Privacy Policy

The data controller is Unident Clinic, with its principal place of business at Bulevardi Gjergj Fishta 146, Tirana, Albania.

For any questions regarding this Policy or the exercise of your rights, you may contact us at the address above, by telephone using the contact details published on the website, or through the contact form and communication channels we make available. We will respond without undue delay in accordance with applicable law.

This Policy applies to personal data we process when you browse our website, use our online booking or inquiry tools, communicate with us (including e-mail, telephone, and messaging tools), and when you use services that reference this Policy.

It does not cover third-party websites, applications, or services that we do not control, even if they are linked from our website. We encourage you to read their privacy notices before providing personal data.

Depending on how you interact with us, we may process the following categories of data:

• Identity and contact data: for example, name, telephone number, and e-mail address. • Communication content: information you provide in messages, forms, or appointments. • Technical and usage data: for example, IP address, browser type, device type, date and time of access, pages visited, and similar information collected through cookies or similar technologies, as further described in our Cookie Policy. • Health-related data: only where you voluntarily provide it in the context of an inquiry or pre-assessment, and only to the extent necessary to respond to your request or to prepare for care, in accordance with professional and legal obligations. • Other information you choose to provide, such as documents you upload when our processes explicitly allow it.

We do not require you to provide health data through the website except where it is necessary for a clear purpose (for example, preparing a consultation) and you choose to provide it voluntarily.

We process personal data for the following purposes, based on the legal grounds indicated:

• Responding to inquiries, managing appointment requests, and pre-consultation communication: performance of a contract or pre-contractual steps, and, where applicable, your consent. • Operating, securing, and improving our website: legitimate interests in providing a secure and functional online presence, and, where required, your consent for non-essential cookies and similar tools. • Compliance with legal, regulatory, and professional obligations: legal obligation, including medical record-keeping where applicable. • Defending or asserting legal claims: legitimate interests or legal obligation, as the case may be. • With your express consent, sending informational or marketing communications about our services, where you have opted in. You may withdraw consent at any time.

Where we rely on consent, refusing or withdrawing consent will not affect processing that is required for the performance of a contract or compliance with a legal obligation.

We may share personal data with:

• Internally authorized personnel who need the information to perform their duties (for example, administrative and clinical staff, within the limits of their role). • IT, hosting, and security providers that process data on our instructions and under written agreements that require appropriate technical and organizational measures. • Professional advisers, insurers, or authorities when required by law or necessary to protect rights and safety.

We do not sell your personal data. Any transfer to countries outside the European Economic Area, if it occurs, will be subject to appropriate safeguards (such as standard contractual clauses) where required by law.

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, including legal, accounting, and professional record-keeping requirements. Retention periods may differ depending on the type of data and the nature of the relationship. When data is no longer required, it will be deleted or anonymized in a secure manner, subject to any longer retention required by law.

Subject to applicable law, you may have the right to: request access to your personal data; request rectification of inaccurate data; request erasure in certain circumstances; request restriction of processing; object to processing that is based on legitimate interests, where the law so provides; request data portability, where the conditions are met; and withdraw consent where processing is based on consent.

You may also have the right to lodge a complaint with a supervisory authority. In Albania, the Authority for the Protection of Personal Data is the competent public authority. You can exercise your rights by contacting us at the contact details in Section 1. We may need to verify your identity before processing your request.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission over the Internet is completely secure; we therefore encourage you to use secure channels and not to share sensitive information through unencrypted or untrusted means.

Our website and general inquiry tools are not directed at individuals who are not capable of providing valid consent under applicable law, without the involvement of a parent or legal guardian. If you become aware that we have processed such data inappropriately, please contact us so that we can take appropriate steps.

We may update this Policy from time to time to reflect legal, technical, or operational changes. The “Last updated” date at the top of this page will be revised, and, where the changes are material, we may provide a more prominent notice on our website. Continued use of our services after the update constitutes acceptance of the updated Policy, where such acceptance is required by law.