Privacy Policy


Privacy Policy (hereinafter referred to as the Policy) regulates the principles of collection, processing and storage of personal data of Lucid Way OÜ (hereinafter referred to as the Clinic) customers and visitors of the website and sets out the means of processing of their personal data.

This Policy has been made following the provisions of 2016 April 27 Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the Regulation).

By this Policy the customers of the Clinic and website visitors are informed about the processing of their personal data.



Personal data means any information bet related to an identified or identifiable natural person (data subject); a natural person whose identity can be identified is a person whose identity can be directly or indirectly identified in particular by means of an identifier such as first name and surname, personal identification number, place of residence data and internet identifier or by one or several physical, physiological, mental, economic, cultural or social identity features of that natural person.  

Data subject means a natural person – a client of the Clinic and / or a website whose personal data is collected and managed by the Clinic.

Consent of the data subject means any freely given, specific and unambiguous expression of the intention by the properly informed data subject made by a statement or unambiguous action by which he consents with the processing of personal data related to him.

Rights of the data subject are the possibilities of the data subject to participate and control the activities of the controller and / or the processor when processing his/her personal data – to know, to be informed about the processing of his / her personal data in the Clinic; get acquainted with the personal data processed by the Clinic and how they are processed; to require the rectification, destruction of personal data or the suspension of the processing of their personal data, with the exception of storage where the processing of data is not regulated by legal provisions; disagree with the processing of his personal data; require the deletion of his personal data; to obtain the data related to him, which he has provided to the controller; appeal to the supervisory authority. 

Data processing means any operation or sequence of transactions performed by the automated or non-automated means with personal data or personal data sets, such as collection, recording, sorting, systematization, storage, adaptation or alteration, extraction, access, usage, disclosure by forwarding, distribution or other by making them available for use, as well as collating or interconnecting with other data, limiting, deleting or destroying.

Automatic data processing means data processing operations performed wholly or partially by automatic means. They include any information and communication technologies that can be used for processing personal data such as computers, communication networks, and so on.

Data controller means Lucid Way OÜ, legal entity established in accordance with the laws of the Republic of Estonia, legal entity code: 16170721, registered address: Võlvi 6-8, Tallinn 10132, Estonia.

Data manager means the natural or legal person, public authority, agency or other institution which processes personal data on behalf of the controller.  

Data recipient means a natural or legal person, public authority, agency or other institution to which personal data are disclosed, irrespective of whether it is a third party or not. However, public authorities which, under the laws of the European Union or a Member State, may obtain personal data in the course of a particular investigation shall not be considered as recipients of the data. 

A cookie means a small text file which a website saves on a computer or mobile device when it is visited.  

Personal data security violation means a security breach which unintentionally or unlawfully destroys, loses, replaces or in an unauthorized way discloses the transferred, stored or otherwise processed personal data or allows unauthorized access to them. 

Other terms used in this Policy shall be understood as defined in the Regulation and other legislation governing the processing of personal data.  




1. The Clinic observes the following principles when managing your personal data:

1.1. The Clinic processes personal data only for legitimate purposes defined in this Policy and does not further process them in a way incompatible with such principles (purpose limitation principle);

1.2. Personal data are processed accurately, fairly and lawfully, in accordance with legal requirements (legality, fairness and transparency);

1.3. The Clinic processes personal data in such a way that personal data are accurate and kept up to date (principle of accuracy);

1.4. The Clinic shall process personal data only to the extent that it is necessary for the purposes of processing personal data (principle of data reduction);

1.5. Personal data shall be kept in a form which permits identification of data subjects for no longer than it is necessary for the purposes for which the personal data have been collected and processes (principle of limited storage);

1.6. The Clinic, by processing personal data, shall apply appropriate technical and organizational measures to ensure proper security of personal data, including the protection against unauthorized processing or unlawful processing of personal data or against unintentional loss, destruction or damage (principle of integrity and confidentiality) ;

1.7. The Clinic shall be responsible for complying with the principles set out in this Policy and must be able to demonstrate that they are being followed (principle of accountability).




2. The Clinic processes your personal data:

2.1. For the purpose of fulfilling the contractual obligations of the Clinic, and the implementation of legitimate interests, as well as for the proper management and administration of the website, for monitoring its attendance, ensuring its safety, improving its operation, facilitating the search for information and for communication with the Clinic.

3. For the purpose specified in clause 2 of this Policy, the Clinic collects and processes the following data:

3.1. Personal data: name, surname, date of birth or age, sex, height, weight, place of residence, type of work, marital status, health issues for which the client is contacting the Clinic, results of medical tests (e.g. blood test results), image (only with your consent) (upon your submission) ;

3.2. Contact data: electronic mail address, telephone number (upon your submission);

3.3. Login IP addresses, time, network and location data, collected through cookies, with your consent;

3.4. Other data submitted by you to the Clinic.





4. Personal data shall be obtained from you when such data is required by the law, provided you have a contract between you and the Clinic or when you submit such data voluntarily.

5. The Clinic processes your personal data also in cases when you contact it by e-mail, by making a request on the Clinic’s website, asking questions or sending information to the contacts indicated on the Clinic’s website. In such cases, the Clinic processes your data for the purpose of administrating inquiries, ensuring the quality of the provided services and protecting its legitimate interests.  

6. Regardless of the way in which the data are collected, they shall be kept only to the extent and for the time necessary to achieve the set objectives, but no longer than within the deadlines established in legal acts.





7. You have the right as data subject:

7.1. Know / be informed about the processing of your personal data;

7.2. Get to know your personal data and the way they are handled. You have the right to apply to the Clinic for information on what and for what your personal data are being processed;

7.3. Require to correct your personal data. If you find that your personal data in the Clinic are inaccurate or incomplete, you have the right to apply for the rectification or supplementation of such personal data;

7.4. Require to delete your personal data (“right to be bribed”). You have the right to apply to the Clinic for deletion of your personal data on one of the grounds specified in the Regulation;

7.5. Require limitation of the processing of your personal data. You have the right to apply to the Clinic to limit the processing of your personal data in the presence of one of the grounds specified in the Regulation;

7.6. Disapprove of processing your personal data. You have the right to object to the processing of your certain optional personal data. Such disagreement may be expressed by not filling certain sections of the optional document, as well as by later submitting a request for the discontinuation of the processing of your personal data which is not processed voluntarily. At your request, the Clinic will provide you with the information about your optional data processing. Upon your request to terminate the processing of optional personal data, the Clinic shall immediately terminate such processing, unless this is contrary to the requirements of the law, and inform you;

7.7. Transfer data, i.e. you have the right to receive personal data related to you that you have provided to the Client in a structured, commonly used and computer-readable format, and you have the right to transfer such data to another Data Controller, and the Clinic must not obstruct it.





8. The Clinic shall, when storing personal data, implement and ensure appropriate organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure or any other unlawful processing.

9. Your personal data, collected by the Clinic, shall be accessible to the Clinic’s staff, a doctor who performs a particular operation / procedure and / or other appropriate staff of the beauty and aesthetic surgery clinic, but only those who have authorized access to such data and only in cases when this is necessary to achieve the objectives of this Policy.

10. The Clinic shall ensure proper management of the network, the supervision of information systems and the implementation of other technical measures necessary for the protection of your personal data.





11. Your personal data may be disclosed to third parties, providing services to the Clinic, to ensure the operation and maintenance of the information systems used by the Clinic. In such cases, your personal data will be disclosed to third parties only to extent necessary for the proper provision of their services.

12. Your personal data may be disclosed to the doctor and / or other appropriate staff of the Beauty and Aesthetic Surgery Clinic who will perform the specific operation / treatment, subject to a confidentiality agreement.

13. Your personal data may be disclosed to law enforcement authorities in accordance with the law.

14. In all other cases, your personal data may only be disclosed to third parties upon your consent.




15. This Policy is regularly reviewed and updated, and changes are posted on the website:





16. If you have any questions, comments or complaints regarding your personal data collection, used and protected by the Clinic, please contact us by e-mail: