PRIVACY POLICY
Limited Liability Company “ESTETYKA ZORU” (EDRPOU code 45881325), website: https://estetyka-zoru.com
(As amended and effective from April 15, 2026)
This Privacy Policy (hereinafter — the “Policy”) defines the procedure for the processing of personal data carried out by the Limited Liability Company “ESTETYKA ZORU” (hereinafter — the Company, Medical Center) in the provision of medical services, as well as in the course of using the Company’s website.
Personal data is processed in accordance with the requirements of the Law of Ukraine “On Personal Data Protection,” the Fundamentals of Ukrainian Legislation on Healthcare, as well as other applicable regulatory acts in the field of information protection, in compliance with the principles of lawfulness, confidentiality, and adequate data protection.
This Policy defines the purposes of personal data processing, the rights of data subjects, as well as the measures taken to prevent unauthorized access, loss, destruction, or unlawful disclosure of such data. Website visitors’ privacy is important, and the Company strives to ensure an appropriate level of personal data protection and transparency of its processing.
This Policy applies to information obtained in the course of the Company’s activities and/or while using the website. The Company is not responsible for the privacy policies or content of third-party websites that may be linked from the website.
1. TERMS AND DEFINITIONS
1.1. In this Policy, terms are used in the following meanings:1.1.1. “Personal data” — information or a set of information about a natural person who is identified or can be identified, including but not limited to: surname, name, patronymic, date of birth, gender, contact details (phone number, email address), place of residence or stay, identification data, as well as any other information provided by the individual to the Company in connection with receiving medical services or using the website. The list of personal data is not exhaustive and depends on the scope and nature of the services provided;
1.1.2. “Data subject” — a natural person whose personal data is processed by the Company;
1.1.3. “Patient” — a natural person who has applied to the Medical Center for medical services and whose personal data is processed by the Company in connection with the provision of such services;
1.1.4. “User” — a natural person who accesses the Company’s website and uses its functionality;
1.1.5. “Personal data processing” — any action or set of actions performed in relation to personal data, including collection, registration, accumulation, storage, adaptation, modification, updating, use, distribution (transfer, access), anonymization, blocking, deletion, or destruction, including those carried out using information and telecommunication systems;
1.1.6. “Medical data” — personal data relating to the health condition of a natural person, including information about vision condition, diagnostic results, diagnoses, prescribed treatment, medical reports, and other information obtained during the provision of medical services;
1.1.7. “Website” — a set of data, electronic information, and interconnected structured objects available under a domain on the Internet belonging to the Company and accessible at: https://estetyka-zoru.com;
1.1.8. “Cookies” — small text files stored on the user’s device when using the website, used to ensure its functionality, save user preferences, collect statistical information, and improve service quality;
1.1.9. “IP address” — a unique numerical identifier of a user’s device on the Internet used for identification within the network;
1.1.10. “Data controller” — the Company that determines the purpose of personal data processing, establishes the composition of such data, and defines the procedures for its processing in accordance with Ukrainian law.
1.2. The Company is the data controller within the meaning of the Law of Ukraine “On Personal Data Protection” and independently determines the purpose of personal data processing, their composition, and processing procedures, unless otherwise provided by Ukrainian law.
1.3. Terms not defined in this Policy shall be interpreted in the meaning established by the legislation of Ukraine.
3. PURPOSES AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
3.1. Personal data is processed by the Company for the purpose of providing medical services, ensuring an appropriate level of medical care and maintaining medical documentation, identifying patients when they contact the Company, organizing appointment scheduling, communicating with patients and website users regarding provided services, their results, and other matters related to the Company’s activities, as well as for compliance with the requirements of Ukrainian law, including healthcare, accounting, and taxation regulations, ensuring information security, preventing fraudulent activities, monitoring and improving the quality of medical services, and conducting statistical and analytical processing of data provided that it is properly anonymized.
3.2. The legal basis for personal data processing includes: the data subject’s consent to the processing of their personal data; the necessity for the Company to comply with applicable Ukrainian legislation; and other grounds provided for by current Ukrainian law.
3.3. Medical data is processed by the Company solely to the extent necessary for providing medical services, establishing diagnoses, performing treatment, and maintaining medical records, in compliance with medical confidentiality and personal data protection requirements.
3.4. If the data subject provides separate consent, the Company may use contact details to inform them about services, special offers, or other activities related to the Company’s operations.
3.5. he Company does not process personal data for purposes incompatible with those defined in this Policy.
4. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
4.1. The Company may transfer personal data of the data subject to third parties only in cases and to the extent necessary to achieve the purposes defined in this Policy, in accordance with the requirements of the Law of Ukraine “On Personal Data Protection,” and on appropriate legal grounds, including the data subject’s consent or in cases provided for by Ukrainian law.
4.2. Personal data may be disclosed to the Company’s employees within the scope of their job duties, contractors and service providers engaged in providing medical services or supporting the Company’s operations (including IT contractors, technical support services, payment service providers), other medical professionals or healthcare institutions upon the relevant consent of the data subject or in cases provided for by Ukrainian law, persons who are legally entitled to receive patient information (including parents, guardians, or custodians), as well as state authorities and local self-government bodies in cases and according to procedures established by Ukrainian legislation.
4.3. When transferring personal data to third parties, the Company ensures compliance with the principles of confidentiality and data minimization, and takes necessary organizational and technical measures to protect such data. Where necessary, the Company also concludes appropriate agreements regarding data processing and protection.
6. PERSONAL DATA PROTECTION
6.1. The Company takes appropriate organizational and technical measures to ensure the protection of personal data against unlawful processing, loss, destruction, damage, and against unauthorized access, disclosure, or other unlawful actions.
6.2. Access to personal data is granted only to authorized employees of the Company who are obliged to comply with confidentiality requirements and process such data solely within the scope of their job responsibilities.
6.3. The Company implements internal procedures and rules for personal data processing aimed at preventing violations of personal data protection legislation and minimizing the risk of unauthorized access.
6.4. If third parties are engaged in the processing of personal data, the Company ensures that appropriate agreements are concluded with such parties, requiring compliance with personal data protection obligations.
6.5. The Company is not responsible for the disclosure of personal data if such disclosure occurs due to actions or omissions of the data subject or third parties, provided that the Company has taken appropriate protective measures in accordance with Ukrainian law.
7. RIGHTS OF THE DATA SUBJECT
7.1. The data subject has the rights provided by the Law of Ukraine “On Personal Data Protection,” including:
7.1.1. to know the sources of collection, the location of their personal data, the purpose of processing, and the location of the data controller or processor;
7.1.2. to receive information about the conditions for granting access to personal data, including information about third parties to whom their personal data is transferred;
7.1.3. to access their personal data;
7.1.4. to receive, within thirty calendar days from the date of receiving a request, information on whether their personal data is being processed, as well as the content of such personal data;
7.1.5. to submit a reasoned request to the data controller objecting to the processing of their personal data;
7.1.6. to submit a reasoned request for the modification or deletion of their personal data if such data is processed unlawfully or is inaccurate;
7.1.7. to protection of their personal data from unlawful processing and accidental loss, destruction, or damage due to intentional concealment, non-provision, or delayed provision of such data;
7.1.8. to file complaints regarding the processing of their personal data to the Ukrainian Parliament Commissioner for Human Rights or to a court;
7.1.9. to apply legal remedies in case of violations of personal data protection legislation;
7.1.10. to include reservations limiting the right to process their personal data when giving consent;
7.1.11. to withdraw consent for the processing of personal data;
7.1.12. to know the mechanism of automated processing of personal data.
9. USE OF COOKIES
9.1. The Company’s website uses cookies and other similar technologies to ensure proper functionality, save user preferences, improve website usability, and obtain aggregated statistical information about website usage. Information collected through cookies generally does not directly identify the user; however, it may be associated with the user’s device or their behavior on the website.
9.2. Cookies may be used to recognize users during repeat visits, save selected settings, analyze user interaction with the website, and improve the quality of services provided.
9.3. The Company may use both first-party cookies and third-party cookies, including those used to support website functionality, such as analytics tools and services.
9.4. Users may configure cookie settings in their browser, including restricting or fully disabling cookies. However, disabling cookies may result in incorrect functioning of certain website features. Some cookies are strictly necessary for the website’s operation and cannot be disabled.
9.5. By using the Company’s website, the user acknowledges the use of cookies and agrees to their use in accordance with this Policy.
9.6. The website may use third-party services that are not limited to cookies and may collect information about website usage in accordance with their own privacy policies.
9.7. The Company may use the following categories of cookies: strictly necessary cookies that ensure proper website functionality; analytical cookies used to collect aggregated information about website usage; functional cookies that allow saving user preferences; and targeting cookies used to deliver relevant content and evaluate the effectiveness of informational and marketing communications.
10. FINAL PROVISIONS
10.1. This Policy is an open and publicly available document and is published on the Company’s website.
10.2. The Company reserves the right to amend this Policy unilaterally. The updated version becomes effective from the moment it is published on the Company’s website, unless otherwise specified in such version.
10.3. Users are encouraged to review the current version of the Policy regularly. Continued use of the website or services after changes are made constitutes acceptance of such changes.
10.4. Any matters not regulated by this Policy shall be governed by applicable legislation of Ukraine.
10.5. For questions regarding the exercise of data subject rights or for additional information about personal data processing, users may contact the Company using the contact details provided on the Company’s website.