Zabieg kosmetyczny - Face and Body Institute Kraków

Privacy policy

Privacy and Cookies Policy

The following Privacy Policy contains information on the processing of your personal data by Face & Body Institute, in accordance with the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), with particular emphasis on the processing of medical data (special categories of data).

1. Data Controller

The controller of your personal data is Face & Body Institute located at ul. Starowiślna 4/1, Kraków. In matters related to personal data protection, please contact us by e-mail: instytut@medyczne-fbi.pl or by phone: 12 430 18 81.

2. Purposes and legal basis of data processing

Your personal data is processed for the following purposes:

  • Providing medical and cosmetological services – based on Art. 9 sec. 2 lit. h GDPR (medical diagnosis, provision of health or social care or treatment) and provisions of Polish law, including the Act on Patient Rights.
  • Scheduling and handling appointments – including contact via website forms, based on Art. 6 sec. 1 lit. b GDPR (taking steps at the request of the data subject prior to entering into a contract).
  • Accounting and tax purposes – issuing invoices and receipts, based on Art. 6 sec. 1 lit. c GDPR in connection with tax law provisions.
  • Marketing and Newsletter – sending information about news and promotions, only on the basis of your voluntary consent (Art. 6 sec. 1 lit. a GDPR and provisions on the provision of electronic services).

3. Data recipients

Your data may be shared with entities supporting the activities of the Face & Body Institute, in particular:

  • providers of IT systems and medical software (e.g., Booksy reservation system),
  • analytical laboratories and entities cooperating in the treatment process,
  • accounting offices serving the Institute,
  • entities entitled to do so on the basis of universally binding legal regulations (e.g., state authorities).

4. Data retention period

Personal data is stored for the time specified by law:

  • Medical records – mandatorily for a period of 20 years from the end of the calendar year in which the last entry was made (with exceptions provided for in the Patient Rights Act).
  • Accounting data – for 5 years from the end of the calendar year in which the deadline for tax payment expired.
  • Data for marketing purposes (e.g., Newsletter) – until the consent is withdrawn.

5. Your Rights

In connection with data processing, you have the following rights:

  • The right to access your data and receive a copy of it.
  • The right to rectify (correct) your data.
  • The right to delete data (the so-called “right to be forgotten”) – with the exception of data contained in medical records, which we are obliged to store by law.
  • The right to restrict processing and to transfer data.
  • The right to withdraw consent (e.g., for marketing purposes) at any time, which does not affect the lawfulness of processing before its withdrawal.
  • The right to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office) if you believe that the processing violates the provisions of the GDPR.

6. Cookies

Our website uses cookies. These are small text files saved on the User’s end device. We use them for:

  • Necessary purposes – ensuring the proper operation of the website, forms, and security.
  • Analytical / Statistical purposes (e.g., Meta Pixel, Google Analytics) – allowing us to examine traffic on the website, only if you consent to it in the cookie banner.

You can change or withdraw your consent to cookies at any time in your web browser settings.