I. PRIVACY AND DATA PROTECTION POLICY

In compliance with current legislation, Hair Transplant Clinic (hereinafter also referred to as the Website) undertakes to adopt the necessary technical and organisational measures appropriate to the level of security required by the risk of the data collected.

Laws incorporated into this Privacy Policy

This Privacy Policy is adapted to current Spanish and European regulations on the protection of personal data on the internet. In particular, it complies with the following legislation:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR).
  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD).
  • Royal Decree 1720/2007, of 21 December, approving the implementing regulations of Organic Law 15/1999 on the Protection of Personal Data (RDLOPD).
  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The data controller responsible for the processing of personal data collected through Hair Transplant Clinic is:

MEDIKHAIR SL
Tax ID (NIF/CIF): B19399500
Registered with: Commercial Registry of Málaga
Registration details: File MA-184733 – IRUS: 1000431339763 – Electronic volume and electronic folio
Legal representative: Carlos Caballero Parejo

Contact details:

  • Address: Calle Bulevar Principe Alfonso de Hohenlohe 19, Local 1, Marbella, Spain
  • Telephone: +34 603 25 83 12
  • Email: apoyoclinico@medikhair.com

Register of Personal Data Processing Activities

In accordance with the GDPR and the LOPD-GDD, we inform you that the personal data collected by Hair Transplant Clinic through forms on its pages will be incorporated into and processed within our records for the purpose of facilitating, expediting and fulfilling the commitments established between the Website and the User, maintaining the relationship established through the forms completed by the User, or responding to requests or enquiries.

Likewise, in compliance with the GDPR and the LOPD-GDD, and unless the exception provided for in Article 30.5 of the GDPR applies, a register of processing activities is maintained, specifying the purposes of processing and the other circumstances established by the GDPR.

Principles Governing the Processing of Personal Data

The processing of the User’s personal data shall be subject to the following principles set out in Article 5 of the GDPR and Article 4 et seq. of Organic Law 3/2018:

  • Lawfulness, fairness and transparency: Consent will be requested at all times following fully transparent information about the purposes for which personal data is collected.
  • Purpose limitation: Personal data will be collected for specified, explicit and legitimate purposes.
  • Data minimisation: Only data strictly necessary for the purposes of processing will be collected.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage limitation: Data will be retained only for as long as necessary for the purposes of processing.
  • Integrity and confidentiality: Data will be processed securely and confidentially.
  • Accountability: The data controller is responsible for ensuring compliance with these principles.

Categories of Personal Data

The categories of data processed by Hair Transplant Clinic include identifying data.

Additionally, special categories of personal data as defined in Article 9 of the GDPR may be processed, including data relating to health.

Special categories of personal data include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data concerning a person’s sex life or sexual orientation.

The processing of such data will always require the explicit consent of the User for one or more specific purposes.

Legal Basis for the Processing of Personal Data

The legal basis for processing personal data is consent.

The User may withdraw consent at any time, as easily as it was given. Withdrawal of consent shall not affect the lawful use of the Website.

Where the User provides data through forms for enquiries or information requests, they will be informed if certain fields are mandatory due to their necessity for processing the request.

Purposes of Data Processing

Personal data is collected and managed to:

  • Facilitate and fulfil the commitments between the Website and the User.
  • Maintain relationships established through submitted forms.
  • Respond to enquiries or requests.

Data may also be used for commercial, personalisation, operational and statistical purposes, marketing analysis, and to improve Website content, quality, functionality and navigation.

Users will be informed at the time of data collection of the specific purpose(s) of processing.

Data Retention Periods

Personal data will be retained only for the minimum time necessary for processing purposes and, in any case, until the User requests deletion.

Users will be informed of the applicable retention period or the criteria used to determine it.

Recipients of Personal Data

User data will not be shared with third parties.

If recipients exist, Users will be informed at the time data is collected.

Recipient:
MEDIKHAIR SL – B19399500
Calle Bulevar Principe Alfonso de Hohenlohe 19, Local 1, Marbella, Spain

If international data transfers are envisaged, Users will be informed accordingly.

Personal Data of Minors

In accordance with Articles 8 GDPR and 7 of Organic Law 3/2018, only individuals aged 14 or over may lawfully consent to data processing. For users under 14, parental or guardian consent is required.

Data Secrecy and Security

Appropriate technical and organisational measures are applied to protect personal data and prevent unauthorised access, loss or alteration.

The Website uses an SSL (Secure Socket Layer) certificate, ensuring encrypted data transmission.

In the event of a personal data breach posing a high risk to users’ rights, the User will be notified without undue delay.

All personal data is treated confidentially, and this obligation is contractually and legally enforced.

User Rights

Users may exercise the following rights under GDPR and Organic Law 3/2018:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right not to be subject to automated decision-making, including profiling

Requests must include identification, details of the request, address for notification, date and signature, and supporting documents.

Contact details for exercising rights:

Third-Party Links

The Website may contain links to third-party websites. These sites operate independently and are governed by their own privacy policies.

Complaints to the Supervisory Authority

Users may lodge a complaint with the competent supervisory authority. In Spain, this is the Spanish Data Protection Agency (AEPD):
https://www.aepd.es/

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

Use of the Website implies acceptance of this Privacy Policy.

Hair Transplant Clinic reserves the right to modify this Privacy Policy due to legal, regulatory or doctrinal changes. Users are advised to review it periodically.

This Privacy Policy has been updated in accordance with GDPR (EU) 2016/679 and Organic Law 3/2018.digitales.