MACHINE-BASED FACIAL, SKINCARE AND MEDICAL-AESTHETIC TREATMENTS
This Privacy Policy applies to you if you have been contacted by the Spandora Aesthetic Clinic Call Center or if you use our cosmetic and/or medical-aesthetic services.
For information about data processing on Spandora.hu, its webshop, and related campaigns, please refer to the “ONLINE SPANDORA” Privacy Policy.
The “Data Controller” is any natural or legal person (or organization without legal personality) who, within the framework defined by law, independently or jointly determines the purposes of data processing, makes and implements decisions related to data processing (including the means used), or has them carried out by a data processor. In this case, I&S Limited Kft. is your Data Controller.
Our company’s contact details:
Name: I&S Limited Liability Company
Registered office: 1036 Budapest, Bécsi út 38–44, 1st floor “Spandora”
E-mail: info@spandora.hu
Phone: +36 1 550 0333
Data Protection Officer: dpo@spandora.hu
The Data Controller places the highest importance on respecting the right to informational self-determination of clients undergoing cosmetic and medical-aesthetic treatments, as well as business partners, in line with the principles and practices set out in this notice.
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”).
“Health data” means personal data related to the physical or mental health of a natural person, including data related to healthcare services provided, which reveal information about the health status of that person.
“Data processing” means any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, storage, alteration, retrieval, use, disclosure, restriction, erasure, or destruction.
For clarity, our data processing practices are summarized in the tables below. If you have questions, please contact us at the details provided in section (1).
A) COSMETIC TREATMENTS
(appointment booking, Call Center call recording, consultation questionnaires, contracts, newsletters, complaints, satisfaction surveys).
B) MEDICAL-AESTHETIC TREATMENTS
(consultation registration, appointment scheduling, medical consultation questionnaires, EESZT records, legal health documentation requirements, newsletters, complaints, satisfaction surveys).
Retention periods, legal bases (GDPR Art. 6 and Art. 9), and data categories are listed in detail in the full policy.
The Data Controller applies proportionate technical and organizational measures (e.g. encryption, pseudonymization, ISO 27001-compliant safeguards) to protect personal data from unauthorized access, alteration, transmission, disclosure, deletion, or accidental loss.
The Controller engages processors for specific purposes (e.g. invoicing, IT services, online marketing platforms, bookkeeping, CRM systems, payment providers, postal services).
Examples include:
SPOT Tanácsadó és Szolgáltató Kft. (invoicing, CRM)
JK Rendszerek Bt. (IT services)
Meta Platforms Ireland & TikTok Technology Ltd. (marketing platforms)
OTP Mobil Kft. (SimplePay)
Magyar Posta Zrt. (delivery)
The Rocket Science Group LLC (Mailchimp newsletters)
Országos Kórházi Főigazgatóság (EESZT)
Personal data is only transferred outside the EU/EEA under exceptional circumstances with appropriate safeguards.
The Controller does not use AI-based or automated decision-making systems. Client profiles are created in the CRM system to recommend suitable treatments.
For complaints, please contact us directly (see section 1).
You may also lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
Details: http://www.naih.hu
You also have the right to take the Controller to court.
Providing personal data is a precondition for receiving cosmetic and/or medical-aesthetic services. Without it, services cannot be provided. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.
You are entitled to:
Right to information (Arts. 13–14 GDPR)
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Requests will be processed free of charge unless manifestly unfounded or excessive.
Data may only be disclosed to authorities to the extent strictly necessary and based on a lawful request.
This document is based on the General Data Protection Regulation (GDPR, EU 2016/679) and complies with Articles 13–22.
Effective date: 01 July 2023
❓ Szeretnéd, hogy ezt is teljes HTML-ben fordítsam át, az eredeti magyar verzióhoz hasonló táblázatos és tagolt formában?