Data protection is a matter that we take very seriously in our specialist clinic. The visualization and use of the pages of our website is allowed without having to indicate some type of personal data for it; however, if a data subject wants to use the services provided through our website, that user’s personal data may be requested and processed. If there is a need for processing of personal data and there is no legal basis for such treatment, we will request your consent.
All of your personal information collected will be used to help you make your visit to our site as productive and enjoyable as possible.
All personal information relating to patients, clients or visitors using the Madeira Hair Clinic will be treated in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to concerning the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Regulation on Data Protection).
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, as well as identifiers by electronic means, must always comply with the General Data Protection Regulation (hereinafter GDPR) and according to the protection of country specific data and regulations applicable to Madeira Hair Clinic. Through this data protection statement, the Madeira Hair Clinic informs the general public about the nature, intent and purpose of the personal data that is collected, used and processed. In addition, data holders are informed, through this data protection declaration, of their rights.
As responsible for data, Madeira Hair Clinic has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this site. However, data transmissions made on the Internet may eventually have security holes, and absolute protection may not be guaranteed. For this reason, all data subjects are free to transfer personal data through alternative means, by email.
Madeira Hair Clinic encourages you to review the privacy statements of Web sites you choose to link to from this website so that you can understand how those Web sites collect, use and share your information. The Wood Hair Clinic is not responsible for the privacy statements or other content on Web sites outside of the our site and other sites.
For the purposes of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions related to data protection are the Data Protection Officer (DPO). View site Contacts page.
Any user may at any time directly contact the DPO with any questions and suggestions regarding data protection.
Cookies and Web Beacons
The data subject may, at any time, prevent the configuration of cookies through our website through a corresponding configuration of the Internet browser used, which may, therefore, permanently deny the configuration of cookies. In addition, already defined cookies can be deleted at any time through an Internet browser or other software programs. This is possible in all of the most popular Internet browsers. If the data subject disables cookie configuration in the Internet browser used, some functions of our site may not be fully available.
The user or visitor can either turn off their cookies in their browser options or make changes to the tools of Anti-Virus programs, such as Norton Internet Security. However, this may change how you interact with our website, or other websites. This may or may not affect the ability to log in to programs, websites, or forums from our and other networks.
Data collection and general information
Our site collects a lot of data and general information when a data holder or automated system accesses the site. This data and general information is stored in the server log files. Data collection may be (1) the types of browsers and versions used, (2) the operating system used by the access system, (3) the site from which an access system arrives at our site (so-called referrers), (4) sub-sites, (5) date and time of access to the Internet site, (6) Internet address (IP address), (7) Internet access provider of the access system, and (8) any other data and information that can be used in case of attacks on our information technology systems.
By using this data and general information, the organization does not draw conclusions about the data subject. Rather, this information is required to (1) deliver the content of our site correctly, (2) optimize the content of our site as well as its advertising, (3) ensure the long-term viability of our technology systems information and technology of the site and (4) provide police authorities with the information necessary for criminal prosecution in the event of cyberattack. Therefore, the organization statistically analyzes data and information collected anonymously, in order to increase the protection of data and data security of our company, and to ensure an excellent level of protection for the personal data we treat. Anonymous data from server log files is stored separately from all personal data provided by the user.
Website sign up
The holder of the data has the possibility of registering on the data controller’s website with the indication of personal data. Such personal data are transmitted to the data controller and are determined by the input form used for registration. The personal data entered by the data subject are recorded and stored exclusively for internal use by the data controller and for his own purposes.
When registering on the site of the data controller, the IP address – assigned by the Internet Service Provider (ISP) and used by the data owner – date and time of the record, are also stored. The storage of such data is a safeguard that this is the only way to prevent misuse of our services and, if necessary, to enable investigation of crimes committed. It is then realized that the storage of such data is necessary to protect the data controller. These data are not passed on to third parties, unless there is an obligation to transmit data, or if the transfer meets the purpose of criminal prosecution.
The registration of the data subject, with the voluntary indication of personal data, is intended to enable the data controller to offer the data subject content or services that can only be offered to registered users because of the nature of the subject matter. Registered persons are free to change the personal data specified during registration at any time or to be completely excluded from the data controller’s database.
The controller shall at any time provide information on request to each data subject on the personal data that are stored on the data subject. In addition, the data controller must correct or erase the personal data upon request or indication of the data subject, as long as there are no legal storage obligations. All of the data controller’s employees who are responsible for data is available to the data holder in this document.
Site contact requests
The site contains information that allows for quick electronic contact with our company, as well as direct communication with us, which also includes a general email address (e-mail address). If a data subject contacts the data controller by e-mail or by means of a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted voluntarily by a data subject to the data controller are stored for the purpose of dealing with or contacting the data subject. There is no transfer of this personal data to third parties.
Personal data elimination and blocking routines
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the storage purpose or, to the extent that this is granted by the European legislator or other legislators in laws or regulations to which the responsible for data is subject.
If the storage target is not applicable, or if a storage period prescribed by the European legislator or other competent legislator expires, personal data are routinely blocked or deleted in accordance with legal requirements.
Protection of data for applications and their treatment
The data controller shall collect and process the personal data of applications for the purpose of processing and safeguarding information. Treatment can also be done electronically. It is considered electronically if a candidate submits the corresponding registration documents by e-mail, through a web form on the website or through the social pages of our company to the data controller. If the data controller performs an employment contract with a candidate, the data submitted will be stored for the purpose of dealing with the employment contract in accordance with the legal requirements. If no contract of employment is concluded with the applicant by the controller, the application documents shall automatically be deleted two months after notification of the refusal, provided that no other legitimate interest of the controller is opposed to the deletion. Legitimate interest in this case could be, inter alia, a burden of proof in a procedure under the General Law on Equal Treatment (GLET).
Data protection information on social networks Facebook and Instagram
In this site, the data controller integrated components of the company Facebook and Instagram, both are Internet social networks.
A social network is a place for social sharing on the Internet, an online community, which generally allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences, or allowing the Internet community to provide personal or business-related information. Facebook and Instagram allow users of these social networks to create private profiles, upload photos, and build networks through friend requests.
The operating company of Facebook and Instagram is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. For residents outside the United States or Canada, data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
Each call made to one of the individual pages of this Internet site, operated by the data controller and in which a component (plug-ins) has been integrated, the web browser in the information technology system of the person in question is automatically requested to download the corresponding component display. During the course of this technical procedure, Facebook and Instagram collect information from which specific page (s) of our site the user has visited.
If the data holder is connected at the same time to Facebook and / or Instagram, they will detect all links to our site by the data keeper – and for as long as the user visits our website – as well as which specific pages were visited by the person concerned. This information is collected through the social network tools to be used and associated with their respective data holder accounts. If the person concerned clicks on one of the Facebook or Instagram buttons integrated in our website, the “Like” button or similar, or if the data subject sends a comment, Facebook and Instagram will match that information to the personal account of the social networks of the data subject and will store the personal data.
The social networks in question will continuously receive information about visits to the site, made by the data owner, as long as the data holder is connected during the period of visit to the site. This process will occur regardless of whether the subject clicks on the Facebook / Instagram icon or not. If such transmission of information is not desirable for the data subject, you can avoid sending this information by turning off the social accounts before visiting the site.
We encourage you to read the data protection guidelines published by Facebook and Instagram that provide information on the collection, processing and use of personal data by the same partner networks. In addition, the configuration options offered by the same networks are explained to protect the privacy of the data. Moreover, different configuration options are available to allow the elimination of data transmission to the social networks in question. These measures can be used by the data subject to eliminate data transmission.
Data protection information about the application and use of Google Analytics (with anonymization function)
On our site, the data controller has integrated the Google Analytics component (with the anonymization function). Google Analytics is a web analytics service. Web analytics is the process of collecting and analyzing data on the behavior of site visitors. A web analytics service collects and reconciles data about the site from which a user arrived (the so-called referrer), which sub-pages were visited, or how often and for how long a subpage was viewed. Web analytics is used primarily for optimizing a website and for conducting a cost-benefit analysis of Internet advertising.
The Google Analytics component carrier is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, United States. For residents in Europe, the data controller is in Ireland.
The purpose of the Google Analytics component is to analyze traffic to your site. Google uses data and information collected, among others, to evaluate your use of the site and to provide online reports that show activities on the site and to provide other services related to your use of the website on the Internet.
Google Analytics places a cookie on the data keeper’s technology system. The definition of cookies is explained above. With the cookie setup, Google is able to review the use of the site of the entity. Each time you link to one of the individual pages of this website, operated by the data controller and in which a Google Analytics component has been integrated, the Internet browser in the data subject’s information technology system will automatically send the data through the Google Analytics tool for online advertising purposes, and the settlement of commissions for Google. During the course of this technical procedure, the Google company acquires knowledge of personal information, such as the IP address of the data subject, which serves Google, among other things, to understand the origin of visitors and clicks and subsequently create commission agreements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits to the site by the user. At each visit to the site, such personal data, including the IP address used by the data subject, will be transmitted to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may pass this personal information collected through the technical procedure to third parties.
The data holder may, as stated above, prevent the setting of cookies on the site at any time by means of corresponding adjustment in the web browser that you use and thus permanently deny the setting of cookies. Such a setting in the used Internet browser will also prevent Google Analytics from installing a cookie on the user information technology system. In addition, cookies that are already in use by Google Analytics can be deleted at any time through the web browser or through other programs.
More information and applicable Google data protection methods can be found at https://www.google.com/policies/privacy/ and at http://www.google.com/analytics/ terms / us.html. Google Analytics is explained in the following link https://www.google.com/analytics/.
Legal basis for treatment
Art. 6 (1) of the GDPR serves as the legal basis for treatment operations for which we obtain consent for a specific treatment purpose. If the processing of personal data is necessary for the performance of a contract of which the data subject is a party, as is the case, for example, when processing operations are necessary for the supply of goods or for providing any other service, treatment is authorized on the basis of Article 6 (1), b GDPR. The same applies to such processing operations which are necessary for the execution of pre-contractual measures, for example in the case of consultations concerning our products or services. Our company is subject to a legal obligation for which the processing of personal data is necessary, such as for the fulfillment of tax obligations, treatment based on art. 6 (1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information had to be transmitted to a doctor, hospital or other. This action and its treatment would be based on art. 6 (1) lit. of the GDPR. Finally, data processing operations may be based on Article 6 (1) of the GDPR Code. This legal basis is used for processing operations not covered by any of the above legal grounds if the processing is necessary for the legitimate purposes pursued by the entity or by a third party, unless those interests are nullified by the interests or fundamental rights and freedoms of the entity. concerned that require protection of personal data. Such treatment operations are particularly permissible because they have been specifically mentioned by the European legislator. It is considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2, GDPR).
Legitimate interests in the company and third parties
Based on article 6, paragraph 1, of the RGPD, the legitimate interest is to conduct business, current and future, in favor of the well-being of all its employees and shareholders.
Period of storage of personal data
The criterion used to determine the period of personal data storage is the respective legal retention period. After that period, the corresponding data is routinely excluded, as long as it is not necessary for the performance of the contract or for the start of a contract.
Provision of personal data as a compulsory or contractual requirement; Necessary requirement to conclude a contract; Obligation of the data subject to provide personal data; consequences of failure to provide such data.
We clarify that the provision of personal data is partly required by law (eg tax regulations) or may also result from contractual clauses (eg information on the contractual partner). Sometimes, in order to finalize a contract, it may be necessary for the data subject to provide us with personal data, which must be further processed by our organization. The data subject is, for example, obliged to provide personal data when our organization signs a contract with the holder. Failure to provide personal data will result in non-conclusion of the contract. Before personal data is provided by the data subject, the data subject must contact any employee. The official clarifies to the data subject whether the provision of personal data is required by law or contract or whether it is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of failure to provide data for the performance of the data contract.
Automatic decision makers
As the responsible entity, we do not use automatic decision makers or automatic profiling.
INFORMATION UPDATED AT 2nd July 2018