Privacy Policy

Last updated: 2018-10-12

Your privacy is as important to us as your hairstyle and your well-being, which is why we care about your privacy. This privacy policy explains how Nordic Hair Clinic collects and processes your personal data. In addition, you will also find information about your rights and obligations regarding the processed data.

By using Nordic Hair Clinic’s services, you acknowledge and agree to our Privacy Policy and our processing of your personal data. You also agree that Nordic Hair Clinic uses electronic as well as physical channels to send you relevant information.

What data do we collect

Information you provide to us

There are other ways in which you may directly or indirectly provide us with personal information about yourself. For example, when you choose to contact us through our contact form on the website, a phone call, email or in person at one of our clinics.

Personal and contact information

Data such as name, telephone number and e-mail address are collected in order to be able to get back to you if you are interested in a free consultation or treatment. This data is also used to keep the booking register, but will also be used to keep our records.

Health information

For an online consultation, we may require you to submit a health declaration to us. When you visit one of our clinics, we require a Health Declaration before you come in for a consultation or treatment. This is kept in order to follow up on any illnesses that may clarify your symptoms but also to offer the best treatment based on your circumstances.

Information through integration

The information through your integration with Nordic Hair Clinic may come from several different resources. We collect data based on how you use our services on the web such as; response time for pages, download errors, how you reached and left the service and delivery notifications when contacting you.

Unit information

We may collect data such as your IP address, language settings, browser settings, time zone, operating system, platform and screen resolution. This is in order to be able to analyse the overall average of these variables in order to be able to offer better services to the public in the future that work for as many platforms as possible.

Geographical Information

Your geographical location is automatically retrieved in order to display the services offered near your area, but also to offer the language settings that can match your language skills so that you, the customer, feel satisfied and comfortable with the information relevant to you in a language you understand.

Journal and treatment information

During a physical visit, we are required by law to document the treatments you choose to undergo in a so-called patient record. Therefore, we have the right to process your personal data in our medical records even if you have not given your consent. A patient’s medical record must always contain the following information: details of health, number and type of treatments performed, choice of medication and measures taken.

How your information is used

Your personal data is needed to provide safe and secure processing of the highest quality and to monitor, develop and improve our operations. Nordic Hair Clinic processes your personal data on the following legal grounds (see table below).

Other communication

In case you do not wish to receive individual offers and information, you can always unsubscribe directly by following the “Unsubscribe” link at the bottom of our emails. To unsubscribe for any physical communication, you need to email us at integrity@nordichair.com. If you choose to opt out of these types of communications, we will no longer be able to tailor the offer to you. Keep in mind that we never reveal information about someone’s health status in open communications.

Purpose Legal basis Automated decision making
Confirm your identity and contact details. Carry out our actions towards you No
Payment administration and customer relationship. Carry out our actions towards you No
The determination of payment method and internal and external credit assessments. Carry out our commitments to you and comply with applicable legislation No
Customer analysis, Nordic hair Clinic's services and internal activities. Including troubleshooting, data analysis, testing, research and static purposes. Carry out our commitments to you and other legitimate interests Yes
Present effective and essential information to you Comply with applicable legislation and other legitimate interests Yes
Risk analysis and prevention of fraud and risk management Comply with applicable legislation and other legitimate interests No
Improvement of services, business development and development of new products, services and functions Other legitimate interests Yes
Comply with applicable legislation such as record keeping, traceability of used products or similar Comply with applicable legislation No
Communication with you for notices, reminders, next appointment, follow-ups, treatments, etc. Carry out our obligations to you and other legitimate interests Yes

We will share information to

Personal data concerning the patient’s state of health or other personal conditions are classified by law as “sensitive personal data”, the misuse of which has higher consequences. We will therefore never disclose your sensitive personal data unless we are obliged to do so under the applicable laws and regulations.

We may transfer or share your information with selected third parties as follows:

  • Suppliers and subcontractors such as companies within the Nordic Hair Clinic group. For the purpose of performing our obligations to you and for other purposes set out in this Privacy Policy. This could be, for example, a provider of an electronic health record system, etc.
  • Credit institutions, credit reference agencies and similar providers. In the case you apply for financing with Medical Finance, your personal data will be shared with credit institutions to assess your creditworthiness and confirm your identity.
  • Authorities or similar. In cases where there is a legal basis for Nordic Hair Clinic to be compelled to disclose your personal data.
  • Divestment. Nordic Hair Clinic may share your information with third parties in the event that Nordic Hair Clinic sells or purchases business or assets where the information is disclosed to a potential seller or buyer of such business or assets.

We will not share information with

Your personal data is always safe with us. Nordic Hair Clinic will never sell your personal data to third parties that we do not have permission to do so.

Your personal data will also not be stored, copied or shared with other providers who have not undergone a thorough review of how they handle privacy policy issues, manage their data and their dignity.

Where we process your data

We process all your data within the EU/ESS and in case the patient performs his/her treatments at our clinic in Istanbul, a copy of this data is stored in our systems in Turkey.

How long your personal data is stored

We keep your personal data for as long as it is necessary to perform our obligations to you and for as long as required by legal retention periods.

Your rights of access, rectification and deletion

The right to access your data

You can request a copy of the personal data that you would like us to take note of and verify the information we hold about you. You also have the right to see medical records, but within a reasonable time, after a so-called medical examination. Requests for such information can be made officially at one of our clinics or by email to integrity@nordichair.com. Collection takes place in person upon presentation of an identity document or by registered mail.

Right to rectification of your personal data

You always have the right to correct inaccurate or incomplete information about yourself.

Right to be removed from our databases

You have the right to request the deletion of your personal data in case it is no longer necessary for the purpose for which it was collected. Please note, however, that by law we cannot delete your medical record earlier than three years after the last entry was made.

Objection to processing on grounds of public interest and the exercise of official authority

Where your personal data is processed for the performance of a task carried out in the public interest as part of the exercise of official authority, you have the right to object to the processing of your personal data. Please note that you must specify the types of data to which you object.

Withdraw consent

If you withdraw your consent to the processing of personal data, no further data may be processed. In that case, we will not be able to offer you our services in the future. To withdraw your consent, please contact us at integrity@nordichair.com.

Consolidated record keeping within the Nordic Hair Clinic Group

Nordic Hair Clinic uses unified record keeping, which means that all personal data processors within the group have access to the record data. This can be a great advantage as a customer if, for example, you urgently need to get in touch with one of our clinics but can’t get through. Then you can always contact your nearest clinic to get the help and information you need.

Blocking data in your medical record

You may request at any time that your medical records not be made electronically available to Nordic Hair Clinic staff other than your consultation advisor. You should then be informed of the consequences for you as a patient.

Complaints

You have the right to lodge a complaint about our processing of personal data with us or with the Data Protection Authority at any time. If personal data about you has been processed in a way that violates the Patient Data Act and the Swedish Data Protection Association, you may be entitled to compensation.

Use of cookies and tracking methods

We use cookies and similar tracking technologies to deliver a tailored and good online experience. For more information about how Nordic Hair Clinic uses cookies and the like, see our cookie policy.

Names used on the website

The names of patients used on the website do not have to match the patient’s real name.

Controller

The Nordic Hair Clinic Group companies are joint data controllers of personal data. The contact details of our company within the Group can be sent to integrity@nordichair.com.

Nordic Hair Clinic is registered with the Swedish Companies Registration Office under the name PRP Kliniken Sverige AB with registration number 556990-6554 and has its registered office at Kungsholmsgatan 10, 112 27 Stockholm. The Nordic Hair Clinic Group consists of the subsidiary NHC Göteborg AB with registration number 559057-8265 and Nordic Hair Istanbul, based in Istanbul, Turkey.