Privacy Policy

1. Data Controller

ZAAR Aesthetic and Health SLP (hereinafter, "ZAAR") processes users' personal data in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), and other applicable regulations.

2. Data We Collect

Depending on how you interact with us, we may collect the following data:

• Identification data: first name, surname, email address, phone number.
• Health data (special category): information relating to your health status, medical history, or aesthetic consultations, exclusively when necessary to manage your appointment or treatment. We process this data on the basis of your explicit consent (Art. 9.2.a GDPR).
• Browsing data: IP address, browser type, pages visited, session duration (via cookies; see Cookies Policy).
• Communications data: content of messages or enquiries you send us.

3. Purposes and Legal Basis for Processing

Managing enquiries and appointments

Purpose: responding to your enquiries, managing prior appointments and medical assessments.
Legal basis: performance of a pre-contractual or contractual obligation (Art. 6.1.b GDPR).

Sending commercial communications

Purpose: informing you about treatments, promotions, and content of interest.
Legal basis: consent of the data subject (Art. 6.1.a GDPR). You may withdraw your consent at any time without affecting the lawfulness of processing carried out beforehand.

Legal obligations

Purpose: compliance with tax, accounting, and healthcare obligations.
Legal basis: compliance with a legal obligation (Art. 6.1.c GDPR).

Website improvement and analytics

Purpose: analysis of user behaviour to improve the browsing experience.
Legal basis: legitimate interest (Art. 6.1.f GDPR) and consent for analytics cookies.

4. Data Retention

Data will be retained for as long as necessary to fulfil the purpose for which it was collected and, in any case, for the periods established by law:

• Client and patient data: minimum 5 years from the last service provided (healthcare obligation).
• Commercial communications data: until consent is withdrawn.
• Billing data: 10 years (tax obligation).

5. Recipients of Data

ZAAR does not sell or transfer your data to third parties. However, we may share it with:

• Service providers (data processors): CRM and marketing platforms (HubSpot, Inc.), hosting and analytics services, always under a data processing agreement and with appropriate safeguards.
• Public authorities: where a legal obligation exists.

HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of protection for international transfers.

6. Your Rights

You may exercise the following rights at any time by sending an email to privacidad@naturalfitbodycontouring.com with a copy of your identity document:

You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that the processing infringes applicable regulations.

7. Security

ZAAR has implemented appropriate technical and organisational measures (SSL/TLS encryption, access controls, backups, etc.) to ensure the security of your data and prevent its loss, alteration, unauthorised access, or improper disclosure.

8. Amendments

ZAAR reserves the right to update this Privacy Policy when necessary. We will notify you of significant changes via the Website or by email if you are a registered client.