Privacy Policy of the Institute of Trichology Sp. z o.o.

Date of update: October 15, 2025

Data Controller: Institute of Trichology Sp. z o.o., ul. Kolejowa 45A, 01-210 Warsaw

Contact: info@trychologia.edu.pl

1. General Information

This Privacy Policy defines the rules for processing personal data of Users using the website: www.instytuttrychologii.pl (hereinafter: the “Website”).

The Data Controller is Institute of Trichology Sp. z o.o. with its registered office in Warsaw, ul. Kolejowa 45A, 01-210 Warsaw, entered into the National Court Register KRS 0000847364, NIP 5272930276, REGON 386386115.

Contact with the Controller is possible by email at info@trychologia.edu.pl or by post to the registered office address.

2. Scope and purposes of data processing

The Controller processes personal data for the following purposes:

1. Contact with the client – data provided via the contact form or email (first name, last name, email address, phone number) are used solely to respond to the inquiry. Legal basis: Article 6(1)(f) of the GDPR – legitimate interest of the Controller.

2. Appointment registration and provision of trichological services – data (first name, last name, phone number, email, information about the condition of the scalp or hair) are processed to the extent necessary to provide trichological and cosmetology services. Legal basis: Article 6(1)(b) of the GDPR; Article 9(2)(a) of the GDPR – explicit consent.

3. Fulfilment of legal obligations – data processed for issuing invoices, settlements, and archiving in accordance with the applicable law. Legal basis: Article 6(1)(c) of the GDPR.

4. Newsletter and marketing activities – upon separate consent, data (name, email) are used to send information about news, promotions, and events. Legal basis: Article 6(1)(a) of the GDPR.

5. Security and website traffic analysis – technical data (IP address, device identifier, cookies) are processed to ensure security, improve functionality, and analyse traffic on the Website. Legal basis: Article 6(1)(f) of the GDPR.

3. Categories of processed data

- Identification data (first name, last name)

- Contact data (email address, phone number)

- Service-related data (visit history, preferences)

- Data concerning scalp and hair condition

– only to the extent voluntarily provided by the client and necessary for the provision of the service.

4. Data recipients

Data may be shared only with trusted entities processing data under data processing agreements, including:

- atthost – hosting service provider (Poland)

- Booksy International Sp. z o.o. – appointment booking system

- GetResponse – newsletter management

- Accounting office servicing the Institute

- Google Ireland Ltd., Meta Platforms Ireland Ltd.

– analytics and advertising, with the use of pseudonymisation and data minimisation.

Data are not shared with other recipients without a legal basis.

5. Transfer of data outside the EEA

Data may be transferred to countries outside the EEA (e.g. the USA) only if the recipient is covered by a European Commission adequacy decision (e.g. EU–US Data Privacy Framework) or if standard contractual clauses (SCC) have been concluded.

The Controller applies additional security measures – pseudonymisation, data minimisation, and encrypted transmission.

6. Data retention period

Contact data – up to 12 months from the end of contact

Service data – 5 years from the end of service provision

Scalp/hair condition data – up to 2 years from the last visit or until consent is withdrawn

Accounting data – 5 years from the end of the financial year

Newsletter data – until consent is withdrawn

After these periods, the data are permanently deleted or anonymised.

7. Rights of data subjects

Every individual has the right to access their data, rectify, erase, restrict processing, transfer data, object to processing, and withdraw consent at any time (email: info@trychologia.edu.pl). Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

Complaints may be submitted to the President of the Personal Data Protection Office (uodo.gov.pl).

8. Cookies and profiling

The Website uses cookies for:

- proper functioning of the site,

- traffic analysis (Google Analytics),

- content and advertising personalisation (Meta Pixel).

The user can manage cookies in their browser.

Data from cookies may be used for marketing profiling but are not the basis for decisions producing legal effects.

9. Data of minors

The services of the Institute of Trichology are intended for adults. In the case of providing services to persons under 18 years of age, the consent of a parent or legal guardian is required.

10. Data security

The Controller applies technical and organisational measures appropriate to the level of risk: encrypted transmission (SSL/TLS), encryption of backups, access control, staff training, and IT system security testing.

11. Legal status of the Institute

The Institute of Trichology Sp. z o.o. provides services in the field of trichology and cosmetology.

It is not a medical entity within the meaning of the Act on Medical Activity but processes health-related data only to the extent necessary for the provision of services – with the client’s consent.

12. Changes to the Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy. The current version is available on the website www.instytuttrychologii.pl/polityka-prywatnosci. Users will be informed of significant changes via email or a notice on the website.

Sitemap
About usPrice listGalleryE-bookContact
Terms and Conditions
Privacy Policy
Company Details
Instytut Trychologii
Kolejowa 45A, Warsaw, Poland
Contact Details

+48 690 640 460

recepcja@trychologia.edu.pl

Instytut Trychologii®
Specialists whose primary goal is to help trichology clients