Legal

Privacy policy

At Atelier de Estética Dental we look after your personal data with the same care we take of your smile. Below we explain how we process it, for what purpose and which rights you are entitled to under the GDPR and the LOPDGDD.

Data controller

The controller responsible for processing your personal data is:

• Holder: Atelier de Estética Dental.
• NIF/CIF: (to be completed).
• Address: Calle de Hermosilla 88, 1.º Centro, 28001 Madrid.
• Email: atelierdeesteticadental@gmail.com
• Telephone: +34 618 42 00 96

Data we collect

We process the data you provide voluntarily through the website forms, by telephone, by email or in person at the clinic. Depending on the service, this data may include:

• Identification and contact details: first name, surname, telephone and email.
• Data relating to the appointment request or to the information you share with us.
• Oral health data strictly necessary for the provision of the care service (special category of data).
• Browsing data collected through cookies and similar technologies (see the cookie policy).

Please do not provide us with third-party data without their prior consent.

Purpose of the processing

We process your personal data for the following purposes:

• To attend to your requests for information, enquiries and appointment requests.
• To manage the care relationship and the provision of dental treatments.
• To carry out the administrative, accounting and tax management arising from the services provided.
• To send you communications related to your appointment or your treatment.
• To send you informational or commercial communications, only if you have given your express consent to do so.

Lawfulness / legal basis

The legal basis that legitimises the processing of your data depends on the purpose:

• Consent of the data subject (art. 6.1.a GDPR) to respond to your requests and, where applicable, to send commercial communications.
• Performance of a contract or of pre-contractual measures (art. 6.1.b GDPR) for the provision of the requested services.
• Compliance with legal obligations (art. 6.1.c GDPR), for example in health, accounting and tax matters.
• Purposes of preventive medicine and healthcare (art. 9.2.h GDPR) for the processing of health data.
• Legitimate interest (art. 6.1.f GDPR) to ensure the security and proper functioning of the website.

Data retention

We will keep your personal data for as long as necessary to fulfil the purpose for which it was collected and, thereafter, for the periods legally required. In particular, the medical record data will be kept in accordance with the applicable health regulations. Once these periods have elapsed, the data will be securely erased or duly blocked.

Recipients and disclosures

As a general rule, your data will not be disclosed to third parties, except where required by law. Your data may be accessed by service providers acting as data processors (for example, web hosting, accountancy services or dental laboratory services), with whom the corresponding data processing agreements have been signed. No international data transfers are carried out outside the European Economic Area, unless otherwise indicated and with the appropriate safeguards.

Rights of users

As a data subject, you may exercise the following rights at any time:

• Access: to find out which of your personal data we are processing.
• Rectification: to request the correction of inaccurate or incomplete data.
• Erasure: to request the deletion of your data when it is no longer necessary.
• Objection: to object to the processing of your data on grounds relating to your particular situation.
• Restriction: to request the restriction of processing in certain cases.
• Portability: to receive your data in a structured, commonly used format, or to have it transmitted to another controller.

Likewise, where the processing is based on your consent, you have the right to withdraw it at any time, without this affecting the lawfulness of the processing carried out prior to its withdrawal.

How to exercise your rights

You may exercise your rights by writing to the data controller, indicating the right you wish to exercise and attaching a copy of your identity document:

• By email to atelierdeesteticadental@gmail.com
• By post to Calle de Hermosilla 88, 1.º Centro, 28001 Madrid.

We will deal with your request within the timeframes set out in the regulations in force.

Complaint to the AEPD

If you believe that the processing of your data does not comply with the regulations, or if you feel that your rights have not been properly addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), with its registered office at C/ Jorge Juan, 6, 28001 Madrid, through its electronic office at www.aepd.es.

Security measures

We apply the appropriate technical and organisational measures to ensure a level of security suited to the risk, in order to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. These measures are reviewed and updated periodically in accordance with the regulations in force and the state of the art.

Last updated: 25 June 2026.