+420 739 048 718
en@otekhairtransplant.com
en
"Your Decision. Your Change. Your Life."

Privacy Policy (GDPR)

SIDE HAIR & BEAUTY s.r.o.
Příčná 1892/4, 110 00 Prague 1, Czech Republic
Company ID: 237 05 957
E-mail: info@otekhairtransplant.com
Website: www.otekhairtransplant.com

I. BASIC PROVISIONS

The controller of personal data pursuant to Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR") is:

Side Hair & Beauty s.r.o., Company ID: 237 05 957,
with its registered office at Příčná 1892/4, 110 00 Prague 1
(hereinafter referred to as the "Controller").

Controller's contact details:
E-mail: info@otekhairtransplant.com
Telephone: +420 739 048 718 / +420 733 735 798

The Controller has not appointed a Data Protection Officer.

"Personal data" means any information relating to an identified or identifiable natural person within the meaning of Article 4(1) GDPR.

II. SOURCES AND CATEGORIES OF PROCESSED PERSONAL DATA

The Controller processes personal data that you provide to it (e.g. via forms, e-mail, or when ordering services).

The Controller may also process data obtained in connection with the performance of a contract or your participation in the provided services.

Categories of processed personal data include:

  • identification and contact details,

  • health data to the extent necessary to assess the suitability of the procedure,

  • travel and accommodation details,

  • billing and payment information.

III. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING

The legal bases for processing personal data pursuant to Article 6(1) GDPR are:
a) performance of a contract between you and the Controller (Article 6(1)(b) GDPR),
b) compliance with a legal obligation (Article 6(1)(c) GDPR),
c) legitimate interest of the Controller (Article 6(1)(f) GDPR), in particular the protection of legal claims,
d) your consent to processing (Article 6(1)(a) GDPR), especially with regard to health data.

The purposes of personal data processing are:

  • mediation of aesthetic procedures and hair transplants in Turkey,

  • communication with you and partner clinics,

  • organization of transportation and accommodation,

  • performance of contractual and legal obligations (e.g. accounting, invoicing),

  • protection of the legitimate interests of the Controller,

  • sending commercial communications based on legitimate interest or consent (in accordance with Section 7(2) of Act No. 480/2004 Coll., on certain information society services).

IV. DATA RETENTION PERIOD

Personal data are retained only for the period necessary to fulfil the purposes of processing:

  • for the duration of the contractual relationship and subsequently for 3–5 years,

  • for tax purposes for 10 years,

  • health data until consent is withdrawn.

After the retention period expires, personal data will be securely deleted or anonymized.

V. RECIPIENTS OF PERSONAL DATA

Your personal data may be disclosed to:

  • partner clinics in Turkey (based on consent),

  • providers of IT, accounting, and marketing services,

  • public authorities where required by law.

Transfers of personal data outside the EU are carried out in accordance with Chapter V of the GDPR and based on Standard Contractual Clauses (SCCs).

VI. YOUR RIGHTS

In accordance with Articles 15 to 22 GDPR, you have the right to:

  • request access to your personal data,

  • request rectification or completion of inaccurate data,

  • request erasure ("right to be forgotten"),

  • request restriction of processing,

  • request data portability,

  • object to processing,

  • withdraw your consent to the processing of personal data at any time (Article 7(3) GDPR).

Consent may be withdrawn by e-mail at: info@otekhairtransplant.com.

If you believe that your personal data are being processed unlawfully, you may contact the Office for Personal Data Protection (www.uoou.cz).

VII. PERSONAL DATA SECURITY

The Controller has adopted appropriate technical and organizational measures to ensure the security of personal data pursuant to Article 32 GDPR, in particular:

  • secure data storage and transmission (encryption, passwords, restricted access),

  • protection of systems against unauthorized access,

  • training and confidentiality obligations of authorized persons.

VIII. FINAL PROVISIONS

The Controller reserves the right to update these principles in the event of changes in legislation or processing activities.

The current version is always available on the Controller's website.

These Privacy Policy principles become effective on 11 October 2025.

Enter your text here...