Privacy policy

Effective from: April 1, 2023 (with subsequent editorial amendments)

1) General Information

The data controller is TIMELESS Chirurgia Plastyczna sp. z o.o. based in Warsaw (hereinafter: “TIMELESS”).

This Policy explains how we process and protect personal data (including health data) of individuals:

  • browsing the ffsclinic.com website (hereinafter: the “Website”),
  • using the Services offered by TIMELESS, including patients and persons authorized by them to obtain information about their health status and access to medical documentation.

We process data in accordance with applicable law, including the GDPR (Regulation 2016/679) and the Act of July 18, 2002 on the provision of electronic services.

Before starting to use the Services, please read this Policy.

2) Data Controller and Contact

Controller: TIMELESS Chirurgia Plastyczna sp. z o.o., ul. Gen. Romana Abrahama 18/322, 03-982 Warsaw, Poland.

Data Protection Officer (DPO):

  • e-mail: iod@timeless.com.pl
  • postal address: as above (with the note “Data Protection Officer”).

3) Data Collection Principles

Using some of the Services may require providing data (e.g., contact form). Providing data is voluntary, but necessary to perform a given action/service.

The Website allows browsing content anonymously (without logging in), subject to cookies described in the cookie policy.

4) Purposes and Legal Bases of Processing

We process data for the following purposes:

a) Provision of services on the Website – delivering content, handling forms.
Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract/terms).

b) Provision of health services – prevention, diagnosis, treatment, healthcare; also includes persons authorized by the patient.
Legal basis: Art. 6(1)(b) and (c) GDPR (contract and legal obligation) and Art. 9(2)(h) GDPR in connection with Art. 24 and 29 of the Act on Patient Rights and the Patient Ombudsman.

c) Protection of vital interests – in emergency situations.
Legal basis: Art. 6(1)(d) GDPR and Art. 9(2)(c) GDPR.

d) Analytical activities/own marketing and service improvement – measurements, statistics, Website optimization.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest of TIMELESS).

e) Security and continuity of system operation – information security, IT system administration.
Legal basis: Art. 6(1)(f) GDPR.

f) Handling inquiries, complaints and claims – contact, clarifications, corrective actions.
Legal basis depending on the case: Art. 6(1)(b)/(c)/(f) GDPR.

g) Pursuing or defending claims.
Legal basis: Art. 6(1)(f) GDPR; with regard to special categories of data (e.g., health data) – Art. 9(2)(f) GDPR.

5) Data Recipients

Data may be disclosed to:

  • authorized employees and associates of TIMELESS,
  • entities providing services to TIMELESS (e.g., hosting, IT, mail, software providers) – based on data processing agreements,
  • healthcare entities co-providing health services (when necessary),
  • public authorities – only when required by law.

6) Rights of Data Subjects

You have the following rights:

  • right of access to data,
  • right to rectification,
  • right to withdraw consent (when processing is based on consent),
  • right to erasure (“right to be forgotten”) – when applicable,
  • right to restriction of processing,
  • right to data portability – when applicable,
  • right to object to processing (including own marketing/profiling based on Art. 6(1)(f) GDPR).

To exercise your rights: write to iod@timeless.com.pl.

You also have the right to lodge a complaint with the President of the Personal Data Protection Office.

7) Data Sources

Data comes directly from you or – in justified cases – from your legal representative or a person authorized by you.

8) Data Retention Period

We store data for the period necessary to achieve the purposes, in particular:

  • for the duration of the contract/service provision, and thereafter – for the period required by law or for pursuing/defending claims;
  • with regard to fulfilling legal obligations – for the period specified in the regulations;
  • with regard to activities based on consent – until its withdrawal;
  • in other respects – for the period necessary to achieve the legitimate interests of TIMELESS.

9) Cookies

The ffsclinic.com website uses cookies and similar technologies for the purposes described in the Cookie Policy available on the Website (including ensuring functionality, statistics, security). Details – in the “Cookie Policy” document.

10) Data Security

We apply appropriate technical and organizational measures ensuring a level of security corresponding to the risk, including access control, encryption of selected channels, authorization policies and supervision over processing entities.

11) Data Transfer Outside the EEA

As a rule, we do not transfer data outside the European Economic Area. If such transfer occurs (e.g., as part of IT services), it is carried out exclusively in accordance with GDPR – with appropriate safeguards (e.g., standard contractual clauses).

12) Policy Changes

We may update the Policy, including in connection with changes in law or Website functionality. The current version is always published on the Website.

13) Contact

For matters related to data processing and this Policy:
iod@timeless.com.pl or in writing: TIMELESS Chirurgia Plastyczna sp. z o.o., ul. Gen. Romana Abrahama 18/322, 03-982 Warsaw, Poland.