Privacy Policy

Information on the processing of personal data

Pursuant to Regulation (EU) 2016/679 (GDPR), Gaia Clinic SHPK, based in Tirana (Albania), as Data Controller , informs data subjects on how their personal data is processed.

1. Categories of data collected

We process the following data: contact details (name, surname, email, telephone number), clinical data (X-rays, CT scans, medical history, treatment plans), and browsing data (analytical cookies, see Cookie Policy ).

2. Purpose of the processing

The data is processed to: (a) manage the consultation and treatment plan; (b) fulfill legal obligations in healthcare matters; (c) send post-treatment follow-up communications; (d) respond to contact requests.

3. Retention period

Clinical data are retained for 10 years in accordance with Italian legislation applicable to cross-border patients (Legislative Decree 502/1992 and subsequent amendments). Non-clinical contact data are retained for the time necessary for the purpose and in any case no longer than 24 months from the last contact.

4. Rights of the interested party

You have the right to access, rectify, delete, limit, object, and portability of your data. To exercise these rights, please write to info@gaiaclinic.al .

5. Data Protection Officer (DPO)

You can contact our DPO at: [TODO: DPO contact details] .

6. Complaint to the Supervisory Authority

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante Privacy, www.garanteprivacy.it ) or with the authority in your country of residence.

Last updated: [TODO: last legal revision date]