Application privacy policy

Privacy Policy of the Warsaw Aesthetic Application January 23, 2024

This Privacy Policy sets out the general terms, conditions, and the method of providing services as well as using the Warsaw Aesthetic Application, made available by Chirurgia Plastyczna sp. z o.o. sp. k., with its registered office in Warsaw at ul. Waflowa 7A, 02-971 Warsaw, entered into the Register of Entrepreneurs of the National Court Register under number KRS: 0000743985, NIP: 9512467450, REGON: 38095887500000.

§ 1. Definitions

The terms used in this Privacy Policy shall be understood as follows:

1. Application – software available for mobile devices, made available to the User by Chirurgia Plastyczna sp. z o.o. sp. k., intended to enable communication between the Medical Entity and the User, particularly within the scope of the Functionalities;

2. Medical Entity – the entity providing the Application to the User, i.e., Chirurgia Plastyczna sp. z o.o. sp. k., registered at ul. Waflowa 7A, 02-971 Warsaw, entered into the National Court Register under number KRS: 0000743985, NIP: 9512467450, REGON: 38095887500000;

3. User – a natural person with full legal capacity who has downloaded and installed the Application on a mobile device and has activated their account;

4. Non-activated User – a natural person with full legal capacity who has downloaded and installed the Application on a mobile device but has not activated their account, and who uses the functionalities available to non-activated users. The non-activated User can activate their account at any time, upon which they become a User;

5. Privacy Policy – this Privacy Policy dated January 23, 2024;

6. Functionalities – all features of the Application enabling communication between the User and the Medical Entity, particularly including booking consultation appointments, monitoring appointments, scheduling surgeries or procedures, updating appointments, exchanging medical results, receiving post-operative care instructions and physiotherapy guidelines, sending post-operative photos, online consultations, receiving appointment reminders, confirming, cancelling or rescheduling appointments, receiving reminders for follow-up treatments, and marketing and informational content related to aesthetic medicine, special offers, articles, warranty conditions, photo galleries, etc.;

7. Functionalities for Non-activated Users – Application features available to non-activated Users, particularly access to Medical Entity data and the ability to schedule a consultation;

8. Account – a personalized set of resources and permissions within the Application assigned to the User or Non-activated User;

9. Account Activation – an action performed by a non-activated User to gain access to full Application functionalities.

2. General Provisions

1. This Privacy Policy in particular defines:

   1) general terms, conditions, and manner of providing services and using the Application;

   2) Functionalities and Functionalities for Non-activated Users;

   3) technical requirements necessary for proper functioning of the Application;

   4) the account activation process;

   5) terms of contract conclusion and termination for using the Application.

2. Use of the Application requires the User or Non-activated User to read and accept the contents of this Privacy Policy.

3. Use of the Application is free of charge. Any costs of data transmission or internet connection are borne by the User/Non-activated User.

4. Use of the Application is based on an agreement concluded in electronic form between a person with full legal capacity and the Medical Entity. The agreement is concluded by downloading and installing the Application and accepting the Privacy Policy.

5. The User and Non-activated User may terminate the agreement and delete their account at any time via an in-app form or in writing to the Medical Entity’s address.

§ 3. Scope of Application Functionalities

1. The Medical Entity enables individuals who have downloaded and installed the Application to create an Account and use the Application as either a User or Non-activated User.

2. A Non-activated User can only use limited functionalities, including:

   1) access to the Medical Entity’s data,

   2) one-time scheduling of a consultation,

   3) rescheduling a consultation up to three times,

   4) contacting the Medical Entity’s reception,

   5) accessing information about treatments, team, and services.

3. A User gains access to full functionalities including but not limited to:

   – booking and rescheduling consultations and procedures,

   – viewing test results,

   – receiving medical recommendations,

   – sending post-op images,

   – chatting with medical staff,

   – receiving appointment reminders,

   – receiving marketing information, special offers, and educational content.

These functionalities become available after account activation.

§ 4. Account Creation and Activation

1. After installing the Application and accepting the Privacy Policy, a person with full legal capacity may create an account by providing their name, email address, and password, and confirming their email via an activation code. Upon completion, they become a Non-activated User.

2. Account activation is carried out in person at the Medical Entity’s premises (ul. Waflowa 7A, Warsaw) by presenting an ID and signing written consent to receive services electronically and share medical information via the Application.

3. After activation, the Non-activated User becomes a User and gains access to the full Application functionalities.

§ 5. Technical Requirements for the Application

1. The Application is available in the latest version from the app store for:

   a) iOS devices (version 13.x or newer),

   b) Android devices supporting API 21 or newer.

2. The Application will not work on devices that do not allow installation of external applications.

3. An internet connection is required.

4. The Application does not use cookies.

§ 6. How to Use the Application

1. The User/Non-activated User logs in using their login and password and must not share this information with others. The Medical Entity is not responsible for unauthorized access resulting from sharing login data or improper device security.

2. A password reminder process is available, and a temporary password will be sent to the provided email address, valid for 24 hours.

§ 7. Data Protection Notice for Users of the Application concerning activities carried out by Chirurgia Plastyczna sp. z o.o. sp. k.

1. The controller of your personal data is Chirurgia Plastyczna Spółka z o.o. Spółka komandytowa, ul. Waflowa 7A, 02-971 Warsaw, KRS: 0000743985, NIP: 9512467450.

2. Your personal data is processed in accordance with Regulation (EU) 2016/679 (GDPR).

3. The Controller processes your personal data including:

   1) Name, surname, PESEL, contact details (phone, email) – based on Article 6(1)(b) GDPR – necessary for contract performance;

   2) Health data and age – based on Article 9(2)(a) and (h) GDPR – your consent and processing necessary for medical services.

4. Your data, including special categories under Article 9 GDPR, may only be shared with entities authorized under law or involved in the provision of services.

5. (Duplicate – same as point 4 above)

6. Your data (name, phone number, email) may be shared with cosmetology or dentistry entities linked to the Controller, subject to your prior consent. Refusal does not affect your ability to use other services.

7. Your data will not be transferred outside the EEA or to international organizations.

8. You have the right to:

– obtain access to your personal data processed by the Controller (Article 15 GDPR),  

– request rectification of your personal data that is inaccurate (Article 16 GDPR),  

– request the Controller to erase your personal data without undue delay (Article 17 GDPR),  

– request the Controller to restrict the processing of your personal data (Article 18 GDPR),  

– transfer your personal data (Article 20 GDPR),  

– object to the processing of your personal data, if the processing is based on Article 6(1)(e) or (f) (Article 21 GDPR).  

9. If your personal data is processed based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

10. You have the right to lodge a complaint with a supervisory authority, namely the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, if you believe that the processing of your personal data violates the provisions of the GDPR.

11. The provision of your personal data is voluntary but necessary for the Controller to take actions related to the provision of services.

12.Your personal data will be processed for the period resulting from generally applicable law or until the expiry of the limitation period for claims, i.e., 20 or 30 years.