We collect and process the following types of personal data:

1.1 Personal Information You Provide to Us

• Full name

• Contact details (email, phone number, address)

• Date of birth

• Medical history relevant to your treatment

• Payment details (for appointment bookings and transactions)

• Any other personal information provided via forms, consultations, or inquiries

1.2 Automatically Collected Information

When you visit our website, we may collect:

• IP address

• Browser type and version

• Device information

• Pages visited and browsing behavior

• Cookies and tracking technologies (see Section 6 for details)

1.3 Information from Third Parties

We may receive information from:

• Payment processors for billing purposes

• Marketing and advertising platforms (if you have consented to marketing communications)

Under Article 6 of the GDPR, we process personal data based on the following lawful grounds:

• Consent – When you provide explicit consent for marketing communications or appointment reminders.

• Contractual Necessity – To provide aesthetic treatments and process payments.

• Legal Obligation – To comply with legal, tax, and regulatory requirements.

• Legitimate Interests – For security, fraud prevention, and improving our services (while balancing your privacy rights).

We use your personal information to:

• Provide and manage your treatments and appointments

• Process payments and issue invoices

• Respond to inquiries and customer service requests

• Send appointment reminders and follow-up communications

• Improve our website and services through analytics and feedback

• Comply with legal and regulatory obligations

We do not sell, rent, or trade your personal data. However, we may share it with:

• Service Providers – Payment processors, IT support, booking systems, email marketing platforms, and website hosting services.

• Legal Authorities – When required by law or to protect our rights and customers.

• Business Transfers – If we undergo a merger, acquisition, or sale of assets.

All third parties we work with are GDPR-compliant and required to protect your data in accordance with the law.

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right to Access – Request a copy of the personal data we hold about you.

• Right to Rectification – Correct inaccurate or incomplete data.

• Right to Erasure ("Right to Be Forgotten") – Request deletion of your data when it is no longer needed.

• Right to Restrict Processing – Limit how we use your data under certain conditions.

• Right to Data Portability – Obtain a copy of your data in a structured, commonly used format.

• Right to Object – Object to data processing based on legitimate interests or direct marketing.

• Right to Withdraw Consent – Withdraw consent for marketing at any time.

To exercise these rights, please contact us at info@drsara-aesthetics.com. We will respond to your request within one month as required by GDPR.

We use cookies and similar technologies to enhance your experience. These may include:

• Essential Cookies – Necessary for website functionality.

• Analytical Cookies – Help us understand how users interact with our website.

• Marketing Cookies – Used for personalized ads and promotions.

You can manage your cookie preferences via your browser settings or opt-out of non-essential cookies.

We implement industry-standard security measures to protect your personal data from unauthorized access, loss, or misuse. However, no online system is entirely secure, and we encourage you to take precautions with your personal information.

We retain your personal data only for as long as necessary:

• Medical and treatment records: Up to 7 years (as required by healthcare regulations).

• Marketing preferences: Until you withdraw consent.

• Payment and transaction records: Up to 6 years (for tax compliance).

After this period, data is securely deleted or anonymized.

Our website may contain links to external websites including social media platforms. We are not responsible for their privacy practices and encourage you to review their policies before providing any personal data.

If we transfer personal data outside the European Economic Area (EEA), we ensure it is protected through:

• Standard Contractual Clauses (SCCs) approved by the European Commission.

• Transfers to countries with adequate data protection laws.

• Other legally recognized mechanisms.

We may update this Privacy Policy periodically to reflect legal or business changes. Any updates will be posted on this page with the latest effective date.