PRIVACY POLICY

INTRODUCTION

Protecting your privacy and the security of your personal data is a priority for Thehealthytreatment S.A.S., with registered address at Calle 9C #22-22, Bretaña, Cali, Colombia, a company duly incorporated under the current regulations in Colombia, identified with Tax ID (NIT) 901857773, (“Thehealthytreatment” or the “Company“)

This privacy and cookies policy (“Policy“) applies to the processing of your personal data carried out on this website (“Website“), and in general, throughout the Thehealthytreatment digital environment through which Thehealthytreatment provides the services (the “Services“).

We recommend that you read this Policy and our [Terms and Conditions]carefully before using any of the Services or opening an account on the Website (“Account“).

WHO THIS APPLIES TO

This Policy applies to any person who uses the Website or who uses any of the Services. For the purposes of this Policy, the following definitions are considered:

“End User” refers to any natural person who registers or uses the Website and/or Servicesin any fashion whatsoever, including but not limited to making bookings with Professionals, requesting a quote or to giving opinions about Professionals.
“Patient” refers to a natural person who has one or more bookings with a Professional, regardless of the channel through which said booking was made (e.g., through the Website or WhatsApp, via a call, or if it was arranged directly with the Professional or their staff).
“Professional” refers to any doctor, healthcare professional, or medical center that has an account on our platform.
“User” means, as appropriate, an End User, a Professional, a Visitor, or, where applicable, a Patient.
“Visitor” refers to any individual who browses the Website but does not have an Account and does not use the Services.

The nature of the personal data we collect and use, as well as the purposes of processing and the related legal bases on which the processing is based, depend on the type of User.

OBJECTIVE OF THIS POLICY

The main objective of this Policy is to provide comprehensive information about how we collect, use, store, disclose, and process Users’ personal data when we act as data controllers. The term “data controller”refers to one who determines the purposes and means of processing your personal data. As data controllers, we are responsible for processing when we decide why we use your personal data and how we do it.

On the other hand, and in a distinct fashion, Professionals also process Patients’ personal data. In these cases, we act as data processors. The term “data processor” distinguishes between the Professionals’ function of deciding the purposes and means of processing the personal data and the Company’s role as data processor in merelyfollowing the Professionals’ instructions.

This Policy focuses primarily on our role as data controllers. In this Policy, we also provide general information about the Company’s role as a data processor. However, if you are an End User, the Professional must explain to you how they process your data as an independent data controller. Therefore, it is important that when you contact or visit a Professional, you read their privacy policy. Please note that the information we provide you in this Policy does not replace the information from Professionals or other data protection obligations of the Professionals.

Below, we offer you a comprehensive explanation of our role as data controller.

Your Data: Our Roles (Controller vs. Processor)

The Data Controller is the entity that decides the purposes (the ‘why’) and the means (the ‘how’) of processing your personal data. The Data Processor processes personal data strictly on the Controller’s behalf and according to their written instructions.

Our roles depend entirely on your interaction with the platform:

Scenario 1: Thehealthytreatment is the Data Controller

Thehealthytreatment acts as the Data Controller during the initial collection and processing of your personal data for platform-specific functions, ensuring this processing aligns with the explicit purposes authorized by you.

Thehealthytreatment is the Data Controller when you:

Register an End User account or use the Website for general browsing.
Initiate a booking with a Professional through the Website.
Use thechat feature to communicate with a Professional, prior to the Professional retrieving the conversation.
Submit details via therequest a quote

In these instances, Thehealthytreatment acts as the Controller to ensure your data is collected for the specific, explicit, and legitimate purposes authorized by you, as required by Colombian Law 1581.

Scenario 2: The Professional is the Data Controller (Thehealthytreatment is the Data Processor)

Once your data is transferred for the provision of healthcare, the licensed Professional assumes the primary Controller role, as they determine the clinical purpose of the data. Thehealthytreatment then operates strictly as their service provider (Data Processor) for storage and transmission.

This applies when:

Booking is made through the Website:Thehealthytreatment transmits a copy of the collected booking data to the Professional. The Professional becomes the Independent Data Controller for the data related to your medical treatment and clinical records. Thehealthytreatment acts as the Data Processor for securely hosting and storing that record on the Professional’s behalf.
A Professional makes the booking:If the Professional schedules the booking through the Thehealthytreatmentsystem, the Professional is the Data Controller, as they determine the purpose of the data entry. Thehealthytreatment is acting as the Data Processor.
Communicating with an Active Professional via Website Chat:When you communicate with an active, designated Professional through the Website chat, the Professional is the Controller of the conversation’s clinical content.

Thehealthytreatment is the Processor storing the communication history for the Professional.

Disclosure Regarding Internal Access and Security (Moderation)

To comply with the Principle of Restricted Access/Circulation and our legal duty to maintain security, Thehealthytreatment maintains specific oversight over all communications on its platform.

Thehealthytreatment Admin Access:For the essential purposes of technical support, platform security, and system moderation (including fraud prevention and policy compliance), authorized Thehealthytreatment Admin staff may temporarily access certain data, including the content of chat messages and quote requests.
Unclaimed Profiles:This is particularly necessary in scenarios where a Professional’s profile is unclaimed or inactive. In such cases, Thehealthytreatment must access the messages to notify the patient or redirect the request.
This internal access is strictly controlled, logged, and audited to adhere to the Principle of Restricted Access and Circulationfor administrative purposes, ensuring the confidentiality of your information as mandated by applicable data protection regulations

Storing data

The Professional may store your data in their Thehealthytreatment Professional account.

The Professional, as controller, decides what to do with your data, including sending communications through the

Thehealthytreatment systems.

Thehealthytreatment is not involved in the Professional’s decisions and cannot delete that data unless the Professional requests it.

The Professional as Data Controller:The healthcare professional you interact with acts as the independent data controller for this information. This means they are solely responsible for deciding how your data is used, how long it is stored, and for managing it in accordance with their legal and professional obligations.

Our Limited Role:Thehealthytreatment provides the technical infrastructure but is not involved in the professional’s decisions regarding your clinical data.

Data Deletion: Any requests to access, amend, or delete your appointment and communication data must be directed to the healthcare professional themselves. We will assist by forwarding your request to the professional, but the action must be taken by them.

Storing Data and Retention

The Professional as Data Controller (Clinical Data)

The healthcare professional you interact with acts as the Independent Data Controller for all clinical and medical information (Protected Health Information) related to your treatment and appointment. This means they are solely responsible for:

Deciding how your clinical data is used.
Managing the data in accordance with their legal and professional obligations, including maintaining medical record confidentiality.
Adhering to legal data retention periods for medical records as required by Colombian health regulations (e.g., Resolution 1995 of 1999 and subsequent norms).

Thehealthytreatment systems securely collect and store the data you enter, including details provided in text fields regarding your health or reason for booking, in the Professional’s dedicated account. At no point, does Thehealthytreatment act as a data controller or store any medical data.

Our Limited Role: Thehealthytreatment as Data Processor

Thehealthytreatment provides the secure technological infrastructure to store and transmit your information, acting strictly as the Data Processor on behalf of the Professional concerning your clinical history.

For the purpose of operating the platform and administering appointments, authorized Thehealthytreatment platform administrators have access to specific administrative and non-sensitive data. This limited, non-clinical data includes:

Booking type (e.g., in-person or video consultation)
Appointment location
Booking date and time
The Professional’s assigned status for the appointment (e.g., approved or pending)
Patient contact information (email and phone number)

Thehealthytreatment is not involved in the Professional’s clinical decisions regarding your treatment or the content of conversations.

Management and Deletion of Data

As the platform operator, Thehealthytreatment maintains administrative access to the non-sensitive data listed above, allowing authorized staff to manage operational data such as:

Changing appointment status (e.g., pending or cancelled).
Deleting or modifying booking details upon the explicit request of the Professional or the patient.

However, concerning clinical data:

Thehealthytreatmentcannot unilaterally delete clinical data stored by the Professional.
If you submit a request for the erasure of your clinical records (exercising your Right to Erasure), that request must be directed to theProfessional (the Controller), who is legally responsible for determining if the data can be deleted, factoring in legal retention requirements for medical records.

Thehealthytreatment will assist the Professional in fulfilling any valid deletion request in our capacity as the Processor.

Communications

The Professional may send communications regarding your appointment or follow-up through the Thehealthytreatment system. Such messages, including automated emails generated by our system regarding appointment confirmations, are sent on the Professional’s behalf as the Controller and are intended solely to support the purpose of providing healthcare services. The Professional, as the independent Data Controller, is also authorized to contact you directly using the contact details you provided for scheduling, follow-up, and clinical purposes .

Writing Reviews, Asking Questions, and Requesting a Quote to Professionals

Thehealthytreatment acts as the Data Controller when processing personal data collected through the following platform features, as we determine the purposes and means of that specific processing:

Leaving reviews or opinions about Professionals.
Asking Professionals general questions.
Submitting a request a quote to a Professional.

We process this data for the following specific and legitimate purposes, which are informed to you in compliance with Law 1581 of 2012 :

Content Moderation and Reviews

When you submit a review, we collect the content and associated identity information (your End User data) for the purpose of maintaining platform integrity and facilitating transparency.

For these administrative purposes, authorized Thehealthytreatment Admin staff have access to the review content and metadata. This internal access is necessary to:

Moderate and manage the publishing status of the review (e.g., keep pending, publish, or remove).
Address operational disputes that may arise between a Professional and a patient.
Verify the authenticity or legitimacy of a review when requested by the Professional or required for system integrity.

Quote Requests and Questions

When you use the “request a quote” or “ask a question” features, Thehealthytreatment processes the collected personal data to:

Securely route your inquiry, message content, and contact information to the designated Professional.
Manage the transaction flow and address technical issues, including the redirection of inquiries intended for unclaimed profiles (as detailed in the Controller/Processor Disclosure section).

GENERAL INFORMATION FOR ALL USERS

Origin of data

All personal data is collected when creating Accounts, and/or through forms that Users fill out as part of their use of the Services and, generically, in the context of using the Services offered by the Company.

Specifically, you also have the option to create an account and log in using third-party services such as Facebook and Google. If you choose this option, we will receive certain profile information from these services. The exact information we receive depends on your privacy settings with the service provider but typically includes your name and email address. We use this information only for the purpose of creating and authenticating your account.

The Website also automatically collect data through tracking technologies when Visitors browse or use the Services (such as, for example, cookies). You can find more information about the cookies and other tracking technologies below).

Regarding potential clients (i.e., healthcare professionals who may be interested in acquiring our Services), we may also collect data to offer them our Services (for example, through forms filled out by them, or throughour referral programs.

Identity of the data controllers

Data Controller

Thehealthytreatmentis dedicated to the e-health sector whose main purpose is to facilitate the connection between patients and professionals or healthcare service providers, through technological tools. However, we clarify that Thehealthytreatment does not directly provide healthcare services nor does it act as an IPS or healthcare professional.

To provide you with the Services, Thehealthytreatment acts as the controller of personal data. Below you will find the details:

Thehealthytreatment S.A.S., with registered address at Calle 9C #22-22, Bretaña, Cali, Colombia, a company duly incorporated under the current regulations in Colombia, identified with Tax ID (NIT) 901857773,acts as an independent controller of your personal data for the purposes detailed later in this Policy (among others, to manage the contractual relationship with you, handle queries and claims, respond to data subject requests, review and manage End User reviews, and manage the daily relationship with Users).

How we protect your data

We take the protection of your data very seriously. We take appropriate technical and organizational security measures to protect your personal data, among others, from unauthorized access. We follow accepted industry standards to protect the personal information you provide to us, both during transmission and after receipt: for example, periodic security checks of the platform, segmentation and control of data access within the organization, and the use of pseudonymization, anonymization, or encryption techniques. Unfortunately, the transmission of information over the Internet (including email) is not always completely secure. Therefore, when using our applications, you should only use a secure Internet connection and always maintain device security. Once we receive your information, we will use strict procedures and adequate security features to prevent unauthorized access or sharing. Regarding health data, we apply additional protection measures such as utilizing different layers of encryption or pseudonymization techniques. Regarding sensitive personal data.

Thehealthytreatment may process the personal data of a minor under 18 years of age, provided that there is prior and express consent from parents or legal guardians. In these cases, parents or legal guardians may change or revoke the authorization granted. Additionally, the processing of personal data of girls, boys, and adolescents will comply with the following parameters and requirements: a) The processing will respond to and respect the best interests of children and adolescents. b) The respect of their fundamental rights will be ensured at all times. c) The child or adolescent may be heard, and their opinion will be valued taking into account their maturity, autonomy, and capacity to understand the matter.

Sharing your data with third parties

We may share your personal data:

with Professionals, whenever you make a booking and whenever you decide to share information with them;
with external providers, in order to provide you with the Services you have requested or to satisfy Thehealthytreatment legitimate interests, as explained in this Policy. The external providers with whom we share data will vary depending on the type of User. The types of providers are:
- cloud hosting service providers and server maintenance;
- providers of telephone, videoconference, or digital communication tools;
- content providers;
- survey tools;
- social media providers;
- customer service tools providers;
- call centers;
- external consultants, auditors, or advisors;
- payment service providers, banks, credit reference agencies, and fraud prevention agencies,
- insurance companies; and
- IT companies that provide us with software, information security, or similar services
with courts, police, and other public authorities, to comply with legal or regulatory requirements whenever we receive a legitimate request; and
with other entities in case of merger, acquisition, or investment in that business entity, or in case of business reorganization.

The third parties mentioned in this section may act as data processors or as independent data controllers, as the case may be.

If you are an End User, we will share your data with the Professionals with whom you have made an appointment in their capacity as data controllers, as we explain in section below.

International data transfers

Some of the third parties mentioned may be based outside of Colombia. In such cases, we ensure that the legal requirements established by the applicable data protection regulations for the secure transfer of your personal data are met. We always use appropriate safeguards to proceed with any international data transfer.

If you wish to obtain more information about the safeguards adopted, please contact us.

Your data protection rights

When we act as data controllers, you have the following rights. To exercise these rights, see the contact details in the “Contact Us” section below.

Right to be informedabout the processing of your personal data (i.e., for what purposes, what type of personal data, to which recipients it is communicated, retention periods, whether international data transfers are carried out).

💡 You will find all the information in this privacy policy and in the different banners and sections of the Website. Keep in mind that Professionals must inform you separately when they process your data as controllers;

right of accessto the personal data that we process;
right to deleteyour personal data unless we need it to provide you with the Services or have a legal obligation or legitimate interest to retain it;
right to rectifyyour personal data if it is inaccurate, incomplete, or incorrect. You can rectify this information yourself or ask us to do it for you. Following a claim or request from you, we will seek to ensure the rectification of the personal data we have about you;
right to objectto the processing of your data by us and, therefore, to limit it;

💡 Note that there are certain processing activities to which you cannot object, as they are strictly necessary to provide our Services;

right to revoke any consentpreviously granted. Note that we may not be able to provide you with certain Services from the moment your consent is revoked;

💡 The revocation of consent does not affect the lawfulness of processing carried out before the withdrawal;

right to the “portability”of your data stored by us, in digital format. This means receiving your personal data in a structured, commonly used, and machine-readable format, in order to transfer it to another controller, or to carry out such transfer directly, if technically feasible; and
right tofile a complaint with the data protection authority, the Superintendency of Industry and Commerce (SIC), if you believe we are processing your personal data contrary to the law.

We will always comply with our legal obligations regarding your rights. We will try to respond to you within a reasonable period, according to the deadlines established in the applicable regulations.

To protect your privacy against unauthorized access, we reserve the right to verify the identity of the requester (only when we have reasonable doubts about their identity).

The User may submit requests, complaints, or claims (“PQR”) regarding which personal data of the data subject is held on the Thehealthytreatment Platform.

The PQR request must contain the identification and come from the Data Subject and proof of the capacity in which they are acting (copy of their ID, the power of attorney granted by the data subject, the document proving their status as representative, successor, guardian, or curator), a description of the facts, the complete contact details of the applicant, including phone number, address, city, and email.

Thehealthytreatment may respond to the PQR request, to seek clarifications, supplements, or additions to the received request. If two months have passed since Thehealthytreatment’s request for supplementation or clarification and the interested party does not respond, it will be understood that they have withdrawn the submitted request and it will be filed, keeping proof of the interaction with the applicant.

Thehealthytreatment will have a maximum and peremptory period to give the response to the petitioner of (30) thirty business days. When due to force majeure, acts of God, vacations, or cessation of activities at Thehealthytreatment it is not possible to respond within the aforementioned terms, notice of the situation will be given to the petitioner, indicating the reasons and establishing the date on which the response will be provided (in accordance with the times and terms established by law, in particular the provisions of Article 23 of the Political Constitution, Law 1755 of 2015 on the right to petition, and other regulations applicable to the processing of petitions, complaints, claims, and requests.

Important note: we can only decide on data subject requests and act upon them when we act as controllers. To give an example: if you are an End User who has booked a visit with a Professional through our Website, we can delete your data or stop sending you certain communications because you have asked us to. However, the Professional may continue to retain and process your personal data (as they are an independent data controller). If you wish to exercise your rights regarding the data held by Professionals in their capacity as controllers, you must contact them directly. Whenever possible and within our capabilities, we may be able to help you do so, but we cannot be responsible for the Professional’s policies, practices, and procedures, nor for your actions and conduct.

Legal basis

You are not obliged to provide us with personal data if you do not wish to. However, to open an Account with us and use the Services, it is necessary that you provide us with certain personal data.

If you do not provide us with the data necessary to provide the Services you have requested or you object to such data processing, we may not be able to provide you with the Services (or we may only be able to provide them partially).

For certain activities, we process your personal data based on our legitimate interest. When this happens, we carry out a balancing test to ensure that your fundamental rights are not harmed or put at risk by the exercise of our legitimate interest. Remember that you can always contact us to express your objection to the processing.

Automated decision-making and profiling

We do not make decisions based solely on automated processing (including profiling) that produce legal effects or may significantly affect you.

Contact

You can contact us to exercise your rights and ask us any questions via the following email: support@thehealthytreatment.com

Any legal notices, compliance-related communication, or formal correspondence regarding our services or policies should be directed to: legal@thehealthytreatment.com.

You can also contact us:

through ourContact page on the Website
by mail to our registered office address: Calle 9C #22-22, Bretaña, Cali, Colombia.
if you are a Professional, you can contact our Customer Support.

You have the right to file a claim with us, and we will respond as soon as possible.

Links to other websites

Our Website may contain links to other websites, applications, or platforms, even through “social media buttons”. Although we strive to ensure that such links are always to websites, applications, or platforms that share our high privacy standards, we are not responsible for the content, security, or privacy policies or practices of other websites, and a link on our websitedoes not mean validation of it by us.

If you are referred to another website, application, or platform, you will be subject to the terms and conditions of those other sites (including their privacy policy and underlying practices). We recommend that you review the terms of service and related privacy notices or policies applicable to these sites, applications, or platforms before sharing your personal information with them.

SPECIFIC INFORMATION FOR END USERS

Why we use your data, legal basis, and retention periods

In the following table, you will find a detailed description of how we use your personal data.

We will retain your personal data for as long as necessary for the purposes set out in this Policy or as necessary to comply with our legal and contractual obligations.

The period for which we retain your data will vary depending on the type of data and the purposes for which we process it. We may modify these retention periods by updating this Policy accordingly.

Please note that these retention periods apply to data processed by Thehealthytreatment as a controller, but do not apply to data processed by Professionals. This is because health regulations contain specific retention obligations for Professionals (i.e., periods during which they must retain your personal data, including your health data). Regarding Professionals who process data as controllers and use our systems, we as processors follow the instructions of the Professionals. For operational reasons, we may also define default retention periods. However, it is the Professional’s obligation to ensure that they retain your data for all required retention periods (within or outside our platform). For more information on the retention periods applied by your Professionals, contact them directly.

You can consult the retention periods that Thehealthytreatment applies as a data controller in the following table:

NOTE: If you have not accessed your Account or used the Website for 3 years, we will consider your Account inactive (“Inactive”) and delete your personal data, unless you indicate otherwise. In such cases, all data mentioned in the following table will be deleted after 3 years from your last access, unless we indicate a shorter retention period in the following table (or in case of pending claims or legal proceedings).

WHY DO WE USE YOUR PERSONAL DATA?

WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Creation and management of your account You provide us with your personal data directly when you register on our Website. You can also register through social media platforms like Facebook or Google, in which case you will be asked to allow these providers to share part of your personal information with us. Please note that in these cases, the privacy policy and terms of Facebook and Google will also apply to you. We recommend that you review these terms. You can avoid registering through third parties by using our own registration forms. By registering, you accept our terms and conditions (see the first paragraph of this Policy) and therefore enter into a contractual relationship with us governed by those terms.	Name, surname, email address, phone number, address and social media (“Identification Data”) We also process the following data: gender, IP address, user identification, access data and consents, the features or functionalities you have used, and the permissions or objections you have communicated to us.	The processing of personal data is necessary to provide you with the Services.	If you close your Account or ask us to delete your data, we will retain it for a period of 3years, to comply with our legal obligations (if you pre-paid for an appointment) and to defend ourselves against potential claims. Health-related information, which may be stored in your account, will be deleted sooner, as explained below.
Booking appointments with Professionals When you book an appointment on the Website or (if available) by calling we process your data to allow you to make the booking. You can also check the history of your bookings, and manage your Account). Location-related information will not be stored by us, as it will only be processed from your browser or device, with prior consent	– Date and time of the visit – Full Name – Clinic or hospital name. – Email – IP address – User ID – Photograph (if you choose to upload one) – Location (only if you allow us to use it). This allows us to show you doctors near you. You can always disable sharing your location information. -Information provided by the User in the open text field (e.g., reason for consultation, additional non- clinical details) – Any other information you wish to add about your consultation – If you book an online consultation, we may ask for your credit card details to process the payment you make to the professional. We use an external payment processor, and we can only see the last 4 digits of your credit card. – Any additional information you decided to share or upload to your account (e.g., questionnaires, additional data) during the booking process. \| When you book an appointment, we have to process	– Regarding health data and its location, we base the processing on your consent – Regarding data that is not health-related, we process it to provide you with the Services.	We will retain this data while your Account is active. If you close your Account or ask us to delete your data, we will retain it for a period of 3years, to comply with our legal obligations (if you pre-paid for an appointment) and to defend ourselves against potential claims.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
To facilitate your quote request to a Professional/Medical Center To process and transmit your request for pricing information to the healthcare provider(s) you select. This includes contacting you via your chosen method (email, phone call-back, or other specified method) to clarify your request or confirm details.	– Full name – Email address – Phone number – Type of provider requested (Professional/Medical Center) – Preferred contact method (email, call, other) – Any details about the desired service/procedure – Optional attached file to be shared with the provider/professional for a more accurate quote – Photograph (if you choose to upload one) – Any other information you wish to add for review by the professional.	The processing non-sensitive data (Full Name, Email, Phone, etc.) is necessary to provide you with the requested service (facilitating the quote request), which is part of our contractual relationship with you as a User of the Platform. The processing of any health-related data (which is Sensitive Data) is based on your prior, express, and informed consent.	We will retain this data for 3years from the date of your request to fulfil our legal obligations (e.g., handling potential disputes) and to defend ourselves against possible claims.
Sending data related to bookings to the Professional When you make a booking through our platform, we will store this data and communicate it to the Professional. Once your personal data is sent to the Professional, they become an independent controller of your data and will process it for their own purposes. Such processing will be governed by the Professional’s privacy policy.	Same as the previous case – Additional questions asked by the Professional	The processing of personal data is necessary to provide you with the Services. Professionals are independent controllers of this personal data and process it according to their privacy policy, a copy of which they must provide you. We recommend that you ask Professionals for a copy of their privacy policy.	We will retain this data while your Account is active. If you ask us to delete your data, or if your Account becomes inactive, we will begin the deletion process at that time persuant to and in compliance with local laws and guidelines. However, please note that due to technicaL complexities, the data may not be deleted immediately
Sharing information in your Account with a Professional and third parties you select If you so choose, we allow you to share the informationand documentsstored in your Account with the Professionals you select. You can also download the information stored in your Account and share it with anyone you deem appropriate through third-party tools (such as email or messaging companies). Please note that we have no control over the environment of these third parties, so we recommend that you read their privacy policies before sharing.	Same as the previous case	We process your data based on your consent.	We will retain this data while your Account is active. If you ask us to delete your data, or if your Account becomes inactive, we will begin the deletion process at that time persuant to and in compliance with local laws and guidelines. However, please note that due to technical complexities, the data may not be deleted immediately.
Allowing online consultations When you book and/or attend an online consultation through our platform, your image, voice, and any information you disclose during the consultation will be processed by the Professional you are consulting. The online consultation itself is encrypted, so we do not have access to its content. ( through google meet)	Identification Data IP address (for connection) User ID Full Name Email Phone Booking & Administrative Data Date & Time of Consultation Insurance ( If selected) Sensitive Health Data (Pre- Consultation Any information you enter in the booking message to assist the professional in providing or scheduling a consultation.	The processing of personal data is necessary to enable and facilitate your connection with a healthcare Professional via our secure video platform	We will retain the data necessary to establish communication for a period of 3 months from the date of the consultation. Regarding the content of the consultation, we do not access the content of the consultation, only the Professional does.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Activating the chat function You can exchange messages with a Professional or their staff through the chat function in the website. In such cases, we are only responsible for processing the data necessary to establish communication with the Professional or their staff. We will be aware that you have sent a message via chat, and whether the Professional or their staff have responded. However, we will not have access to the chat content or files exchanged in the conversation, as they are encrypted; in any case, here we only act as processors. Please note that to ensure the Professional, as the controller, can respond to data subject requests and comply with their legal obligations to retain medical data, we may not be able to delete conversations (or parts of them) if requested by the Professional or the End User. Except in cases of manifest errors (e.g., a Professional adding a comment to the wrong chat), conversations will only be deleted according to the mentioned retention period.	Identification Data – IP address – Certain metadata (date and time of conversation, if a specific file was exchanged)	The processing of personal data is necessary to provide you with the Services. Regarding the content of conversations, we follow the instructions of the Professionals and act as processors.	We will retain the data for a period of 3yearsfrom the date of the conversation. Remember that we do not access the content of the conversation, only the Professional does. Please contact the Professional for any information about the content of the consultations.
Copy and save data about your past and future appointments in your Account Professionals who use our Services can directly organize bookings with you, and can also use our systems to host or process data related to those bookings, even when the booking was not made through our Website. If you create an Account, we will ask for your consent to save basic information about your past and future appointments with these Professionals in your Account. This will allow you better visibility of your appointment history and interact directly with the relevant Professionals through our platform.	– Identification Data – Names of Professionals, medical center, date and time of bookings, type of visit	We will only save such data in your Account if you give your consent. You can withdraw your consent at any time: in that case, we will stop saving data related to your future appointments. If you want data related to past appointments to be deleted from your Account, you can always exercise your right to erasure.	We will retain this data while your Account is active. If you close your Account or ask us to delete your data, we will retain it for a period of 3years to comply with our legal obligations (if you pre-paid for an appointment) and to defend ourselves against potential claims.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Personalized Services and Account Communications: To send you personalized communications based on your account activity, including appointment reminders, Summaries of administrative and account records stored in your Account, such as lists of preferred professionals, past appointment dates,, follow-ups on quotes, and requests for reviews/ratings.	Identification Data (Full Name, Email, Phone). – Booking Data (History of bookings, Professional name, Service type). – Quote Request Metadata.	The basis varies depending on the type of communication (as detailed in the full section, but generally): – Contractual Necessity (for essential service communications). – Legitimate Interest (for similar services and reviews). – Consent (for third-party or non-similar marketing).	We will retain this data while your Account is active. If you ask us to delete your data, we will retain it for a period of 3years to comply with our legal obligations (if you pre-paid for an appointment) and to defend ourselves against possible claims.
Reviews about your experience with a doctor Writing a review about a professional is voluntary. When you do, we will process your data to ensure the review complies with our conditions and guidelines. We recommend that you do not include any personal data that could identify you, or any private or sensitive information. Please note that what you publish will be public information visible to all users. If we do not publish your review, you can appeal our decision and we will process your data to handle your appeal.	– Identification Data – Content of the review – Reason for the visit – Only in case of complaints by the Health Specialist, additional information related to the appointment might be requested to guarantee the authenticity of the review.	We process personal data based on your consent or, if you ask us to delete them, we will retain them by dissociating any personal data based on our legitimate interest.	The reviews about Professionals that you publish on the Platform will not be deleted unless you expressly ask us to delete them. If requested, we will retain your review by dissociating any personal data so that people cannot see who it came from. We do this based on our legitimate interest in publishing reviews on our Website, and you can object at any time. A review will also be deleted upon valid legal request from an authority, or if it does not comply with our guidelines or applicable legislation.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Sending communications We may send you different types of communications through various means such as email, SMS, or WhatsApp. Please note that you may also receive some communications sent to you directly by Professionals through our software: in this case, we are not the sender, but merely the platform through which the Professional sends you such communications, and we act solely as data processors. If you wish to stop receiving communications from the Professional, please contact them directly. Please note that we are not responsible for errors the Professional may make when sending a communication (for example, sending it to the wrong recipient). You may also receive communications about similar services that may be of interest to you (for example, preventive medical appointment reminders and recommendations on how to use our Services). We will also send you communications asking you to leave your opinion about Professionals or to rate our Website. We send these communications based on our legitimate interest, and you will always have the right to object. For marketing communications related to third-party services, or for communications about our products or services not similar to those you contracted, we will only send communications based on your consent. We will also use consent if we personalize communications	– Identification Data – History of bookings with Professionals – Content of the communication	The legal basis varies depending on the type of communication. For some communications (for example, to confirm or manage your booking, to explain updates to our Services or terms, or to inform you how to use our Services) the processing of personal data is necessary to provide you with the Services, and you cannot object to them. For communications about similar services, review requests, and ratings: Legitimate Interest (you have the right to object). For third-party marketing or non-similar services: Consent.	We will retain this data while your Account is active. If ask us to delete your data, we will retain it for a period of 3years to defend ourselves against possible claims.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Aggregated data, metrics and analysis We will process sets of technical data related to your activity on the Website to conduct internal analysis and obtain metrics and data for our internal reports, as well as to improve our Services or detect if something is not working. We will also process the data to manage and plan our business activities (for example, to predict how our users will use our Services in the future, estimate trends in user needs and preferences, and exclude certain users from advertising audiences). In these cases, the information will be pseudonymized or anonymized. We will not use personal data in these reports, only aggregated data. Some of these processing activities may use cookies or similar technologies. We recommend that you read our cookie policy, which you will find later in this document.	– Information about your device (computer or mobile phone) – Unique identifiers (normally stored in cookies on your device) – IP address, time zone and language, or browser used – Information about when, how, and how long you use the Services (first and last use, session duration in the Account) – Data related to your activity on the Website (e.g., number of bookings made, number of failed attempts made, number of times a Professional’s profile has been visited in a given period, general activity on the Website).	We process this data on the basis of our legitimate interest in conducting internal analysis to measure our business metrics and continue improving our services.	We will retain this data while your Account is active. If you ask us to delete your data, we will retain it for a period of 3 years, for the purposes of our legitimate interest in conducting internal analysis and defending ourselves against potential claims. We may retain the data for longer, provided it is anonymized.
A/B Testing and Service Improvement: To analyze and periodically improve our Platform and Services by showing you slightly varied content, making the experience more efficient and interesting for End Users.	Identification Data (e.g., User ID, IP address, device type).	Legitimate Interest: Our legitimate interest in continuously improving and optimizing our services and digital platform for the benefit of our users and our business.	If you ask us to delete your data, we will retain it for a period of 3years, for the purposes of our legitimate interest in conducting internal analysis and defending ourselves against potential claims.
End User support: To process data in order to offer you assistance whenever you have questions, suggestions, or technical problems related to the Platform and our services.	Identification Data (Full Name, Email, Phone, User ID). – Content of the request (text, suggested solutions, attachments).	The processing of personal data is necessary to provide you with the Services and respond to your requests.	We retain this data while your Account is active. If you ask us to delete your data, we will retain it for a period of 3 yearsto comply with our legal obligations (e.g., records of pre-paid appointments) and to defend ourselves against potential claims. We may retain the data for longer, provided it is anonymized and used for internal analysis.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Surveys and interviews (market studies) To better understand the needs and desires of users of our products and services, we periodically conduct surveys and interviews as part of our market studies. The results of these research activities allow us to improve our products and services.	– Identification Data – Survey responses	Non-Sensitive Data (Identification, Responses): Legitimate Interest in monitoring and improving the quality of our services (You have the right to object). Sensitive Health Data (Voluntarily Disclosed): Consent (You must provide explicit consent if you choose to reveal sensitive data).	We will retain this data for the time necessary to carry out the specific market research activity and analyze the conclusions, but no more than 3 years.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Third-party advertising We will show advertisements for third-party products on our Website. If you give your consent to necessary third-party cookies (such as Google cookies), these advertisements will be personalized. This means, for example, that if you showed interest in a specific product on a different website, we may show you an advertisement for this product on our Website.	– Information about your device (computer or mobile phone) – Unique identifiers (normally stored in cookies on your device) – IP address, time zone and language, or browser you use – If you have clicked on a specific advertisement	Non-Personalized Advertising: Legitimate Interest in marketing our websites (You have the right to object). Personalized Advertising: Consent to third-party advertising cookies (Consent can be given via the cookie banner and withdrawn at any time). Note that we will not share health data with third parties for advertising purposes.	Platform (Our Retention): We do not store data related to advertising beyond the duration of the session in which an advertisement is shown to you. Third-Party Providers (Their Retention): Third-party providers process your data as independent data controllers for advertising purposes for a longer period of time, provided they have a legal basis to do so. (Refer to the provider’s own policy for specific storage periods.) Regarding advertisements displayed on our pages through Google Ads, you can find all important information, including the storage period, here and here.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIODS
Recording of calls and video We may record calls and video calls (i) to analyze the quality of our Services, always with the aim of improving them, (ii) to keep evidence that you have entered into a contractual relationship with us and have acquired our Services, and (iii) if you write a review contrary to our guidelines and require changes, to ensure that the changes you have requested during a call are recorded. We may also record calls and video calls that cover surveys and interviews. Whenever we record a call or video call, we will inform you beforehand	– Identification Data – Content of the call	We process data on the basis of our legitimate interest in monitoring the quality of our services. You always have the right to object. If you contract a Service, your proposed review goes against our guidelines, or you make a claim against us, we may record the call to be able to demonstrate that we comply with our legal and contractual obligations and to be able to defend ourselves against potential claims.	We will retain the data for a period of 3yearsafter the recording to defend ourselves against potential claims.
Protection of the security of your personal data, including the prevention of cyberattacks or incidents related to information security (hacking, identity theft, etc.).	– IP address – Technical data related to the connection and use of the Website – Information about the browser and hardware	The processing is necessary for compliance with our legal obligations (among others, those established by applicable privacy regulations).	We will retain the data in accordance with the retention period defined for each functionality. Unless the data must be retained for another processing activity mentioned in this table, we will retain the data for a maximum period of 3 years (in the same cases, much less) after the processing has taken place.
Managing your data subject rights requests: we will process data to manage your request, provide you with a response, and, where applicable, address your request.	– Identification Data – Content of the request	The processing is necessary for compliance with our legal obligations.	We will retain your personal data for 5yearsfrom the date the request is closed, to be able to defend ourselves in case of any legal action or claim.
Managing your claims: we will process data to respond to, investigate, and manage any claim or complaint (submitted by you or a third party) in relation to the Services and your use of them.	– Identification data of the claimant and involved third parties – Any data related to the content of the claim and/or that we may need to defend ourselves from the claim	The processing is necessary to provide you with the Services and to defend ourselves from claims.	We will retain all personal data necessary to investigate, process, handle, and respond to any complaint for 5years from the date the complaint is closed,to address any potential legal action or claims arising from the complaint.

Creating an Account or Making a Booking for a Third Party

An End User may make a booking and/or create an Account on behalf and for the benefit of a third party (generally, a minor under the legal guardianship or supervision of the End User, or a family member) (the “Beneficiary“) provided that the End User (i) has been previously and expressly authorized by the Beneficiary, or (ii) is legally authorized to act on behalf of the Beneficiary.

In such cases, the End User will only make a booking and/or create an Account if they have a valid legal right to transmit the Beneficiary’s personal data (including contact details) to the Company and to the Professionals and to provide accurate, complete, and correct information about the Beneficiary.

By providing the Beneficiary’s personal data, the End User declares that they are legally empowered, or expressly authorized by the Beneficiary, to manage or transmit the information on their behalf.

If the End User, for any reason, ceases to be authorized to use the Beneficiary’s data, they must immediately delete the Beneficiary’s data from the Account and request that the Professionals change the patient’s contact details to stop receiving booking information.

Inclusion of Third-Party Data in the End User’s Account

As an End User, you may decide to include in your profile personal data (including health data) of your family members and, where applicable, share such data with Professionals. In such cases, you must (i) only include such third-party personal data if you have their consent or are legally authorized to do so, and (ii) only include the personal data that is strictly necessary to receive medical assistance from the Professionals.

The Company as a Data Processor

The Professional becomes an independent controller of the End User’s personal data when the End User makes a booking or initiates a chat, video consultation or request a quote with the Professional on the Website or in all other cases where the Professional receives data from you or from us and processes it for other purposes (see some examples below). In these cases, the End User becomes a Patient, meaning the Professional will decide how and for what purposes the End User’s personal data will be processed. Therefore, the Company will only be a processor of the End User’s personal data and will only act following the Professional’s instructions.

💡 Therefore, the processing of Patient data is decided by the Professionals and is governed by the Professional’s privacy policy and related documents. Professionals must inform you about how they process your data. We only follow their instructions.

Below you will find some examples where Thehealthytreatment acts as a data processor:

when, as an End User, you make a booking with the Professional, and also when the Professional directly schedules an appointment with you as a Patient and saves it in their online calendar within our platform, the Professional will process your data to provide their services to you, manage their schedule, reschedule or cancel bookings. They may also process your data to write notes and reports about your appointment, your health status, and your conditions, symptoms, and similar information;
when Professionals use our platform to send communications to Patients via phone call, email, or any other means. The professionals decide who the recipients are and the content of such communications;
when Professionals use our platform to store data about Patients (for example, any health data and documents containing health data that you exchange with the Professional);

When a Patient utilizes the “Request a Quote” feature, uploading photos or entering medical data into a text field. The platform makes this data accessible only to the specific Professional for the purpose of generating a service proposal, with Thehealthytreatment maintaining a record of such feature use;

when Professionals use the chat functionality within the Website to communicate with Patients and exchangeinformation; or

when Professionals exchange content or information with Patients during an online consultation.

Thehealthytreatment has a separate data processing agreement with the Professional, which regulates how we will follow their instructions when processing personal data.

SPECIFIC INFORMATION APPLICABLE TO PROFESSIONALS

If you are a Professional who uses the Services, you have an Account and have therefore established a contractual relationship with Thehealthytreatment (either by accepting our terms and conditions for using the Website or by subscribing to a commercial agreement for using the Service), the following applies to you.

This section also applies to you if you are a Professional interested in contracting our services.

NOTE: If, on the other hand, you are a Professional working for a clinic, hospital, or other medical center that is a client of Thehealthytreatment, we may create a public professional profile for you on our Website. Regarding the rest of your data, we follow the instructions of the medical center as data processors, based on the contract we have with them. Once your contractual relationship with the clinic ends, we will retain your public profile on the website in our capacity as data controllers, either based on an independent and direct contract with you (if you have your own independent personal Account), or (if you do not) based on our legitimate interest. You can exercise your rights at any time.

Why we use your data and legal basis

WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIOD
To offer our services If you are a Professional and have shown interest or, based on your professional skills, we believe you may be interested in our Services, we may contact you to offer you Services that may be of interest to you.	– Name, surname, – phone number and – professional email address (collectively, “Professional Identification Data“) – Specialization – and training of the professional. -RETHUS NUMBER	Depending on the circumstances, we will process your data based on our legitimate interest in offering our Services, or on your consent. When negotiating the Service terms with you, we will process your data based on pre-contractual processing. Unless the processing is due to pre-contractual needs, you can object to the processing or withdraw your consent, as applicable, at any time.	We will retain this data for a period of 3yearsfrom the last time we contacted you or from the last time you showed interest in our Service (for example: the last time you contacted Thehealthytreatment)
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIOD
Creation and management of your account We obtain your personal data directly from you when you register on our Website. We process the data to create and allow you to manage your Account.	– Professional Identification Data – Professional addresses and contact information – Information about your specialization and training – Your license, association membership, or certification number – Your image – Any other data you provide during registration or contracting – IP address – User ID – Access data	When you register with us, you accept our terms and conditions and therefore establish a contractual relationship with us. The processing of personal data is necessary to provide you with the Services.	We will retain this data while your Account is active and for an additional period of 3 years in order to comply with our legal obligations relating to, for example, accounting, digital platforms, fraud prevention, or money laundering and to defend ourselves against possible claims.
Use of the services If you have contracted our Services, we will process your data to provide you with the Services (for example, enabling the booking calendar, chat, request a quote and/or telehealth functionality on the Thehealthytreatmentplatform). a. To ascertain and monitor professional suitability and conduct. b. To inform about the professional profile, including their image, the availability of their products and services within the digital platform. c. To ascertain the ratings and comments of services coordinated through the digital platforms.	– Details about your schedule – IP address, User ID – Certain metadata such as the browser used or time of connection – Activity logs	The processing of personal data is necessary to provide you with the Services.	We will retain this data while your Account is active and for an additional period of 3years in order to comply with our legal obligations relating to, for example, accounting, digital platforms, fraud prevention, or money laundering and to defend ourselves against possible claims.
Creation and/or management of your public Professional profile As part of the Services, we will process data to create, manage, and maintain your public profile.	– Professional Identification Data – Professional addresses and contact information – Information about your specialization and training – Your license, association membership, or certification number – Your image – Any other data you provide during registration or contracting – IP address – User ID – Access data	When you register with us, you accept our terms and conditions and therefore establish a contractual relationship with us. The processing of personal data is necessary to provide you with the Services.	We will retain this data while your Account is active and for an additional period of 10 yearsin order to comply with our legal obligations relating to, for example, accounting, digital platforms, fraud prevention, or money laundering and to defend ourselves against possible claims. If you request it, we will make your public Professional profile unavailable to the general public and will retain it internally only for the purposes mentioned in the previous paragraph, unless there are reasons of public or legitimate interest that we consider override your request, which we will communicate to you in any case before finalizing our decision. If we make your public Professional profile unavailable to the general public, this also includes the reviews given about you. However, please note that in such cases, if you create a new Professional profile on our Website, we will publish those reviews on the new profile.
Billing and collection If you have contracted our Services, we will process your data to issue invoices and collect payment.	– Professional Identification Data – National identification number and, if applicable, tax identification number – If necessary, bank account number NOTE: We use external payment providers, so we can only see the first 4 digits of your credit or debit card number, and we do not store card data.	The processing of personal data is necessary to provide you with the Services.	We will retain this data while your Account is active and for an additional period of 10 yearsin order to comply with our legal obligations relating to, for example, accounting, digital platforms, fraud prevention, or money laundering and to defend ourselves against possible claims.
Create and manage your Google My Business listing on your behalf In order to give greater visibility to your professional profile, if you agree, we will include your professional information in certain search engines (including Google or Google My Business) and online maps (including Google Maps).	– Professional Identification Data – Specialization – Professional addresses	We process this data and share it with the search engine based on your express consent. Please note that in these cases: (i) the search engine becomes the controller of this data and will process it for its own purposes. (ii) Google may transfer your data to a third country. (iii) Reviews left on your Google My Business profile are managed by Google as the controller, not by us. You can find more information here. You can always withdraw your consent simply by notifying us. If you decide to do so, you will be able to directly and autonomously manage your profile on these search engines and decide what personal data is published on it.	We will retain this data for the time you wish us to manage your Google My Business account.
Reviews about you written by your Patients and responses you give them We will process data related to reviews made about you as a Professional, as well as the responses you give to those reviews (if applicable). Complaints you file against reviews: you can file a complaint against a review if you believe it goes against our company’s conditions and submit what we internally call an “ report abuse.”	– Professional Identification Data – Content of the Patients’ reviews about their experience with you – Responses given by you as a Professional – Identification Data of the Health Specialist – Content of your complaint	The processing of reviews is based on the consent of the End User. If End Users ask us to delete reviews, we will retain them by dissociating any personal data based on our legitimate interest. The processing of responses you provide is necessary to provide you with the Services. The processing is necessary to provide you with the Services.	Regarding reviews, we will retain this data after you stop using the Services based on the consent given to us by your Patient. A review will be deleted upon valid request from a competent authority or if the End User who wrote the review expressly requests it (in these cases, we will retain the review, dissociating any public data that could identify the End User). Regarding responses given by the Professional to these reviews, we will retain them based on the contractual conditions agreed with the Professional. We will retain your personal data for 5years from the date the complaint is closed, to be able to defend ourselves in case of any legal action or claim.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIOD
Manage and send communications As our customer, you will receive communications from us regarding the Services. We will also inform you about similar services that may be of interest to you, as well as news and new initiatives from the Thehealthytreatment that may be of interest to you.	– Professional Identification Data – Communication contents	To send communications related to services similar to those you receive from us, we base this on our legitimate interest. Given their commercial nature, you will always have the right to object to receiving them, in which case we will stop contacting you, except for non-commercial communications related to your Account, the Services, or the Service contract (which are not commercial or marketing communications, but are necessary to provide you with our Services). For marketing communications related to third-party products or products not related to those you contracted, we will only send communications based on your express consent.	We will retain this data while your Account is active. If you close your Account, ask us to delete your data, or if your Account is not Active, we will retain your data for a period of 3 years, to comply with our legal obligations and defend ourselves against possible claims.
Surveys and interviews (market studies) To better understand the needs and desires of our customers, we periodically conduct surveys and interviews as part of our market studies. This allows us to improve our websites, products, and services. We will also use the information collected through surveys and interviews to conduct promotional and marketing activities, provide you with support services, and send you offers for products and services tailored to your individual needs.	– Professional Identification Data – Survey responses	We process data on the basis of our legitimate interest in monitoring the quality of our services. You always have the right to object. If we record interviews conducted with you, we do so on the basis of your consent	We will retain this data while you have an active Account with us. Recordings of interviews conducted with you will be retained for the time necessary to carry out the specific market research activity and analyze the conclusions, but no more than 3 years.
WHY DO WE USE YOUR PERSONAL DATA?	WHAT DATA?	LEGAL BASIS	RETENTION PERIOD
Communicate data to judicial or governmental bodies or other public authorities If we receive a request from a judicial or governmental body or other competent public authority, we may be obliged to disclose data to said authority, including your personal data. Before responding to any such request, we will first analyze whether the request is valid and made in accordance with applicable legislation. We will only disclose the data strictly necessary to address the request, and we will attempt to reduce its scope if we consider it disproportionate. Please note that, under certain circumstances, we may not be able to inform you that we have received such a request.	– Professional Identification Data – List of bookings – List of Patients – Files exchanged with Patients – Billing and payment data	The processing and communication of this data to these authorities is based on the obligation to comply with our legal obligations.	We will retain this data for the time required by applicable laws and regulations.
Customer service We will process your data to provide you with assistance whenever you have questions, suggestions, or technical problems with our platform.	– Professional Identification Data – Content of the request	The processing of personal data is necessary to provide you with the Services.	We will retain this data while your Account is active and for an additional period of 10 years, in order to comply with our legal obligations relating to, for example, accounting, digital platforms, fraud prevention, or money laundering and to defend ourselves against possible claims.
Recording of calls and video for Quality Assurance We may record video calls to analyze the quality of our services, with consent, always with the aim of improving them. If you have not yet contracted our Services, we may also record the call so we can analyze how we offer our Services in order to improve. These recordings will take place, for example, when you call your account manager or our customer service, or when you submit a complaint. Whenever a call or video call is recorded, we will inform you.	– Professional Identification Data – Content of the call	We process data on the basis of our legitimate interest in monitoring the quality of our services. You always have the right to object. If you contract a service or submit a complaint or claim against us, we may record the call to be able to demonstrate that we comply with our legal and contractual obligations.	We will retain this data for a period of 2 years from the date of the recording to comply with our legal obligations and to be able to defend ourselves against possible claims.
Metadata To provide you with the Services (for example, to check if something has failed or is not working correctly) and to improve these services, we will process some metadata. Some of these processing activities may use cookies or similar technologies. We recommend that you read our cookie policy, which you will find below.	– IP address – Information about your device – Browser used – Information about when you entered the Site and the duration of the connection	The processing of personal data is based on our legitimate interest in improving our services.	We will retain this data for 2 years from the time of collection in order to improve our services.
Processing your claims We will process data to respond to, investigate, and manage any claim or complaint (submitted by you or a third party) in relation to the Services and your use of them.	– Identification data of the claimant and involved third parties – Any data related to the content of the claim and/or that we may need to defend ourselves from the claim	The processing is necessary for compliance with our legal obligations, to provide you with the Services, and to defend ourselves from claims.	We will retain your personal data for 10years from the date the claim is closed, to be able to defend ourselves in case of any legal action or claim.

SPECIFIC INFORMATION APPLICABLE TO VISITORS

If you are a Visitor, we may process the following data about you:

information about your device;
IP address (which will show your geolocation);
time zone and language;
the browser you use;
information about how you have interacted with our Website; and/or
information about when you entered the Website and the duration of the connection.

The processing of this data is necessary to provide you with our Website and other websites reliably and securely. All this data is sent directly by your browser to our web servers when you browse our Website. We also use this data to document access to our web servers for security reasons.

Although we will not process any personal data that directly identifies you, some of this data may identify you indirectly and, as such, may be considered personal data. Some of this data may be collected through cookies or other similar technologies, so we ask that you consult our cookie policy.

If you wish to exercise your rights, please see section above

We will retain your data for 1 year from the date of your last visit to our Website.

COOKIES AND SIMILAR TECHNOLOGIES

Here we describe what information we collect through cookies and similar technologies, how we use it, and why we sometimes need to store and retain these cookies. We also explain how to prevent these cookies from being stored, although in some cases this may involve reducing or “stopping” some elements and functionalities of the Site.

There are also certain cookies (so-called “necessary cookies”) that are essential to provide the digital Services and to ensure that these Services work correctly and do not interfere with the Site’s core functions. These cookies cannot be rejected and will always be installed if you use our Site. You will find more information below in this Policy.

What are cookies?

Cookies are small pieces of information that are downloaded to your computer or any other device you use to browse our Website. Almost all professional websites use cookies. Typically, a cookie includes the following information: the name of the website it comes from; the length of time the cookie will remain on your computer or device; and a value (often a randomly generated unique number). Some cookies may include additional data, particularly related to the time zone or language used when browsing the websites.

When we say “cookies” in this Policy, we also refer to any other technology we may use, such as those described below.

What similar technologies to cookies do we use?

In addition to actual cookies, we may also store information on your computer or mobile device in local storage objects or session storage objects. These objects are similar to cookies in the sense that we use them to store small pieces of information on your device for the same purposes for which we use cookies.

We may also use so-called tracking pixels. These are small, often transparent, images that are downloaded to your device along with the rest of the content of our Website. By downloading these images to your device, certain information about you is transferred to us or to third parties, primarily the fact that you have visited our specific Website.

What types of cookies do we use?

According to who controls them

First-party cookies:Controlled by us and sent to the User’s device from a device or domain managed by us.
Third-party cookies:Controlled by third parties and sent to the user’s device from a device or domain managed by a third party.

According to their purpose

Some cookies are always active when you visit us and you cannot deactivate them unless you change your browser settings. We call thesenecessary cookies. We use them, based on our legitimate interest in providing our Services, to ensure our digital Services work correctly, detect errors, monitor traffic, and enable the Website’s core functionality, such as user login and account management. Also to ensure the security of our Website, to ensure our Website loads faster, to keep you logged in across different devices, making logins faster and more accessible by remembering your client data, remembering the contents of your booking, etc. If you disable these cookies, our online Services will not work properly and you may not be able to use them.
We usefunctional cookies to make your experience more user-friendly, in particular to store your information on our Website and personalize the content of our Services. These cookies can help us present you with content that matches your interests and preferences.
We useperformance cookies to evaluate how our Services are used and obtain usage statistics. Also to improve our Services, predict how users use our Website, and exclude you from being shown our advertisements on third-party websites.
We usemarketing cookies for (targeted) advertising. We use these cookies to offer you advertisements for our Services on third-party websites and to display advertisements for third-party products on our websites. We use these cookies in collaboration with our marketing partners.
We usesocial media cookies to incorporate Social Media Services into our Website, allowing you to use these features, for example, to share our content with your friends and networks. These cookies are capable of tracking your browser on other websites and creating a profile of your interests. This can influence the content and messages you see on other websites you visit.

How to give your consent to cookies, withdraw it, or change your preferences?

You give your consent by browsing our Website.

You can disable these cookies by changing your browser settings. However, please note that, depending on which cookies you disable, our Services may not work correctly or you may not be able to enjoy the full range of Services.

How long do we keep cookies?

Depending on the type of cookie, some are stored for a short period of time, while others are stored for longer periods.

Session cookies: These cookies only last for a specific session you have with us and are automatically deleted when you close your browser.

Persistent cookies: These cookies last even after the browser is closed or the device is turned off and are active for a period of time defined in the cookie. We use persistent cookies when we need to know who you are for longer than a single browsing session lasts. For example, we use them to remember your preferences for the next time you visit our Website.

How can I disable cookies?

You can prevent cookies from being installed by changing your browser settings. You will find instructions on how to do this in the following table. Please note that disabling necessary cookies or not giving your consent will affect the functionality of this and many other websites you visit. Disabling cookies will also typically disable certain functionalities and features of our Services.

The links provided for information on how to uninstall cookies lead to external websites over which we have no control or responsibility. We strive to keep these links updated; however, URLs and content may change without prior notice. Therefore, we cannot guarantee that these links will always be accurate and current. It is the user’s responsibility to verify the correct information and follow the appropriate procedures according to the official or authorized source.

Browser	Link to Settings	How to manage cookies
Google Chrome	https://support.google.com/chrome/answer/95647	Click on the three dots in the upper right corner and open “Settings”. In site settings, click on “Security and privacy” to manage cookies.
Safari	https://support.apple.com/en-us/HT201265	Go to the “Preferences” settings page and click on “Security”. In “Security” you can manage your cookies.

✉ Request a Quote

Select Listings

Call Back for more details

Email back with the best quotation

If other, please specify

Send clear photos of your teeth: front, left, right, upper, and lower.