This website is owned and operated by WISH Medical Tourism LTD, a company registered in Cyprus under company number HE429820 of 32 Kyriakou Matsi, Villa Clara, Pissouri 4607, Cyprus. WISH Medical Tourism LTD are a data controller and responsible for your Personal Data (referred to as “we”, “us” or “our” in this Privacy Policy).  If you register with us to access any of our services, then we may also as a data processor in connection with the delivery of our services to you.

We are registered with the laws of the Republic of Cyprus under registration number HE429820 and you can view more information about our registration online here.

We respect your privacy and are committed to protecting your Personal Data. This privacy policy will inform you as to how we look after your Personal Data and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Your visit to our website (the “Site”) is subject to the terms set out in this Privacy Policy. The Policy also applies when you correspond with us in person, by letter, by phone, email or any other means.  Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

This Policy is updated from time to time. The latest version updated on 24/02/2022, is published on this page of the Site. All updated versions of the policy will be published on this page of the Site. This policy has been updated to reflect the changes introduced by the General Data Protection Regulation (EU) 2016/679 (“GDPR”).


Personal Data (as defined in the GDPR), or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). When you visit our Site or correspond with us in person or by phone, e-mail or otherwise you may give us information that would be classed as Personal Data about you and others you are acting on behalf of. We may collect, use, store and transfer different kinds of Personal Data about you when you do so which we have grouped together follows:

  • Identity Data which includes your first name, last name, title, date of birth and gender;
  • Contact Data which includes your billing address, home address, email address and telephone numbers;
  • Health Data which includes any information about your health and in particular in relation to your hair, data arising from a hair consultation and any treatment or other services that you may receive from us;
  • Financial Data which includes your bank account and payment card details;
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site;
  • Usage Data which includes information about how you use our Site, products and services; and
  • Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may collect Special Categories of Personal Data (as defined in GDPR) about you. This includes details about health, race or ethnicity, religious or philosophical beliefs, sex life or sexual orientation. We do not collect any information about criminal convictions and offences.

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with healthcare services). In this case, we may have to cancel a service you have asked us to provide but we will notify you if this is the case at the time.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.


We use different methods to collect data from and about you including through methods in the service processes performed in different channels such as website, mobile applications, call center, stores, social media channels, direct or authorized communication channels and physical channels; by using these channels, your personal data are collected by verbal, written or electronic methods that are created and executed in accordance with the relevant legislation, contracts, demands, commercial practices and honesty rules, which have the opportunity to offer you our quality services and to carry out our business and commercial activities within this framework.

In this context, your personal and health data can be collected by WISH Medical Tourism LTD or real or legal persons who process data on behalf of WISH Medical Tourism LTD, in writing or electronically, by the following methods; 

  • The membership form you fill out electronically or physically; 
  • Social networks that allow you to login to our websites during membership or login;
  • Communication forms that you fill out on our websites or websites of third parties to contact us;
  • Online shopping applications, cookies used to identify you, our mobile applications;
  • All kinds of e-mails, requests, work orders, faxes and letters you have sent to our company with the various contracts you have signed with our company;
  • Third party company (s) processing data on behalf of our company or supporting our company at any stage of the membership program process;
  • Our customer service channels, including our employees, digital marketing and call center;
  • Social media channels, Google etc. use of search engines;
  • Membership agreements and other agreements, campaigns, applications, forms, offers;
  • Our service network and related consultants and third parties.

All your Personal Data, other than your Personal Data required for the establishment or performance of the contract between you and WISH Medical Tourism LTD, will be processed based on your explicit consent, if you give your express consent after reading this text. We would like to state that you have the right not to give explicit consent to the processing of your Personal Data other than your Personal Data required for the execution of the contract during the establishment of the contract with you or in the continuation of the contract, and we also would like to state that this express consent is not a prerequisite for establishing a contract with you or for you to purchase the products.


At WISH Medical Tourism LTD your Personal Data and/or data classified as private to be collected by the above-mentioned methods can be obtained, recorded, kept, stored, changed, updated, periodically checked, rearranged, classified, preserved for the period required for the purpose for which they are processed or for the period stipulated in the relevant law, shared/transferred with the third parties detailed below, legal or in case of actual requirements depending on the service.

The lawful bases for processing Personal Data are set out in Article 6 of the GDPR. We may process your Personal Data on more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out below. At least one of these must apply whenever we process Personal Data:

  • Consent: you have given clear consent for us to process your Personal Data for a specific purpose;
  • Contract: the processing is necessary for a contract we have with you (for example, to process and deliver healthcare services to you and to manage our relationship with you), or because you have asked us to take specific steps before entering into a contract;
  • Legal obligation: the processing is necessary for us to comply with a legal or regulatory obligation (not including contractual obligations);
  • Vital interests: the processing is necessary to protect someone’s life;
  • Legitimate interests: the processing is necessary for our legitimate interests (for example to administer and maintain our website) or the legitimate interests of a third party unless there is a good reason to protect your Personal Data which overrides those legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

We rely on the following legitimate interests when processing your Personal Data:

  • To manage our business and comply with our obligations to our patients, staff and suppliers;
  • To protect our proprietary and commercially sensitive information; and
  • To administer and maintain our website.

We also need to satisfy specific conditions for using your health data. We rely upon the following ground in this regard:

  • Express Consent: you expressly consent to the processing of Personal Data concerning your health to allow us to deliver our services to you.

Generally, we do not rely on consent as a legal basis for processing your Personal Data other than as described below. However, where we do ask for your consent (for example in processing data relating to your health) we will do so in order to comply with the principle that any processing must be lawful, fair and transparent.


In general, we do not share or disclose information about you to third parties without your consent unless WISH Medical Tourism LTD is required to or authorized by laws.

We may have to share your Personal Data with the parties below in order to provide our services to you. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law, and when they are processing Personal Data on our behalf we do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions and in accordance with the law. Examples of our third parties include:

  • Third parties who you authorize to provide services to you;
  • Sub-contractors for the performance of any contract we enter into with them or you;
  • Service providers acting as processors who provide IT and system administration services; and
  • Professional advisers including lawyers, bankers, auditors and insurers based who provide consultancy, banking, legal, insurance and accounting services;
  • Government bodies and law enforcement agencies to prevent fraud, to comply with applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies.


We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.


Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • Request access to the Personal Data that WISH Medical Tourism LTD process about you. This right entitles you to know whether WISH Medical Tourism LTD hold Personal Data about you and, if WISH Medical Tourism LTD do, to obtain information on and a copy of that Personal Data;
  • Request a rectification of your Personal Data: this right entitles you to have your Personal Data be corrected if it is inaccurate or incomplete;
  • Object to the processing of your Personal Data;
  • Request the erasure of your Personal Data, including where such Personal Data would no longer be necessary to achieve the purposes;
  • Request the restriction of the processing of your Personal Data;
  • Request portability of your Personal Data: You can request a copy in a structured, commonly used and machine-readable format of Personal Data that you have provided to WISH Medical Tourism LTD, or request WISH Medical Tourism LTD to transmit such Personal Data to another data controller;
  • To know the third parties to whom his/her Personal Data are transferred in country or abroad;
  • To object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems, including profiling;
  • To claim compensation for the damage arising from the unlawful processing of your Personal Data.

If processing of your Personal Data is based on your consent, you have the right to withdraw such consent at any time by contacting [email protected].

If, despite WISH Medical Tourism LTD’s efforts to protect your Personal Data, you believe that your data privacy rights have been violated, WISH Medical Tourism LTD encourage data subjects to apply to WISH Medical Tourism LTD first to seek resolution of any complaint. Data subjects have the right at all times to lodge a complaint with the relevant data protection authority.


Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Our Services do not address anyone under the age of 18. We do not knowingly collect personal identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us: [email protected]

We'll make your WISH