Privacy Policy

This Privacy Policy document contains types of information that is collected and recorded by us and how we use it.


This Privacy policy describes when and what personal data we gather about you, how we use such personal data, and to who we give such personal data. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection. It also sets out your rights in relation to your personal data and who you can contact for more information or queries. 


We John Theodorou Group (“we” or “us”), collect and process your personal data (which may hereby refer to as “personal data” or as “data”), with full transparency and respect to your rights. 


We always collect and process your personal data in accordance with the spirit of Regulation (EC) 2016/679 (hereinafter referred to as the “Regulation”), the main objective of which is to protect the personal data of individuals by establishing rules for both the protection of individuals with regards to the processing of personal data and for the free movement of such data. Any reference to a section below refers to a respective section of the Regulation. 



John Theodorou Group is strongly committed to protecting personal data, and this privacy statement details our approach on such issues.  


Personal data includes any information relating to an identified or identifiable living person. John Theodorou Group processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. Please refer to the various provisions of this privacy statement for specific information on particular processing activities. 


1. Our role as Data Controller 

John Theodorou Group is the data controller of any personal data collected. This means that the John Theodorou Group is responsible for deciding how we hold and use personal information about you. We will process such data in accordance with the provisions of applicable Data Protection law. If you have any questions regarding this privacy statement or how and why we process your data, please contact us at: 


Data Protection Officer 

Theodoros Theodorou

Address: Avenue Centre, Office 206, 7 Paphos Road, 3052 Limassol, Cyprus 


Phone:   +35725563333


2. Security 

We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable data and information, from loss, misuse, alteration, or destruction. In particular, we ensure that all appropriate confidentiality obligations and technical and organizational security measures are in place to prevent any unauthorized or unlawful disclosure or processing of such information and data and the accidental loss or destruction of or damage to such information and data. 


3. Changes to the Privacy Policy Notice and your duty to inform us of changes 

This version was last updated on 26.01.22. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 


 4. Third-Party Links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. 


5. How do we collect your personal data?

We use different methods to collect data from and about you including through: 

  • Direct interactions.  

You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you: 

  • apply for our products or services; 
  • subscribe to our service or publications; 
  • request marketing to be sent to you; 
  • enter a competition, promotion or survey; or 
  • give us feedback


  • Automated technologies or interactions.  

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details. 


  • Third parties or publicly available sources. 

We may receive personal data about you from various third parties [and public sources] as set out below: 


  • Technical Data from the following parties:
    (a)  analytics providers such as Google which may be based outside the EU;
    (b)  advertising networks which may be based both inside and outside the EU; and
    (c)  search information providers which may be based both inside and outside the EU. 
  • Contact, Financial and Transaction Data from providers of technical, payment, and delivery services [which may be based both inside and outside the EU. 
  • Identity and Contact Data from data brokers or aggregators may be based both inside and outside the EU. 
  • Identity and Contact Data from publicly available sources such as the Registrar of Companies and other public authorities. 


6. What personal data do we collect about you? 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows: 

  • Identity Data may include first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender. 
  • Contact Data may include billing address, delivery address, email address, and telephone numbers. 
  • Financial Data may include bank account and payment card details. 
  • Transaction Data may include details about payments to and from you and other details of products and services you have purchased from us. 
  • Technical Data may include internet protocol (IP) address, your login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 
  • Profile Data may include your username and password, purchases or orders made by you, your interests, photos, preferences, feedback, and survey responses. 
  • Usage Data may include information about how you use our website, products, and services. 
  • Marketing and Communications Data may include your preferences in receiving marketing from us and our third parties and your communication preferences. It may also include pictures of you before and after your treatment and the publication thereof on our website. 


We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice. 


We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses. 


Without providing us your personal data:  

When using our Website for information regarding our various services, without explicitly providing your personal data in any way, for example, your name, surname, or your contact details, we collect the personal data that the browser or mobile application you use sends to our server.  

This data is technically necessary for a better presentation of our Website, as well as for reasons of security and improving your browsing experience. Some of the data we collect are the following: 

 – IP Address.  

– Date and time of visit.  

– The webpage where your visit comes from  

– The Internet browser you use to visit our webpage  

– Your operating system.  

– Your internet browser version, language, and the difference of the time zone. 


7. How do we process your personal data collected through our Website?  

Your personal data is used strictly as permitted and in accordance with the law. More specifically, we will use your personal data in the following circumstances: 

  • Where we need to perform the contract we are about to enter into or have entered into with you. 
  • Where we are about to contact you regarding your inquiry. 
  • To fulfill your order in terms of product delivery. 
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 
  • Where we need to comply with a legal or regulatory obligation. 


Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.  

Please Contact Us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below. 


Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest. 
To register you as a new customer (a) Identity 

(b) Contact 

Performance of a contract with you 
To process and provide you with our 

services, including: 

(a) Manage payments, fees and 


(b) Collect and recover money owed to us 

(a) Identity 

(b) Contact 

(c) Financial 

(d) Transaction 

(e) Marketing and 


(a) Performance of a contract with you 

(b) Necessary for our legitimate interests 

(to recover debts due to us) 

To manage our relationship with you 

which will include: 

(a) Notifying you about changes to our 

terms or privacy policy 

(b) Asking you to leave a review or take a survey 

(a) Identity 

(b) Contact 

(c) Profile 

(d) Marketing and 


(a) Performance of a contract with you 

(b) Necessary to comply with a legal obligation 

(c) Necessary for our legitimate interests 

(to keep our records updated and to study how customers use our products/services) 

To enable you to partake in a prize 

draw, competition, or complete a survey 

(a) Identity 

(b) Contact 

(c) Profile 

(d) Usage 

(e) Marketing and 


(a) Performance of a contract with you 

(b) Necessary for our legitimate interests 

(to study how customers use our products/services, 

to develop them and grow our business) 

To administer and protect our business 

and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) 

(a) Identity 

(b) Contact 

(c) Technical 

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) 

(b) Necessary to comply with a legal obligation 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the 

the advertising we serve to you 

(a) Identity 

(b) Contact 

(c) Profile 

(d) Usage 

(e) Marketing and 


(f) Technical 

Necessary for our legitimate interests 

(to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) 

To use data analytics to improve our 

website, products/services, marketing, 

customer relationships and experiences 

(a) Technical 

(b) Usage 

Necessary for our legitimate interests 

(to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) 

To make suggestions and recommendations to you about goods 

or services that may be of interest to you 

(a) Identity 

(b) Contact 

(c) Technical 

(d) Usage 

(e) Profile 

Necessary for our legitimate interests 

(to develop our products/services and grow our business) 



8. How long do we keep your personal data collected from our Website?  

The personal data we collect through our Website are only kept for as long as necessary for fulfilling the purpose for which they were collected. In regard to your personal data that we collect from our website, you reserve the rights mentioned in paragraph 9, to the extent that these rights are applicable.  


9. What are your rights according to the Regulation? 

According to the New General Data Protection Regulation 2016/679, you have the following rights:  

a. right to access your personal data (Art. 15 of the Regulation): You may receive information free of charge and/or copies of your personal data, held by us.  

b. right to rectification (Art. 16 of the Regulation): You may at any time request to correct or complete your data.  

c. right to erasure (“right to be forgotten”) (Art. 17 of Regulation): You can request from us to delete your personal data. It is clarified that we reserve our right to deny the said erasure, if the processing is necessary for us to comply with our legal obligation, for reasons of public interest and/or for the exercise of our legal claims and/or if the Regulation gives us such right.

d. right to restriction of processing of your personal data (Art. 18 of Regulation): You may request from us to restrict the processing of your personal data if you contest its accuracy, the lawfulness of its processing, and/or because it is not necessary for the processing purposes they had been collected for and/or when you have already objected to us in processing your data in accordance with section 21 (see Right to Object below) and you expect our position as to the legitimate grounds which override your opposition.  

e. right to data portability (Art. 20 of Regulation): You may receive your data, in a structured, commonly used and machine-readable form, to transfer it to other organizations/companies or ask us to directly do so on your behalf.  

f. right to object (Art. 21 of Regulation): You have the right at any time to object to the processing of your personal data, including profiling, based on the legitimate and/or public interest (section 6 (1) (e) and (f)) when you deem that this is justified due to a particular situation that concerns you. In case you do not agree, we shall no longer process your personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or if the processing serves the establishment, exercise, or defense of legal claims. You may object at any time to the processing of your personal data for purposes related to direct marketing, including profiling, to the extent it concerns direct marketing. In the case where we process your personal data for marketing purposes and you object to the said processing, the processing for the said purposes will cease. Your abovementioned right may be exercised by contacting us (we shall provide an email) you collaborate with or the Customer Service Centre, or our Data Protection Officer or by sending us an email at:

g. right to withdraw your consent: You have the right at any time to withdraw your consent to the collection and processing of your personal data. In such a case, the withdrawal of the consent does not affect the legality of the data processed prior to the revocation. It is noted that the abovementioned rights apply with the restrictions provided for in the Regulation. If you wish to exercise any of the above rights or for any questions regarding the processing of your personal data, you may contact our Data Protection Officer at:

 10. Are you obliged to provide your personal data? 

You are only obliged to provide us with your personal data if you wish to contact us through our website. In that case, we need the above data in order to be able to reply to your request or fulfill your order. 

11. Are your data used for automated profiling? 

Automated profiling means the automated processing of your personal data for evaluating your personal aspects for profiling. In principle, we don’t use your data for automated profiling. 

12. Contact details

If you wish to exercise any of your abovementioned rights or for any clarification, you can contact our Data Protection Officer at the email address: 

13. Changes/ amendments to the Privacy Notice. 

We reserve the right to amend the present privacy policy from time to time, informing you accordingly each time. In such a case, the number and issuance date of the privacy notice displayed will be reviewed. Do not hesitate to contact us through our Data Protection Officer for anything you need regarding the present notice. 

Compare listings