Privacy Policy

Last updated: January 28, 2026

1. Introduction

Protecting your personal data is of great importance to us. In this Privacy Policy, we explain how Recast Hair Clinic collects, processes, and protects your personal data when you visit our website or use our services.

We comply with the provisions of the European Union’s General Data Protection Regulation (GDPR) as well as all applicable national data protection laws.

2. Data Controller

The party responsible for data processing on this website is:

Recast Hair Clinic
xx
Email: info@recasthair.com
Phone: xx

3. Data We Collect

We collect various types of personal data depending on how you interact with us:

3.1 Data You Provide Directly

  • Name and contact details (email, phone number)
  • Photos of your hair loss for consultation purposes
  • Health information related to treatment
  • Correspondence (emails, WhatsApp messages)

3.2 Automatically Collected Data

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referrer URL
  • Date and time of access

4. Purposes of Data Processing

We use your data for the following purposes:

  • Conducting consultations and treatments
  • Responding to your inquiries
  • Scheduling and coordinating appointments
  • Sending information regarding your treatment
  • Improving our website and services
  • Compliance with legal obligations
  • Marketing (only with your explicit consent)

5. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR): For marketing and newsletters
  • Performance of a contract (Art. 6(1)(b) GDPR): For conducting consultations and treatments
  • Legal obligation (Art. 6(1)(c) GDPR): For fulfilling legal requirements
  • Legitimate interest (Art. 6(1)(f) GDPR): For website analysis and fraud prevention

6. Cookies and Tracking

Our website uses cookies and similar technologies. Cookies are small text files stored on your device.

6.1 Types of Cookies

  • Necessary cookies: Required for the operation of the website
  • Analytics cookies: To improve our website (e.g., Google Analytics)
  • Marketing cookies: For personalised advertising (only with consent)

You can manage or disable cookies in your browser settings.

7. Disclosure of Data to Third Parties

We only share your data with third parties in the following cases:

  • With your explicit consent
  • With service providers who assist us in delivering our services (e.g., IT service providers, payment processors)
  • When we are legally required to do so

All service providers are contractually obligated to treat your data confidentially and to process it only in accordance with our instructions.

8. International Data Transfers

As our clinic is located outside the EU, your data may be transferred to a non-EU country. We ensure that adequate safeguards are in place, including:

  • EU Commission Standard Contractual Clauses
  • Technical and organisational security measures

9. Data Security

We implement technical and organisational security measures to protect your data from unauthorised access, loss, or misuse:

  • SSL/TLS encryption for all data transmissions
  • Regular security updates
  • Access restrictions for employees
  • Secure storage of sensitive data

10. Data Retention

We retain your data only for as long as necessary to fulfil the purposes for which it was collected or as required by statutory retention periods.

  • Treatment records: 10 years (medical documentation obligation)
  • Billing data: 10 years (tax law retention obligation)
  • Contact inquiries: 3 years after completion of communication
  • Marketing consents: Until revoked

11. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): You may request information about your stored data
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data
  • Right to erasure (Art. 17 GDPR): You may request the deletion of your data
  • Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing
  • Right to data portability (Art. 20 GDPR): You may receive your data in a commonly used format
  • Right to object (Art. 21 GDPR): You may object to the processing of your data
  • Withdrawal of consent: You may withdraw your consent at any time

To exercise your rights, please contact us at: info@recasthair.com

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in our data processing practices or legal requirements. The current version can always be found on this page.

14. Contact

If you have any questions regarding data protection, please contact us:

Recast Hair Clinic
Email: info@recasthair.com
Phone: xx