This Privacy Policy describes how Dr. Diana Vulcanescu DLC (“we,” “our,” “us”) collects, uses, and protects your personal information when you visit or interact with our website www.drdiana.eu, contact us, make an online booking, subscribe to our newsletter, or receive medical or aesthetic services at our clinic.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (GDPR) and all applicable laws in Cyprus regarding personal data protection.

Dr. Diana Vulcanescu, BSc MSc PgDip MRCGP(int)
Diana Vulcanescu DLC
VAT: 10421811U  Reg. No.: HE421811
Address: Athalassis 54, Office 102, Nicosia, 2023, Cyprus
Tel: +357 22316779  Mob: +357 96910055
Email: info@drdiana.eu
Website: www.drdiana.eu

We may collect and process the following types of personal information:

• Identity Data: full name, date of birth, gender.

• Contact Data: phone number, email address, postal address.

• Medical & Health Data: information shared during consultations, appointments, or via medical forms (processed only by authorised healthcare professionals).

• Booking Data: appointments, services selected, preferences.

• Payment Data: transaction details (processed securely through our payment provider; we do not store card details).

• Technical Data: cookies, IP address, browser type, and analytics data (via Google Analytics, Facebook Pixel, or similar).

• Marketing Data: preferences, newsletter subscriptions, event participation.

Your personal data is used for:

• Providing and managing medical and aesthetic services.

• Responding to inquiries and booking requests.

• Maintaining accurate patient and customer records.

• Sending appointment reminders, treatment information, or aftercare advice.

• Processing payments and issuing invoices.

• Improving our website, services, and customer experience.

• Sending newsletters and updates (only with your explicit consent).

• Complying with legal and regulatory obligations.

All medical information shared with Dr. Diana Vulcanescu is treated as strictly confidential and handled in accordance with GDPR and medical ethics standards.
Only authorised medical personnel have access to health-related data, and such information is used solely for diagnosis, treatment, and continuity of care.
We never disclose medical records or consultation details to third parties without the patient’s explicit written consent, except where required by law.

We process your personal data based on one or more of the following lawful grounds:

• Performance of a contract (e.g., medical or aesthetic services).

• Consent (e.g., marketing or newsletter).

• Legal obligation (e.g., medical documentation retention).

• Legitimate interest (e.g., service improvement, security monitoring).

We retain personal data only as long as necessary to fulfil the purposes outlined above or as required by law.
Medical records are kept in accordance with Cyprus medical data retention laws and professional standards.
You may request deletion of non-medical data at any time (subject to legal obligations).

We implement appropriate technical and organisational measures to safeguard your data against unauthorised access, alteration, disclosure, or destruction.
Our website uses SSL encryption, and all data is stored on secure servers located within the EU or other GDPR-compliant regions.

We do not sell or rent your personal data.
We may share data only with trusted third parties who assist us in operating our business (e.g., booking systems, payment processors, IT service providers) under strict confidentiality and GDPR-compliant contracts.

Our website uses cookies to enhance your experience and analyse traffic.
You can control or disable cookies through your browser settings.
Analytics data helps us understand website performance but does not personally identify you.

Under GDPR, you have the right to:

• Access your personal data.

• Request correction of inaccurate data.

• Request erasure (“right to be forgotten”) where applicable.

• Withdraw consent at any time.

• Object to processing or request restriction of use.

• Request data portability.

To exercise these rights, contact us at info@drdiana.eu. We will respond within 30 days as required by GDPR.

We do not transfer your data outside the European Economic Area (EEA) unless adequate data protection standards are ensured.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will always be available on our website with the latest revision date.

For any questions regarding this Privacy Policy or how your data is handled, please contact:

Dr. Diana Vulcanescu DLC
Email: info@drdiana.eu
Tel: +357 22316779  Mob: +357 96910055
Address: Athalassis 54, Office 102, Nicosia, 2023, Cyprus