Elite Hair Transplant

Privacy Policy

Last updated: March 2024

1. Data controller

The data controller is ELITE STP AR.L (trading as Elite Hair Transplant), with registered office at Via Nullo D'Amato 42, 73100 Lecce, Italy. To exercise your rights or ask about privacy, write to amministrazione.elite@gmail.com or use the phone number on the site.

2. Purposes and legal basis

Your data are processed for the following purposes:

  • Responding to contact and consultation requests – Legal basis: pre-contractual measures and consent. Data are kept for as long as needed to handle the request and, if no contract is concluded, for no longer than 24 months unless the law requires otherwise.
  • Newsletter and marketing – Legal basis: consent. You can withdraw consent at any time via the link in each email. Data are kept until withdrawal.
  • Analytics and site improvement – Legal basis: consent (non-essential cookies). See the Cookie Policy.
  • Legal obligations – Legal basis: legal obligation. Data are kept for the periods required by law.

3. Categories of data and minimisation

We only collect data needed for the stated purposes (name, surname, email, phone, message and, if provided, photos). We do not request sensitive health data via forms; any health information you send voluntarily is handled with appropriate care and in line with applicable law.

4. Your rights

As a data subject you have the right to:

  • Access your data
  • Rectify inaccurate or incomplete data
  • Erasure (“right to be forgotten”), within legal limits
  • Restrict processing
  • Data portability
  • Object to processing based on legitimate interests or for marketing
  • Withdraw consent at any time
  • Lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it)

To exercise your rights, write to amministrazione.elite@gmail.com. We will reply within the statutory timeframe (usually 30 days). If a DPO is appointed, their contact details will be shown here or in the Cookie Policy.

5. Transfers outside the EU

If we use providers with servers or operations outside the European Union (e.g. USA), we will implement appropriate safeguards (standard contractual clauses, adequacy decisions) to ensure an adequate level of protection. An up-to-date list of recipients and transfers is available on request from the controller.

6. Security

We apply appropriate technical and organisational measures to protect data against unauthorised access, loss or alteration. Communication with the site uses encrypted channels (HTTPS). Data submitted via forms are handled securely by our systems and by providers that store them.