permitted by applicable law.
  5. In courts, judicial authorities, and other government bodies, if required by law or legal proceedings, or if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with the investigation of suspected or actual unlawful activity.
  6. If you have agreed to receive direct marketing from us and our affiliated companies, we may also share your data for this purpose.
  7. To a third party to which we reserve the right to choose to transfer all or part of our business.

5.2. Links to Other Websites

Our Services may provide links to other websites and services for your convenience and information. These other websites and services may operate independently of us. The websites to which we provide links may have their own privacy notices and terms of use, which we encourage you to read if you visit any website or service through a link. To the extent that websites or services you visit through a link are unrelated to our Services, we assume no responsibility for them.

6. TRANSFER of Your Personal Data to THIRD COUNTRIES

The Company typically maintains your personal data within the European Economic Area. In cases where data is to be transferred to third countries outside the European Economic Area for which there is no adequacy decision by the European Commission or to International Organizations, all appropriate safeguards provided by the applicable law for the protection of personal data regarding transfers to third countries will be taken into account.

7. VIDEO SURVEILLANCE

7.1. The Company uses a video surveillance system (cameras) exclusively for security and the protection of individuals and property within its clinics. It is explicitly clarified that the video-recorded area is equipped with specific signage (distinct warning signs) that provides first-level information to the data subjects regarding the processing of their data through the video surveillance systems, and this document constitutes a more detailed second-level notification.

7.2. Purpose and Legitimate Interest. Processing is necessary to fulfill a duty carried out in the public interest or in the exercise of public authority delegated to the data controller (Article 6, para. 1, point (e) GDPR). Our legitimate interest lies in the need to protect our premises and the property located therein from illegal activities, such as theft, and the safety of life, physical integrity, health, and the property of our personnel and third parties lawfully present in the monitored area. Cameras have been placed in the main areas of the clinics without focusing excessively on areas where the private life of individuals whose image is being taken may be unduly restricted, including their right to the protection of personal data.

7.3. Recipients. The recorded material is accessible only to our competent/authorized personnel responsible for the security of the area. This material is not disclosed to third parties, except in the following cases: a) to the competent judicial, prosecutorial, and police authorities when it includes information necessary for the investigation of a criminal offense concerning individuals or property of the data controller, b) to the competent judicial, prosecutorial, and police authorities when they lawfully request data during the performance of their duties, and c) to the victim or the perpetrator of a criminal offense when it concerns data that may constitute evidence of the offense.

7.4. Data Retention Period. We retain the data for forty-five (45) days, after which they are automatically deleted. In the event that during this period, we become aware of an incident, we isolate a portion of the video and retain it for up to an additional (1) month for the purpose of investigating the incident and initiating legal proceedings for the protection of lawful interests.

7.5. Data Subject Rights:

Data subjects have the following rights:

  • Right of access: you have the right to know if we are processing your image and, if so, to obtain a copy of it.
  • Right to restriction: you have the right to request that we limit processing, for example, not to delete data that you consider necessary for the establishment, exercise, or defense of legal claims.
  • Right to object: you have the right to object to processing.
  • Right to erasure: you have the right to request the deletion of your data.

You can exercise your rights by sending an email to our contact information in Section II. To review a request related to your image, you must specify when you were approximately in the range of the cameras and provide an image of yourself to facilitate the identification of your data and the concealment of third-party data being captured. We also emphasize that exercising the right to object or erasure does not entail the immediate deletion of data or the modification of processing. In any case, we will respond to you in detail as soon as possible, within the deadlines set by the GDPR.

IV. PROTECTION AND MANAGEMENT OF YOUR PERSONAL DATA

  1. For the SECURITY of your personal data, our Company takes appropriate technical and organizational measures to protect the personal information we hold from unauthorized disclosure, use, alteration, or destruction. In each case, we use encryption and other technologies that can contribute to the security of the information you provide. We also require third parties to whom we disclose your data to comply with strict requirements for the protection and security of personal data. The Company, through its corresponding contractual commitments and its partners, takes all necessary security measures to protect and ensure the confidentiality and integrity of personal data. In any case, the security of these data is subject to reservation due to reasons beyond the control of the Company, as well as reasons due to technical or other incapacity (e.g., network) that is not controlled by the Company or due to force majeure or fortuitous events. It is also your responsibility to ensure that the equipment (e.g., personal computer), software, and telecommunications equipment you use while browsing our website are adequately secure and protected from malicious software (e.g., viruses). You should be aware that without adequate security measures, there is a risk that data and the passwords you use may be disclosed to unauthorized third parties.
  2. We will retain your data, taking into account the reasons for which the Company needs to process the data, as well as any legal obligations for data retention for a specific period. This includes, but is not limited to, the following cases:
    1. For processing based on the legal basis of the execution of an Agreement with you as a contracting party, your personal data are stored for as long as necessary for the execution of the contract and for the establishment, exercise, and/or support of legal claims that may arise from this contract.
    2. For processing based on the legal interest, the data is kept for as long as necessary to satisfy the respective legal interest.
    3. For preventive or occupational medicine, medical diagnosis, healthcare provision, or treatment, or as required by applicable legal provisions, your personal data are stored for as long as required by the relevant provisions.
    4. According to the law, the Medical Record must be kept for a period ranging from 10 to 20 years from the patient’s last visit, depending on the case.

V. YOUR RIGHTS

Regarding your personal data that we have at our disposal and process, you have the following rights in accordance with the European General Data Protection Regulation (EU) 2016/679 on the protection of personal data:

  1. Right of access: You can request to access them to confirm that we process them in accordance with the law and your instructions and preferences.
  2. Right of rectification: You can inform us of any changes to your personal data or ask us to correct any of the personal data we hold about you.
  3. Right to erasure or restriction of processing: In certain cases, you can request us to delete or restrict the processing of personal data we hold about you, or to object (right to object) to specific ways in which we use your personal data, provided the law does not require otherwise.
  4. Right to data portability: In some cases, you can also ask us to send the personal data you provided to a third party.
  5. Where we use your personal data based on your consent, you have the right to withdraw this consent at any time, subject to applicable law.

To exercise any of your rights or if you have any complaints, please contact us at the contact details of Section II. In case of a request to exercise your rights, the Company will respond to your request within one (1) month of its submission. This deadline can be extended by two (2) more months, following your prior notification, taking into account the complexity of the request and the number of requests being processed. The data subject making the request must include their name and email address, the nature, and the date of the request in their request.

Copies of all correspondence and other material received by the Company in connection with any request for the exercise of rights will be retained in the Company’s records for 2 years.

If you believe that your rights are being violated in any way, you can file a complaint with the competent Supervisory Authority:

Hellenic Data Protection Authority (www.dpa.gr).

Postal address: 1-3, Kifissias Avenue, PC 115 23, Athens
Call Center: +30 210 6475600
Fax: +30 210 6475628
E-mail: [email protected]