Privacy Policy of Klinika Madoń

Effective as of: September 2025
Contact: kontakt@klinikamadon.pl
English version (EN): https://en.klinikamadon.pl
German version (DE): https://de.klinikamadon.pl
Russian version (RU): https://ru.klinikamadon.pl
Polish version (PL): https://klinikamadon.pl

1. Introduction

This Privacy Policy sets out the rules for the processing of personal data by Klinika Madoń when you use our website, contact forms and aesthetic medicine services.
The data controller is DRJM GROUP Sp. z o.o., with its registered office in Warsaw, Poland.
By using our website, you accept the rules described in this document.

2. Scope of data we process

2.1. Personal data

We process only the data necessary for the provision of our services, in particular:

  • first name and surname,
  • contact details (telephone number, e-mail address),
  • health data (medical information, medical history, contraindications, diagnostic images),
  • data concerning payments made (without storing card numbers).

2.2. Technical and analytical data

  • IP address, device identifiers, browser type, operating system,
  • location data based on browser settings,
  • website usage statistics (Google Analytics 4, Meta Pixel, etc.).

2.3. Communication and marketing data

  • contents of messages submitted via forms,
  • marketing consents (newsletter, SMS, telephone calls).

3. Purposes and legal bases of data processing

We process personal data in accordance with Articles 6 and 9 of the GDPR:

  • Provision of aesthetic medicine services
    – Article 9(2)(h) GDPR (health data).
  • Performance of a contract / booking of an appointment
    – Article 6(1)(b) GDPR.
  • Contact and handling of enquiries
    – Article 6(1)(f) GDPR (legitimate interest).
  • Marketing and personalisation of content
    – Article 6(1)(a) GDPR (freely given consent).
  • Analysis and improvement of service quality
    – Article 6(1)(f) GDPR (legitimate interest).
  • Compliance with legal obligations
    – Article 6(1)(c) GDPR (e.g. medical documentation, tax obligations).

4. Data disclosure

Personal data may be disclosed only to:

  • entities providing IT, hosting and online booking services,
  • doctors performing medical procedures,
  • accounting services and payment service providers,
  • entities authorised under applicable laws (e.g. public authorities).

Data are not transferred outside the EEA, unless a given tool (e.g. Meta, Google) applies standard contractual clauses adopted under the GDPR or other adequate safeguards required by law.

5. Data security

We use SSL encryption, server-side safeguards, pseudonymisation and access control.
No method can guarantee 100% security; however, we apply industry standards required in the medical sector.

6. Data retention periods

  • medical documentation – 20 years (in accordance with the Polish Act on Patients’ Rights),
  • contact data – up to 3 years from the last contact,
  • marketing consents – until they are withdrawn,
  • cookie data – in accordance with the respective cookie settings and retention periods.

7. Your rights (GDPR)

You have the right to:

  • access your personal data,
  • rectification of your data,
  • erasure of your data (“right to be forgotten”),
  • restriction of processing,
  • data portability,
  • object to the processing of your data,
  • withdraw your consent at any time.

Requests may be submitted to: kontakt@klinikamadon.pl
Supervisory authority: President of the Personal Data Protection Office (Prezes UODO, Poland).

8. Cookies

We use cookies in accordance with the requirements of e-Privacy and DSA/DMA (2025):

  • technical cookies – necessary for the operation of the website,
  • analytical cookies – used subject to your consent,
  • marketing cookies – used only with your explicit consent.

Before non-essential cookies are activated, a consent banner is displayed.

9. External links

Our website may contain links to third-party websites.
We are not responsible for the privacy policies of such external websites.

10. Processing of patients’ images

10.1. Medical (diagnostic) images

Images submitted by patients are used solely for health-related purposes, in particular for:

  • treatment planning,
  • assessment of skin condition,
  • medical documentation.

Legal basis: Article 9(2)(h) GDPR.
We do not use such images for any other purposes without your consent.

10.2. Use of images for marketing purposes

Only on the basis of the patient’s freely given, written consent, images may be used in:

  • the website,
  • social media,
  • advertising and promotional materials.

By default, we use full anonymisation unless the patient expressly consents to the publication of their likeness.

11. Contact data and bookings

Data provided via forms (name, telephone number, e-mail address) are used solely for:

  • organising appointments,
  • contacting the patient,
  • sending information about offers – only where a valid marketing consent has been granted.

12. Right to withdraw consent

You may withdraw your consent to the processing of your personal data or images at any time.
Contact: kontakt@klinikamadon.pl

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

13. Amendments to this Privacy Policy

We reserve the right to update this Privacy Policy.
Information about any changes will be published on this website together with the new effective date.

14. Contact

If you have any questions regarding the processing of your personal data, please contact us at:
kontakt@klinikamadon.pl

All procedures at the Klinika Madon are performed by qualified aesthetic medicine doctors.

Schedule an appointment
Contact