Privacy Policy

This is a starter template for informational purposes. A lawyer should review the final version.

1. Who is responsible for your data

The primary data controller for patient data entered via this portal is American Hospital for Plastic Surgery (the "Clinic"). The platform and technical support are provided by M Studio Digital (the "Service Provider"), acting as a processor on behalf of the Clinic.

2. What data we process

• Identification and contact details (name, email, phone).
• Appointments and communication (booking, cancellation, reminders, support messages).
• Medical documentation within the portal (reports, analyses, attachments) when entered/provided.
• Technical/security logs (access logs, IP address, device/browser details) for security and audit.

3. Purposes and legal basis

• Managing appointments and providing services.
• Creating and storing medical records as required by the Clinic and applicable laws.
• Sending notifications (web/push/email) according to your settings.
• System security (audit logs, abuse prevention).

4. Sharing

We do not sell personal data. Data may be shared only with authorized Clinic staff, technical sub-processors (hosting/email/push) as needed to operate the service, or authorities where required by law.

5. Retention

Medical record retention is determined by the Clinic under applicable laws. Technical logs are kept for a limited period (e.g., 12–24 months). Deleted items may stay in a temporary recycle bin (e.g., 30 days) for recovery, then permanently deleted.

6. Your rights

You may have rights of access, rectification, deletion/restriction (where applicable), objection, and portability. Please contact the Clinic for requests.

7. Security

We apply technical and organizational measures (role-based access control, audit logs, HTTPS, backups, controlled file downloads).

8. Contact

Clinic: American Hospital for Plastic Surgery (app.surgeontothestars.org)

Service Provider: M Studio Digital (info@mstudiodigital.me)