We treat your personal data with responsibility and we believe that it should be collected and processed only when absolutely necessary. Therefore, all of our company’s systems and the website www.tzouma.gr are designed with the appropriate operational and internal systems and comply to the applicable legislation regarding data protection {and mainly to the Medical Code of Conduct and the General Data Protection Regulation EU 679/2016 (GDPR)}.

The present privacy policy has been adopted by Doctor –Dermatologist Anastasia Tzouma (hereinafter Tzouma Clinic), having its registered seat in Athens, Greece, at 7 Keiriadon street, telephone number 2102209000, which is the Controller of the Personal Data that you provide us with. Tzouma Clinic is bound to protect you whenever you provide us with your data and when you use www.tzouma.gr and to provide you with all the information you need, in accordance with Articles 12, 13 and 14 of the GDPR, applicable from 25 May 2018 at a European level. Moreover, the data that the Doctor collects and processes, are treated as highly confidential, in accordance with Article 13 of the Medical Code of Conduct.

1. What is considered as Personal Data in general?

Personal Data is any information that relates to you, or may be attributed to you. Such data is, for example, your name, surname, father’s name, address, telephone number, as well as your email address. Additionally, personal data also includes some technical data relating to you, such as your IP address or the websites from which you entered our site, etc. Moreover, as special categories of personal data (sensitive data) are namely treated data that relate to the health condition or the sexual life of the person, as well as his/her religious and political views.

2. Which personal data are being collected by Tzouma Clinic and for which purposes they are being processed?

Collection and processing of data takes place for purposes directly related to the services you request from us and which we offer to you and/or for purposes for which you have granted your consent and always in accordance with applicable laws and regulations regarding personal data protection.

In During the course of our daily business, as expected, we collect and process special categories of personal data and mainly data which refer to the health condition of our patients. In any case, we will only process them if you provide us with your explicit consent or based on a legal obligation, and always in accordance with the Regulation.

More specifically, Tzouma Clinic collects and processes personal data and information mainly according to the following:

2.1 Our patients’ data

2.1.1. Our Clinic collects personal data which our patients provide to us or which we may receive from medical centers, following the prior direction and consent of the patient him/herself. These data are mainly related to the health condition of the patients (e.g. full medical history, medical examinations, pharmaceutical treatments, genetic data and photographs of the progress of the patient’s condition etc).

Moreover, prior to the processing of his/her data, any patient who is going under a special medical procedure, receives detailed information by the Doctor, regarding the specific characteristics of that procedure, as well as any possible side-effects thereof.

In any case, it is a standard procedure for Tzouma Clinic to clearly and in detail inform the patients of the way and purpose of the processing of their data. It is also noted that the processing of sensitive data is considered as necessary for the purpose of medical diagnosis, the provision of health care or treatment. The patients are then requested to declare in writing that they have received the above-mentioned information. When the processing refers to under-age patients, the information or/and consent of the parent/legal guardian is necessary.

2.1.2. Patient’s data are not being published in any manner nor transferred to third parties, unless the patient him/herself consents or in any case in accordance to clause 5 of the present Privacy Policy and articles 6 and 9 of the GDPR.

2.1.3. Patient’s data are being kept by the Doctor at the individual medical file of each patient, protected by high technical measures, and access is only granted to staff and partners on a need-to-know basis and only with individual passwords.

2.2. Browsing the website – Cookies

2.1.1. In order to browse our Website it is not necessary to sign up and consequently to directly provide us with your personal data or other information relating to you. However, while navigating www.tzouma.gr and transacting with us through our services, our Clinic collects personal information and other information about you through our own (First Party Cookies) or third parties’ with whom we partner Cookies (Third Party Cookies).

Cookies are small text files that are installed on your computer or on your device temporarily and are transmitted to our server when you visit our website through your preferred browser. No Cookie file used on the Website collects any information or obtains knowledge of any document or file from your computer.

The data collected by cookies for the above purposes may include the type of browser you are using, the type of your computer, your operating system, online service providers, the sites you visit, and the links to third party websites which you may follow through our Website, the products and advertisements you see, the IP address of your computer and general demographic information about you, such as gender, age, place of residence.

Moreover, cookies are being used for advertising and marketing purposes, statistical purposes, market research purposes, in order to improve our products and services, for measuring of the effectiveness of the website and its adaptation to the needs of the Users.

By browsing the Website, you consent to the processing by Tzouma Clinic of information it collects from you by using Cookies. You can, however, edit your preferences through our Website settings regarding Cookies, but you shall know that some of its features may be affected.

2.1.2 We are also using Google Analytics (GA) and Facebook Pixel to track our users’ activity. We use this data in order to determine the number of people using our website, to obtain a better understanding of the way they come across and use our website and to track their actions in it.

Although GA records data such as your geographic location, your device, your browser and your operating system, none of this information identifies you or makes you personally known to us. GA also records your computer’s IP address, which could be used for your identification, but Google does not grant us access to this information.

2.3. Subscription to the newsletter service

We will not send you any Newsletter for any advertising or product/service promoting purposes, unless you choose to subscribe to our Newsletter service. If you subscribe to this service, Tzouma Clinic will collect your email address and send you informational material about new treatments and offers of our Clinic.

In case you do not wish to receive our Newsletters and promotional material in general, you can request your removal from the recipient list at any moment, either by following the relevant link at the end of every email you receive from us, or by sending the request to the email address This email address is being protected from spambots. You need JavaScript enabled to view it..

2.4. Employees and partners’ data

Our Clinic collects personal information from potential employees, including personal contact information, professional qualifications and past professional experience, in order to make recruitment decisions. Upon recruitment, we collect information about our employees in the context of our contractual relationship and for purposes related to it, such as for evaluating their performance, for payroll or for tax purposes. This employee data is collected and stored in our safe database, access to which is granted on a need-to-know basis. in accordance with our standardized business practices. We may also process similar information about freelancers, consultants and other third parties who provide products or services to our clinic.

3. Which is the legal basis for processing your data?

As already described, we shall never process your data, unless the processing is necessary, and based either 1) on the purpose of medical diagnosis, the provision of health care or treatment, or 2) on our legitimate interests in maintaining our relationship with you as our patients - customers, or 3) on your consent, regarding mainly advertisement purposes about our Clinic's activity and products, as well as the communication you may receive from us, in order to inform you about our services which you have already required (e.g. appointment confirmation).

Particularly, our Clinic will not, under any circumstances, collect more personal information than necessary for the purpose for which it collects it, nor will it disclose your data to any third parties, unless this is absolutely necessary for the fulfillment of a service, the provision of which you have requested or unless the processing by a third party is necessary for the purposes of our legitimate interests (e.g. performing credit control) or if you have previously given your consent, and/or when the law requires it (e.g. for execution of a court decision, public prosecutor’s order, etc.).

Also, our Clinic does not sell, lease or transfer your personal data to third parties, except when obligated to do so by law, and does not collect or process personal data of underage children, unless it has the express consent of their parents.

4. For how long do we retain your data?

We do not retain your data for a period longer than necessary to fulfill the purposes for which they have been collected or in any case as required by the applicable legislation.

The information you provide us with may be archived or stored periodically, in accordance with our security procedures and will only be retained for as long as it is necessary for the purpose for which it was collected, unless the law requires us to maintain it for longer (e.g. regarding tax documents pertaining to the provision of our services to you, such as invoices/receipts), or to delete them sooner or unless you exercise your right to delete or restrict your data (when permitted).

For example, we are obliged by law to retain the medical records of the patients for ten (10) to twenty (20) years. Moreover, we will retain the CVs we receive, without eventually hiring the person concerned for a period of twelve (12) months. Finally, according to Directive 1/2011 of the Hellenic Data Protection Authority, records of security cameras that are legally installed in our offices or stores should be kept for a specified period of time in accordance with the purpose for which processed. Unless otherwise required by law or if it is necessary in cases where an infringement occurs, these records are destroyed every 15 working days.

5. Who are the recipients of your data?

We do not sell, lease or exchange your personal data, nor will we do so at any time in the future. We may disclose (share, send, or otherwise disclose) the personal data we collect for you under the terms of the present to third parties (mainly to other doctors), but always under conditions that ensure that there is no unlawful processing, that is, outside the purpose of the disclosure.

Furthermore, your data may be transmitted to countries within the European Economic Area, where all security requirements are met. As a rule, we do not transmit data outside the EU or the EEA, and if necessary (for example, to Google), the disclosure will only be made in accordance with international security requirements and with the maximum protection of your data.

The data in our records may be communicated to the competent judicial, police and other administrative authorities upon their legal request and in accordance with the applicable laws.

In any case, Tzouma Clinic’s employees who have access to your personal data and information are specific and properly trained, while unauthorized access to your data is prohibited.

In particular, we may transfer your data mainly at the following cases:

• To Google and Facebook, as outlined above, especially for the use of the Google Analytics and Facebook Pixel services.

Both of these entities are based in the USA and are in agreement with the transnational agreement known as EU-US Privacy Shield.

• To doctors who perform specific and necessary medical operations.

•To external partners (such as accountants and lawyers).

• To medical laboratories.

• To advertising companies and advertising services providers in general.

• To service providers that host our database and in general perform the technical support and management of our systems.

• To data security providers.

6. How do we protect your data?

We are committed to protecting your personal data. We consistently apply appropriate technical and organizational measures to ensure a level of security that is appropriate to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your personal data that is collected, stored or subjected to any other kind of processing.

Thus, we have implemented security procedures and measures in physical and electronic records in order to protect the personal information we keep, which we regularly review. We shall destroy or erase your personal data when we no longer need it for the provision of our services or as otherwise required by law.

More specifically:

General Controls: Regular and systematic controls are implemented on workstations, such as automatic computer locking, regular software and hardware updates, configuration, physical security, etc. to minimize the possibility of gaining unauthorized access and exploiting crucial data which is stored in our records. Our clinic’s equipment is connected to an Uninterruptible Power Supply (UPS) so that operation is not interrupted in the event of system failure, while in the event of a prolonged power failure, we safely shut down our servers.

File Storage in Physical Format: Our Company may keep files which contain your personal data in physical, hardcopy form (such as medical examinations, invoices, etc.). We keep these records in areas protected by security locks and access is granted only to those employees or partners required for the purposes relevant to their duties. In order to destroy physical files, we use a document shredder to exclude the possibility of anyone accessing them without being authorized by us.

Electronic Data Storage: Some of your personal data will be stored in our website's database. We have applied classified access to files that contain personal data on our network, which is protected by VPN (Virtual Private Network). Based on this classified access, special codes are required which are provided only to those employees or partners who are required to access these files. Our network is additionally protected by antivirus and firewall protection, which separates the local network and prevents unauthorized access. Finally, we ensure the security of your data by backing up our system files.

File transfer: All web traffic (file transfer) between this site and your browser is encrypted and transferred via a 128-bit SSL protocol. Encryption is essentially a way of encoding the information until it reaches its intended recipient, which will be able to decode it using the appropriate key.

Email: The data sent to us via email is protected through the SMTP (Simple Mail Transfer Protocol). Our SMTP servers are protected by a TLS security protocol (sometimes known as SSL), meaning that email content is encrypted using 256-bit SHA-2 encryption before being sent over the Internet. E-mail content is decrypted by our local computers and devices.

7. Which are your rights?

We provide you with the ability to exercise all of your rights under the GDPR in relation to your personal data that we hold and process, such as the right of access and correction, to withdraw consent at any time, to object to data processing, to request data deletion, to restrict the extent of data processing, to prevent direct marketing and to request the transmission of personal data in a common digital format (e.g., pdf) to yourselves or to another organization. You also have the right to submit a complaint to the competent authority.

Indicatively, at your request, we will:

• grant you access to copies of your personal data within a reasonable time

• correct personal information when inaccurate

• withdraw your prior consent to the processing of personal information, etc.

If you wish to exercise any of your rights with respect to any personal data you hold, you may contact our Clinic in writing at This email address is being protected from spambots. You need JavaScript enabled to view it.. You shall get free access to your data, but depending on the volume of data our clinic retains for you, we may ask you to cover some of our costs.

8. How can you contact us?

In case you wish any clarification or information regarding the terms of this Policy, or if you have any dispute, reservation or question, you may contact our Clinic’s Data Protection Officer (DPO), mr. Ioannis Polychronis, at the telephone number 210-2209000 or send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it..

9. Changes to Privacy Policy

This privacy policy may change from time to time according to legislation or industry developments, without prior notice. For this reason we invite you to check this webpage regularly.