Your data is collected only for its intended purpose and with your full consent. You have the right to delete your data from all of our properties whenever you wish.
The purpose of this document is to familiarize you with the new Privacy Policy of Beauty by Experts Medical, a Ukrainian service company registered under FLP “Chabdaieva Mariia Mykolaevna” with registration number 3287504303.
Website address https://experts-beauty.com/ and all associated social media accounts.
We = Beauty by Experts Medical as a business organisation.
You = As an individual or legal entity.
Personal data: any information relating to an identified or identifiable natural person (‘data subject’), e.g., name, address, e-mail, order data, vehicle data.
When you visit our website or want to learn about any of our services or how to do business with us, you may need to share your information with us, including personal information. This information can be anything depending on the degree or type of service required. The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).
We want to let you know how we handle your personal data and your rights under the European General Data Protection Regulation (GDPR). Our privacy notice includes terms defined by the GDPR, such as processing, restricting processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority, and international organization. You can find the definitions for these terms in Article 4 of the GDPR.
The entity responsible for the processing of personal data is:
PE Chabdaieva Mariia
Ukraine, Kharkiv, Haharina avenue 176/5, 61124
+380500658570, email: doctor@exp-medical.com
+380500658570, email: doctor@exp-medical.com
Ukraine, Vinnitsa, K. Vasilenko 6, 21037
We collect the following information:
Depending on the nature of the services required, we may collect various types of data from you, which include, but are not limited to:
Personal data
When you just browse our website without registering or sending us any information, we only collect data that your browser sends to our server. This data includes your IP address, the date and time of your visit, the time zone difference from Greenwich Mean Time (GMT), the specific page you visited, the status of your request (like a success or error code), the amount of data transferred, the page you came from (referrer URL), your operating system, language and version, browser type, and confirmation that the page loaded successfully.
If you contact us via form, email, or chat, we also collect personal information such as your name, address, email, phone number, type of therapy, treatment date, and any other information you provide in your message.
Medical Information
If you contacted us about your treatment, plastic surgery, examination or other health issues , we may collect this information, which may include your data about the past and present physical and mental health.
Administrative Documents
When we arrange travel, we may collect information about your past or current visas, copies of passports, birth and/or marriage certificates, identification codes, parental permission to take the child abroad, and any other documents necessary to prepare your travel documents, hotel reservations, and flight tickets.
Technical information
We use cookies on our website. Cookies are small text files made up of letters and numbers that are stored on your computer when you visit certain websites.
Some cookies are essential for our website to work properly, while others help us understand how you use our site so we can make improvements.
By default, we only use necessary cookies. These cookies are crucial for the basic functions of our website. Without them, the website may not display correctly or some parts may not work at all. You can block necessary cookies by changing the settings in your browser.
When you visit a website, your browser may accept ask to collect cookies. You have a right to accept or to deny the collection of your date via cookies experts-beauty.com The following data is collected by cookies: your technical data, such as geographic location, IP address, Internet service provider, operating system type, browser, date and time you visit this site, the number of times you visit us, referral addresses or search engines that you used to find us may be stored in our server’s statistical and log files.
Marketing information:
These technologies are used by advertisers to serve ads that are relevant to your interests:
Facebook Pixel
Google Ads
Google analytics
Google Ads remarketing
Youtube Video
These technologies enable us to analyse user behaviour and to collect your reviews in order to improve the performance:
Hotjar
Trustpilot
Google maps
Your data is usually provided directly to us, in some cases, it may be sent to us indirectly:
Via email address
Via WhatsApp, Viber or Telegram
Through a phone call
Through the forms provided to you on experts-beauty.com
Through our agents, in person
Through physicians or hospital
One of your family members or an authorized person
Through your beneficiaries (insurance companies, etc.)
We store your information in the following way:
Your electronic data may be stored on computers owned by us, at the CRM system and in our chat for communication. We use maximum measures to protect these computers from intruders and data theft.
Your electronic data may only be transferred to a doctor or medical institution abroad with the purpose to arrange your treatment of a remote medical consultation.
We store your data on our servers in Poland. To process it in a secure and GDPR compliant manner we use: encryption, contractual obligations, storage controls, access levels and supplier security checks.
What we DO NOT do with your data:
We use your data only for the purposes previously agreed with you and only for the purpose of performing the service previously agreed with you.
We DO NOT sell, trade or transfer your information to any irrelevant third party. No advertisers will have access to your data through us. We do not distribute your information to any other party for political, educational, research or marketing purposes.
What we DO with your data:
The data may be used to arrange medical treatment, examination or plastic surgery for you or your loved ones, to assess the physical or mental state if you contact us for medical purposes.
If you have provided us with your financial information, such as your bank account and credit card account, then this information will only be used if we need to send you invoices or charge you for any provided service.
If your data is of a technical nature (mentioned above), it will only be used by our webmasters and analysts to improve our website and the services we offer. The technical information does not necessarily fall under personally identifiable information or sensitive personal information.
Inside our company, different teams need your data to arrange medical treatment and plastic surgery.
Also, other companies we work with (following GDPR Article 28) might see your data for things like IT services, telecom, sales, and marketing. When we use these companies, we make sure they follow all legal and security rules to protect your data.
We only share your data with third parties when it’s legally required or necessary for your treatment. For example, we might share data for contracts or business reasons under GDPR Article 6. We will also share your data if you give us permission. If you’re just browsing our website, we don’t share your data with anyone.
We retain your data for as long as we are handling your case or providing services to you. For example, we will retain your medical information for as long as we arrange your treatment. Your personal data will be stored for 3 years in case you would required to renew our services unless you request to delete it earlier.
Once the service is completed, you have the right to ask us to return (if any) or delete your data (in the case of electronic copies). See below for instructions on how to request deletion or return of your data.
If your job application is not successful, we will delete your data after 6 months. If you agree to let us keep your data longer, we will move it to our applicant pool. In this pool, your data will be deleted if you withdraw your consent or after 5 years, whichever comes first. If you get the job, your data will be stored in our employee management system.
If you have any questions or doubts, you can contact us in the following ways:
By postal mail Beauty by Experts Medical, St. K. Vasylenko 6, sq. 47, Vinnytsia, Ukraine
By e-mail doctorexpertsmedical@gmail.com
Please include “Personal Data and Privacy” in the subject line of your email.
Your data will be processed within the European Union and in Turkey. If a country, like Turkey, does not have an adequacy decision by the Commission under Article 45 GDPR, we either use EU standard contractual clauses with the recipients of your data or get your consent for the transfer.
According to Article 15 GDPR, you have the right to know if your personal data is being processed. If it is, you can access this data. We will provide you with your stored personal data and information as detailed in Article 15, paragraph 1 GDPR. However, this right has limits, detailed in Article 15, paragraph 4 GDPR.
You can ask us to correct any inaccurate personal data or complete any incomplete data under Article 16 GDPR.
You can ask us to delete your personal data without undue delay under Article 17 GDPR, but there are exceptions. For example, if we need to process your data to fulfill a contract, comply with legal obligations, or defend legal claims, we may not be able to delete it. The details are in Article 17 GDPR.
Under Article 18 GDPR, you can ask us to limit how we process your data if certain conditions are met. We can still store the data but will only process it under strict rules. The conditions are detailed in Article 18 GDPR.
According to Article 20 GDPR, you have the right to data portability. This means you can request your personal data in a structured, commonly used, and machine-readable format. You can also ask us to transfer this data directly to another party if it’s technically possible. The details are in Article 20, paragraphs 3 and 4 GDPR.
You can withdraw your consent to the processing of your personal data at any time. This will only affect future processing and not the legality of the processing based on your consent before the withdrawal.
We use your personal data according to the European Data Protection Regulation (GDPR) for these reasons:
Consent (Art. 6 para 1 lit. a GDPR)
If you give us permission, we can use your data for things like contacting you, sending newsletters, or advertising. You can withdraw your consent at any time, but it will only apply to future use. To withdraw, use the contact details above.
Consent for Health Data (Art. 6 para 1 lit. a and Art. 9 para 1 GDPR)
By using our website and our treatment and plastic surgery arrangement services, you consent to the processing of personal data for certain purposes
When you check the consent box on our form, you let us use your personal and health data to give you information about medical services and costs. We might share this data with hospitals and clinics inside and outside the EU/EEA.
Contractual Obligations (Art. 6 para 1 lit. b GDPR)
If you contact us through a form, email, phone, or WhatsApp, we use your data to handle your request and to make or perform a contract with you. This also applies if you are a healthcare provider contacting us about your practice or clinic.
Employment Relationship
If you apply for a job and are not selected, we may keep your data to protect our legitimate interests (Art. 6 para 1 lit. f GDPR), such as defending against legal claims. We use your data to check your suitability and manage the application process. HR reviews your data and shares it with relevant departments.
Legitimate Interests (Art. 6 para 1 lit. f GDPR)
We use your data to protect our legitimate interests or those of others. This includes ensuring IT security, conducting advertising or market research (unless you object), and handling legal claims or disputes.
You have the right to object at any time to the processing of your personal data.
If you object, we will stop processing your personal data unless we can show compelling reasons that override your interests, rights, and freedoms, or if the processing is for legal claims.
For direct marketing, you can object at any time to the use of your personal data. This includes any profiling related to direct marketing. If you object, we will stop using your data for this purpose.
You do not need to follow a specific format to object, and it won’t cost you anything beyond the basic transmission fees. If possible, send your objection to the address or email mentioned above.
We will provide any information or actions you request free of charge, in line with Article 12(5) GDPR.
If you believe we are violating GDPR by processing your data, you have the right to complain to a data protection supervisory authority without affecting any other legal rights.
When you visit our website or contact us via form or email, we do not use fully automated decision-making as per Article 22 GDPR. If we ever do, we will inform you separately as required by law. We do not use automated processes to evaluate personal aspects (profiling).
To use our website, you need to provide personal data needed for technical and IT security reasons. Without this data, the website won’t work for you.
If you contact us through a form or email, you only need to provide the personal data necessary to handle your request. Without this data, we can’t process your request.
We want to let you know about our process for sending cost estimates via email, WhatsApp, Viber, or Telegram, as well as our statistical evaluation procedures and your right to object.
By clicking the “Inquiry” button, you can get information about medical treatments from our partner clinics. To do this, you need to enter your first name, last name, email address, phone number, type of treatment, and treatment date in the form, and agree to the consent declaration. This allows us to process your health-related data.
After you send the consent form or the inquiry form, we will email you appointment options for an initial consultation with our health consultants. During our free consultations or via email, we will answer your questions about treatment methods, doctors, clinic locations, and prices. We will help you choose the right healthcare provider.
We conduct statistical surveys and analyses and log the registration process based on our legitimate interests under Art. 6 para. 1 lit. f GDPR. Our goal is to create a user-friendly website that serves both our business interests and user expectations.
Cancellation/Revocation: You can unsubscribe from our emails at any time by clicking the unsubscribe link at the bottom of each promotional email. If you only signed up for emails without using our referral services and then unsubscribe, your personal data will be deleted.
At your request, we will organize your initial appointment at the clinic of your choice. When you make an appointment, your basic information (address and contact details) and health-related data needed for the consultation, such as desired treatment methods and appointment date, will be sent to the doctor.
14.1 Google Analytics
We use Google Analytics, a web analytics service from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses cookies to collect information about how you use our website. This information is usually sent to a Google server in the USA and stored there. By accepting cookies, you agree to this data processing, even though US authorities might access it (Art. 49 para. 1 lit. a GDPR).
Google uses this data to help us understand how visitors use our website, create reports, and provide other related services. This data helps create anonymous usage profiles.
During your visit, we collect:
Google Analytics stores cookies in your browser for two years since your last visit. These cookies include a randomly generated user ID to recognize you on future visits. The collected data is stored with this user ID, creating anonymous profiles, which are automatically deleted after 14 months. Non-personal data is stored indefinitely. Your IP address is anonymized within the EU or EEA before being sent to Google. Only in rare cases is the full IP address sent to the USA and then shortened there.
You can prevent cookies from being stored by rejecting them in our cookie banner or by setting your browser to block them. You can also stop Google from collecting and processing your data by downloading and installing a browser plugin from this link: http://tools.google.com/dlpage/gaoptout?hl=de.
We use Google Analytics Remarketing to show ads to users who have visited our website or shown interest in our products or services. This helps us show relevant ads and avoid annoying you. You can opt-out of cross-device remarketing/targeting by turning off personalized ads in your Google account: https://www.google.com/settings/ads/onweb/.
For more information on how Google processes data and your options to manage and object, visit Google’s website. https://policies.google.com/technologies/partner-sites.
14.2 Google Ads
We use the Google Ads service of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) hereinafter “Google”.
How We Use Google Ads
We use Google Ads to show ads in Google search results and across the Google advertising network. With Google Ads, we set specific keywords to display our ads when users search for those terms. Our ads also appear on related websites based on these keywords.
Data Processing in the USA
Your data may be processed in the USA when using this service, which comes with privacy risks. By accepting cookies through our cookie banner, you consent to this data processing in the USA (Art. 49 (1) lit. a GDPR).
Why We Use Google Ads
Our goal with Google Ads is to promote our website by showing ads on other websites and in Google search results. We might also display ads from other companies on our website.
Conversion Cookies
If you visit our site through a Google ad, Google places a conversion cookie on your computer. This cookie expires after 30 days and does not identify you personally. It helps us see if you visited certain pages on our site, made a purchase, or took other actions.
Using Conversion Data
Google uses data from these cookies to create statistics about visits to our site. We use these statistics to find out how many users came to us through ads, measure our ads’ success, and improve future ads. We and other Google Ads advertisers do not receive any personal identification information from these cookies.
Managing Cookies
You can block cookies by changing your browser settings, which will also stop Google from setting conversion cookies. You can delete any existing cookies through your browser. To opt out of interest-based ads from Google, visit Google Ads Settings on any browser.
Further information and Google’s applicable privacy policy can be found at https://policies.google.com/technologies/partner-sites.
14.3 Fullstory and Hojar
We use Fullstory and Hojar, a web analytics software on our website. The service provider is the American company Fullstory Inc, 1745 Peachtree St NE, Atlanta, GA, USA.
With your permission under Art. 6 para. 1 lit a GDPR, we analyze your behavior on our website. FullStory and Hojar gather information about how visitors use our site to help us make it better. They track clicks, mouse movements, typing (except sensitive info), scrolling, the browser you use, device type, IP address, pages you visit, and how long you stay on each page.
You can withdraw your consent for data processing at any time with effect for the future by using the following opt-out link: https://www.fullstory.com/optout
https://www.hotjar.com/policies/do-not-track/
14.4 Integration of YouTube videos
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and can be played directly from our website. The legal basis for the use of YouTube is your consent in accordance with Art. 6 (1) p. 1 lit. a) and Art. 49 (1) p. 1 lit. a GDPR.
The videos on our website are set up so that YouTube only receives data about you when you play them. We can’t control the data transfer to Google once you start a video.
When you visit our website, YouTube gets information about the specific page you accessed, your location (GPS data), IP address, and device details, including nearby objects like WiFi access points, radio towers, and Bluetooth devices, as well as sensor data from your device (see YouTube’s privacy policy). This happens whether or not you’re logged into Google or YouTube. If you are logged in, your data might be linked to your account. To prevent this, log out of YouTube before playing a video. YouTube stores this data as user profiles and uses it to provide services, improve them, measure performance, develop new services, and offer personalized content and ads. You have the right to object to these user profiles, and you’ll need to contact YouTube to do this.
Data processing for this service can also occur in the USA, where data collected by cookies on our site is typically sent to a Google server and stored. There are risks with processing your data in the USA. By accepting cookies via our cookie banner, you consent to this data processing in the USA, despite potential access by US authorities (Art. 49 para. 1 lit. a GDPR).
For more details on how YouTube collects and processes data, and to learn about your rights and privacy settings, please check YouTube’s privacy information.
YouTube’s privacy information can be found at https://policies.google.com/privacy and opting out of personalized advertising is possible at https://adssettings.google.com/authenticated.
14.5 Trustpilot
We use the Trustpilot customer rating platform for our website. The service provider is the Danish company Trustpilot A/S, Pilestraede 58,5, 1112 Copenhagen, Denmark. You can find out more about the data processed through the use of Trustpilot in the privacy information on https://legal.trustpilot.com/for-businesses/business-privacy-policy
14.6 Facebook Pixel
Based on your consent (via our cookie banner), we use the so-called “Facebook Pixel” of the social network “Facebook”, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (parent company: Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).
We use the Facebook pixel to help Facebook identify visitors to our website who may be interested in our ads (“Facebook ads”). This allows us to display our ads to people who have shown interest in our website or have specific characteristics (such as interests based on visited websites) that we share with Facebook (“Custom Audiences”). This ensures our ads are relevant and not intrusive. The Facebook pixel also helps us track the effectiveness of our ads by seeing if users visit our site after clicking on a Facebook ad (“conversion”).
The Facebook pixel is a JavaScript code on our website that sets cookies on your device. If you log in to Facebook or visit Facebook while logged in, Facebook will record your visit to our site in your profile. The data collected is anonymous to us, so we cannot identify individual users. However, Facebook stores and processes this data, linking it to user profiles for market research and advertising purposes.
Facebook may transfer this data to the USA and other countries. Please note that data protection standards in these countries may not meet EU requirements, and there may be risks of government access to your data without adequate safeguards. If you do not want Facebook to link your visit to our site with your Facebook account, please log out of Facebook.
We and Facebook share responsibility for data processing under Art 26 GDPR. Facebook is primarily responsible for the data processed through its plugins and ensures compliance with GDPR obligations, including informing you about data use (Art. 12 GDPR), ensuring your rights (Art. 15 GDPR), and reporting data breaches (Arts. 33, 34 GDPR).
You can find Facebook’s privacy notice at https://www.facebook.com/about/privacy/.
You can object to the data collection by the Facebook pixel and use of your data to display Facebook ads.
You can find us on various social networks and platforms, where we share information and communicate with you about our services.
Please note that your data may be processed outside the European Union/European Economic Area, mainly for market research and advertising purposes. User behavior and interests can create profiles that help place relevant ads within and outside these platforms. Cookies may be stored on your device to track your behavior and interests, especially if you are logged into these platforms.
We only link to our company profiles on social networks from our website. When you click on these links, your data is transmitted to the social networks’ servers. If you are logged into your social network account, the information that you visited our profile from our website will be recorded and stored in your user account.
We do not control how social networks process data. However, we do receive statistics about visits and interactions (such as likes and comments) on our profiles. For detailed information about how social networks process data, please refer to their privacy notices linked below.
If we receive your personal data through our social media profiles (e.g., during communication), you have the rights mentioned in this privacy notice. You can contact us with any requests regarding data processing through the contact information provided above.
The processing of your personal data is based on your consent (Art. 6 para 1 lit. a GDPR). It is also based on Art. 6 para 1 lit. b GDPR if we receive and process your data as part of a contract-related inquiry. The legal basis for linking and managing our company profiles on social networks, including receiving usage statistics, is Art. 6 para 1 lit. f GDPR, based on our legitimate interest in corporate communication on these networks.
Policy Update
As laws and our data practices evolve, we may update our Policy or change the scope and purposes of the data we process. Any changes will be posted on our website. For significant changes to our data processing, we will provide you with advance notice or, if required by law, seek your consent before implementing the changes. Thank you for your interest in our privacy practices.
Last update 18.06.2024
