PRIVACY POLICY

STEMMA SINGLE-MEMBER P.C. (STEMA LASER)
Tax ID (VAT): 801500577
Registered Office: 17 Agias Sofias Street, Thessaloniki, Greece
Tel.: +30 2314 037777
Email: info@stemalaser.gr

Last updated: 12/02/2026

1. Introduction

The company “STEMMA SINGLE-MEMBER P.C.”, trading as STEMA LASER (hereinafter referred to as “the Company”), respects and protects the privacy of its clients and website visitors. This Privacy Policy describes how personal data are collected, used, stored, and protected, in accordance with Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019, and the applicable Greek and European data protection legislation.

This Policy applies to every natural person who visits the website, contacts the Company, books appointments, purchases services, or receives laser hair removal and aesthetic treatments.

By using our website and/or our services, you accept the terms of this Privacy Policy.

2. Data Controller

The Data Controller of your personal data is:

STEMMA SINGLE-MEMBER P.C.
VAT: 801500577
Registered Office: 17 Agias Sofias Street, Thessaloniki, Greece
Email for data protection matters: info@stemalaser.gr

The Company determines the purposes and means of processing personal data and ensures compliance with the applicable regulatory framework.

3. Categories of Data Collected

The Company collects only the data that are necessary for the provision of its services and the proper operation of its business.

When you contact us, book an appointment (including online booking), or receive services, we may collect identification and contact details such as full name, telephone number, email address, and billing information.

In the context of providing laser hair removal and aesthetic treatments, we maintain records of sessions, service packages, visit dates, and notes related to the progress of treatment.

For safety and treatment suitability purposes, the Company collects health-related data, such as information concerning dermatological conditions, photosensitivity, hormonal disorders, medication, pregnancy, or other contraindications. These data constitute special categories of personal data under Article 9 GDPR and are collected exclusively upon explicit written consent through a dedicated medical history form.

The Company may retain informed consent forms prior to the commencement of treatment. These documents are stored in physical and/or electronic form for safety and legal protection purposes.

If “before and after” photographs are taken to document treatment results, this is done only following specific consent. The use of such photographs for promotional or marketing purposes is carried out solely upon separate, explicit, and revocable consent.

While browsing our website, technical data may be collected, including IP address, device information, browser type, and data derived from cookies.

In the event of telephone communication, call details may be recorded. Where call recording systems are in place, callers are informed prior to the start of the recording.

If a closed-circuit television (CCTV) system operates at our premises, image recording takes place exclusively for the protection of persons and property.

4. Purposes and Legal Basis for Processing

Personal data are processed for the proper organization and management of appointments, the operation of online booking systems, the provision of laser hair removal services, the assessment of treatment suitability, the maintenance of client records, the issuance of tax documents, and the handling of communication requests.

In the case of online transactions, data are used to complete payments through certified electronic payment providers. The Company does not store card details.

The legal basis for processing may include the performance of a contract, compliance with a legal obligation, the legitimate interest of the Company in ensuring the safe and proper operation of its business, or the data subject’s consent.

Health data are processed exclusively on the basis of explicit consent.

The sending of newsletters or promotional material, as well as the use of remarketing tools or advertising cookies, is based solely on prior consent, which may be withdrawn at any time.

The operation of CCTV is based on the Company’s legitimate interest in protecting its property and ensuring the safety of employees and clients.

5. Disclosure to Third Parties

The Company does not sell or lease personal data.

Access to personal data may be granted to partners acting as data processors, such as accountants, IT technicians, website hosting providers, cloud service providers, online booking providers, email marketing platforms, and electronic payment providers.

In all cases, contractual safeguards are in place to ensure GDPR compliance.

No transfer of personal data outside the European Economic Area takes place unless appropriate safeguards are provided in accordance with GDPR requirements.

6. Data Retention Period

Personal data are retained only for as long as necessary to fulfill the purposes of processing.

Data related to service provision and tax obligations are retained in accordance with applicable tax and commercial legislation.

Medical forms and health data are retained for as long as necessary for safety and legal protection purposes.

CCTV footage is retained for a limited period and is automatically deleted unless required for the investigation of an incident.

Data processed on the basis of consent are retained until such consent is withdrawn.

7. Data Security

The Company implements appropriate technical and organizational measures to ensure data security, including SSL encryption, secure information systems, restricted access to authorized personnel, protection of physical records, and controlled access to electronic and cloud-based data.

8. Data Subject Rights

Every individual has the right to access, rectify, erase, restrict processing of, object to, and request portability of their personal data.

Where processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Requests may be submitted in writing to info@stemalaser.gr.

If you believe that your rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority.

9. Amendments

The Company reserves the right to modify this Privacy Policy at any time. The current version is always available on the website.