Personal Data Processing Consent

1/ You hereby grant your consent to Estheticon, s.r.o., Business ID No.: 25044567, with its registered office at: Dr. Milady Horákové 513/23a, Liberec IV-Perštýn, 46, (the “Controller”), to process the following personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”):

  • Email
  • IP address
  • any other personal data you voluntarily provide in the text of your review, including photographs you attach

2/ Consent must be given in a clear positive act that reflects a specific, informed and unambiguous declaration of the party’s will to accept the processing of their personal data, e.g. a written declaration, including by electronic means, or an oral statement. This could entail ticking a box on a website, choosing technical parameters for using information society services, or any other statement or action clearly showing that the party consents to the proposed handling of their personal data. Therefore silence, pre-checked boxes or inaction should not be considered consent. Consent must be granted for all processing activities performed with the same purpose(s). If the processing has several purposes, consent must be granted for all of them. If the party’s consent is granted as a result of an electronic request, the request must be clear, brief and not overly disruptive to the use of the service for which it was provided.

3/ Posting reviews requires user registration. Before publishing a review, you will need to confirm your email address (double opt-in) by clicking on the link on the email you receive after sending in the form. After email confirmation, you will have the option of adding other personal data to your user profile other than that mentioned in point 1. If you choose to add personal data, you also grant your consent that the Controller can process it according to the GDPR:

  • Profile picture (avatar)
  • Nickname
  • Full name
  • Phone number
  • Country
  • Region

4/ The Controller processes this personal data in the following manner:

  • Your nickname, content of your review including photograph(s) and profile picture will be posted after moderator approval on in the patient review section and on the profile of the doctor clinic and distributor you are reviewing or used for retargeting addressing visitors to www pages.; and also on the “patient reviews” widget on the doctor’s website, if they use the widget. A screen showing the review and profile picture may be posted on the doctor’s Facebook, Instagram or Twitter page if the doctor is using the share on social media feature. In addition, the physician uses the social media sharing service, and the experience, including the attached photos and profile picture, can be shared on the Estheticon's Facebook, Instagram, and Twitter accounts. In those cases, the doctor or portal Estheticon is also the controller of the above-mentioned personal data, and the processing takes place based on your consent. In the case of sharing on social media, the social media operator may also be considered the controller of your personal data, with reference to the operator’s contractual conditions. Furthermore, your experiences and photos attached can be used as illustrative images in educative articles at
  • We will email any replies to your review to you. In case of a negative review associated with a specific doctor, we will provide this email to the affected doctor so they can communicate with you before the review is published. If you indicated that you would like to receive news about the procedure your review is about, we will also send you news on that procedure. Your email address will not be published anywhere. Your email also serves as your username for signing in.
  • We log your IP address in order to identify and prevent spam by blocking the relevant IP addresses. Based on your IP address, we pre-fill the country and region for your user registration. Your IP address is not published anywhere.
  • The voluntary data full name and phone number are used only in case of a query to a doctor/clinic in the form of a pre-filled query form.
  • We use the country and region to target users with relevant content.

5/ The Controller will process the personal data for a period of 10 years after publishing, unless you extend this period. If your published posts are deleted, all your other personal data will be processed for one year after your last sign-in and then deleted.

6/ Besides the above-stated personal data associated with user registration for publishing forum posts, the Controller’s website also processes cookies. Manage cookies consent settings here.

7/ You expressly agree to the processing mentioned above. Providing your personal data is voluntary.

8/ Processing personal data regarding health or medical conditions is considered a “special category” of personal data processing. This processing is entirely voluntary and you allow the Controller to perform it by uploading information and materials regarding your health or medical conditions to the above-mentioned website. However, processing this personal data requires your express CONSENT, which you grant by accepting these conditions and uploading said materials. This processing is permitted under Article 9(2)(a) of the GDPR.

9/ Your consent can be withdrawn at any time:

  • Individual posts can be deleted directly from the list of posts on your user profile.
  • Your entire profile, including all published and non-published personal data, can be deleted on your user profile.
  • You can also withdraw your consent by sending an email to
  • Withdrawing your consent will result in deleting your user interface and all communication, including your posts, provided that the Controller’s interests in maintaining copies of said communication do not outweigh your right to personal data protection.

10/ The personal data is processed by the Controller, but the following processors may also process personal data for the Controller:

1. Software/IT providers

Amazon Web Services (webhosting)

2. Any other providers of processing software, services and applications the Controller is not currently using.

11/ The Controller has appointed a data controller. The data controller’s contact information is:

Jan Faltýsek
Vlašimská 4
101 00 Praha

12/ Personal data protection - all personal data is processed and stored in a database that meets the technical data protection required under relevant law. In order to protect the rights of individuals, the service provider can disclose non-public personal data to state authorities in compliance with valid legal regulations. In case of a judicial dispute or other proceedings before public authorities, the service provider is authorized to disclose all information provided to it, including personal data.

13/ Personal data will not be sent outside EU member states, except if shared on Twitter and/or Facebook. In such a case, the personal data may be transferred to the USA. The operators of these social media sites are active members of the Privacy Shield program, and so this data transfer is in compliance with the Regulation and European Commission decision of 12 July 2016.

  • For more on processing personal data on Twitter, please see here
  • For more on processing personal data on Facebook, please see here

14/ Please be aware that under the GDPR you have the right:

  • to withdraw your consent at any time,
  • to ask us about what personal data of yours we are processing,
  • to receive a copy of the personal data being processed,
  • to require us to grant you access to the personal data and to update, correct and or restrict the processing of the personal data,
  • to require us to delete the personal data,
  • to data transferability,
  • in case of doubt over the legal personal data processing, to file a complaint with the Personal Data Protection Office. 

Updated: 2019-07-23