Last updated: 2018-10-12
What data do we collect
Information you provide to us
There are other ways in which you may directly or indirectly provide us with personal information about yourself. For example, when you choose to contact us through our contact form on the website, a phone call, email or in person at one of our clinics.
Personal and contact information
Data such as name, telephone number and e-mail address are collected in order to be able to get back to you if you are interested in a free consultation or treatment. This data is also used to keep the booking register, but will also be used to keep our records.
For an online consultation, we may require you to submit a health declaration to us. When you visit one of our clinics, we require a Health Declaration before you come in for a consultation or treatment. This is kept in order to follow up on any illnesses that may clarify your symptoms but also to offer the best treatment based on your circumstances.
Information through integration
The information through your integration with Nordic Hair Clinic may come from several different resources. We collect data based on how you use our services on the web such as; response time for pages, download errors, how you reached and left the service and delivery notifications when contacting you.
We may collect data such as your IP address, language settings, browser settings, time zone, operating system, platform and screen resolution. This is in order to be able to analyse the overall average of these variables in order to be able to offer better services to the public in the future that work for as many platforms as possible.
Your geographical location is automatically retrieved in order to display the services offered near your area, but also to offer the language settings that can match your language skills so that you, the customer, feel satisfied and comfortable with the information relevant to you in a language you understand.
Journal and treatment information
During a physical visit, we are required by law to document the treatments you choose to undergo in a so-called patient record. Therefore, we have the right to process your personal data in our medical records even if you have not given your consent. A patient’s medical record must always contain the following information: details of health, number and type of treatments performed, choice of medication and measures taken.
How your information is used
Your personal data is needed to provide safe and secure processing of the highest quality and to monitor, develop and improve our operations. Nordic Hair Clinic processes your personal data on the following legal grounds (see table below).
In case you do not wish to receive individual offers and information, you can always unsubscribe directly by following the “Unsubscribe” link at the bottom of our emails. To unsubscribe for any physical communication, you need to email us at email@example.com. If you choose to opt out of these types of communications, we will no longer be able to tailor the offer to you. Keep in mind that we never reveal information about someone’s health status in open communications.
|Purpose||Legal basis||Automated decision making|
|Confirm your identity and contact details.||Carry out our actions towards you||No|
|Payment administration and customer relationship.||Carry out our actions towards you||No|
|The determination of payment method and internal and external credit assessments.||Carry out our commitments to you and comply with applicable legislation||No|
|Customer analysis, Nordic hair Clinic's services and internal activities. Including troubleshooting, data analysis, testing, research and static purposes.||Carry out our commitments to you and other legitimate interests||Yes|
|Present effective and essential information to you||Comply with applicable legislation and other legitimate interests||Yes|
|Risk analysis and prevention of fraud and risk management||Comply with applicable legislation and other legitimate interests||No|
|Improvement of services, business development and development of new products, services and functions||Other legitimate interests||Yes|
|Comply with applicable legislation such as record keeping, traceability of used products or similar||Comply with applicable legislation||No|
|Communication with you for notices, reminders, next appointment, follow-ups, treatments, etc.||Carry out our obligations to you and other legitimate interests||Yes|
We will share information to
Personal data concerning the patient’s state of health or other personal conditions are classified by law as “sensitive personal data”, the misuse of which has higher consequences. We will therefore never disclose your sensitive personal data unless we are obliged to do so under the applicable laws and regulations.
We may transfer or share your information with selected third parties as follows:
- Credit institutions, credit reference agencies and similar providers. In the case you apply for financing with Medical Finance, your personal data will be shared with credit institutions to assess your creditworthiness and confirm your identity.
- Authorities or similar. In cases where there is a legal basis for Nordic Hair Clinic to be compelled to disclose your personal data.
- Divestment. Nordic Hair Clinic may share your information with third parties in the event that Nordic Hair Clinic sells or purchases business or assets where the information is disclosed to a potential seller or buyer of such business or assets.
We will not share information with
Your personal data is always safe with us. Nordic Hair Clinic will never sell your personal data to third parties that we do not have permission to do so.
Where we process your data
We process all your data within the EU/ESS and in case the patient performs his/her treatments at our clinic in Istanbul, a copy of this data is stored in our systems in Turkey.
How long your personal data is stored
We keep your personal data for as long as it is necessary to perform our obligations to you and for as long as required by legal retention periods.
Your rights of access, rectification and deletion
The right to access your data
You can request a copy of the personal data that you would like us to take note of and verify the information we hold about you. You also have the right to see medical records, but within a reasonable time, after a so-called medical examination. Requests for such information can be made officially at one of our clinics or by email to firstname.lastname@example.org. Collection takes place in person upon presentation of an identity document or by registered mail.
Right to rectification of your personal data
You always have the right to correct inaccurate or incomplete information about yourself.
Right to be removed from our databases
You have the right to request the deletion of your personal data in case it is no longer necessary for the purpose for which it was collected. Please note, however, that by law we cannot delete your medical record earlier than three years after the last entry was made.
Objection to processing on grounds of public interest and the exercise of official authority
Where your personal data is processed for the performance of a task carried out in the public interest as part of the exercise of official authority, you have the right to object to the processing of your personal data. Please note that you must specify the types of data to which you object.
If you withdraw your consent to the processing of personal data, no further data may be processed. In that case, we will not be able to offer you our services in the future. To withdraw your consent, please contact us at email@example.com.
Consolidated record keeping within the Nordic Hair Clinic Group
Nordic Hair Clinic uses unified record keeping, which means that all personal data processors within the group have access to the record data. This can be a great advantage as a customer if, for example, you urgently need to get in touch with one of our clinics but can’t get through. Then you can always contact your nearest clinic to get the help and information you need.
Blocking data in your medical record
You may request at any time that your medical records not be made electronically available to Nordic Hair Clinic staff other than your consultation advisor. You should then be informed of the consequences for you as a patient.
You have the right to lodge a complaint about our processing of personal data with us or with the Data Protection Authority at any time. If personal data about you has been processed in a way that violates the Patient Data Act and the Swedish Data Protection Association, you may be entitled to compensation.
Names used on the website
The names of patients used on the website do not have to match the patient’s real name.
The Nordic Hair Clinic Group companies are joint data controllers of personal data. The contact details of our company within the Group can be sent to firstname.lastname@example.org.
Nordic Hair Clinic is registered with the Swedish Companies Registration Office under the name PRP Kliniken Sverige AB with registration number 556990-6554 and has its registered office at Kungsholmsgatan 10, 112 27 Stockholm. The Nordic Hair Clinic Group consists of the subsidiary NHC Göteborg AB with registration number 559057-8265 and Nordic Hair Istanbul, based in Istanbul, Turkey.