Privacy Policy

Effective date: 12 September 2025

Data Controller

Controller: Dr. Agnieszka Bil
Tax ID (NIF/NIE): Z1247891P
Address: Calle Son Gri, 07550 Son Servera, Spain
Email: hello@healthbeyondprotocol.com

What Personal Data We Process

Identification and contact data (name, email, phone/WhatsApp), booking details (date, time, session type), payment-related identifiers processed by third-party providers, technical data (IP, device, cookies), and—if you are a patient—health information necessary to provide medical care.

Purposes and Legal Bases

  • Appointment booking and service delivery (via Calendly): performance of a contract (GDPR Art. 6(1)(b)).
  • Medical care (patient data): provision of healthcare and management of health systems (GDPR Art. 9(2)(h)) under professional secrecy.
  • Administrative, accounting, and billing: legal obligation (Art. 6(1)(c)).
  • Security and fraud prevention: legitimate interest (Art. 6(1)(f)).
  • Communications you request (e.g., via email/WhatsApp): performance of a contract or consent (Art. 6(1)(a)/(b)).
  • Cookies/analytics (non-essential): consent (Art. 6(1)(a)). See Cookies Policy.

Data Sources

Data provided directly by you (forms, email, WhatsApp, Calendly) and data generated automatically when using this website.

Recipients and International Transfers

We use service providers acting as processors, including but not limited to: Calendly (scheduling and payments), website hosting, email/office tools, and analytics. Some providers may be located outside the EEA. When transfers occur, we rely on adequate safeguards (e.g., Standard Contractual Clauses) or adequacy decisions, as applicable.

Retention

  • Clinical information: retained in accordance with applicable Spanish healthcare regulations.
  • Administrative/accounting: retained for statutory limitation periods.
  • General enquiries: typically up to 24 months after last contact, unless a longer legal need applies.

Your Rights

You may exercise access, rectification, erasure, restriction, portability, and objection where applicable, and withdraw consent without affecting prior processing. To exercise rights, contact hello@healthbeyondprotocol.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

Medical Confidentiality

Health data are handled under professional secrecy and applicable healthcare laws. We do not disclose such data except as required by law or with your explicit consent.

Security

We implement appropriate technical and organizational measures to protect your data, considering the state of the art, costs, scope, context, and risks.

Contact

Questions about this policy: hello@healthbeyondprotocol.com.