Privacy Policy

Last updated: 28 April 2026

MK Longevity Institute (the “Clinic”, “we”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and safeguard information when you visit our website, contact us, or receive medical services from us. We act as the data controller within the meaning of the EU General Data Protection Regulation (GDPR) and applicable national legislation.

Contents

Who we are
Data we collect
How we use your data
Legal basis
Sharing & processors
International transfers
Retention
Your rights
Security
Children
Changes to this policy
Contact & DPO

1. Who we are

The data controller is [Legal entity name], a company registered at [registered address], company number [reg. no.]. You can reach our Data Protection Officer at dpo@mklongevity.example.

2. Data we collect

We process the following categories of personal data:

Information you provide

Contact details: name, email, phone, postal address.
Booking information: requested service, date, time, special requirements.
Health and clinical data (special category data under Article 9 GDPR): medical history, diagnostic results, treatment plans, prescriptions, imaging, genetic and biomarker data, lifestyle information, consent forms.
Identity and billing data: identification documents, insurance details, payment information processed by our payment provider.
Communications: messages, call recordings (where lawful and disclosed), correspondence with our team.

Information collected automatically

Device and connection data (IP, browser, operating system).
Usage data (pages viewed, referral source, interactions) collected via cookies and similar technologies. See our Cookie Policy.

Information from third parties

Referrals from other healthcare providers.
Laboratory and imaging partners delivering test results.
Insurers, where applicable to your treatment.

3. How we use your data

To respond to enquiries and arrange consultations.
To deliver medical care, including diagnosis, treatment, follow-up and referrals.
To maintain medical records as required by law.
To process payments, issue invoices and prevent fraud.
To send appointment reminders and clinically necessary communications.
To improve our services, train our staff and ensure quality of care.
To comply with legal, regulatory and reporting obligations.
With your consent, to send newsletters or marketing communications. You may withdraw consent at any time.

4. Legal basis for processing

Consent (Art. 6(1)(a), 9(2)(a) GDPR) for marketing communications and certain elective treatments.
Performance of a contract (Art. 6(1)(b)) when you book or receive services.
Legal obligation (Art. 6(1)(c)) for medical record-keeping, tax and reporting duties.
Vital interests (Art. 6(1)(d)) in medical emergencies.
Legitimate interests (Art. 6(1)(f)) for service improvement, security and fraud prevention.
Health-care provision (Art. 9(2)(h)) for the lawful processing of health data by qualified medical professionals subject to professional secrecy.

We do not sell personal data. We share it only with vetted parties under written contracts:

Medical specialists, laboratories and imaging providers involved in your care.
IT and cloud infrastructure providers (hosting, secure storage, communications).
Payment processors and accounting providers.
Legal, tax and compliance advisors.
Authorities, courts or regulators where required by law.

6. International transfers

Where data is transferred outside the European Economic Area, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) and apply additional safeguards as required by the GDPR. A list of current cross-border transfers is available upon request.

7. Retention

We keep medical records for the minimum periods required by applicable healthcare legislation (typically 20 years after the last visit, or longer for specific record types). Non-clinical data (marketing consent, web analytics) is retained for shorter periods, no longer than necessary for the purpose for which it was collected.

8. Your rights

Subject to applicable law, you have the right to:

Access your personal data and receive a copy.
Rectify inaccurate or incomplete data.
Erase your data (“right to be forgotten”), subject to medical record retention obligations.
Restrict or object to processing in certain circumstances.
Data portability for data you provided based on consent or contract.
Withdraw consent at any time, without affecting the lawfulness of prior processing.
Lodge a complaint with the supervisory authority of your country of residence.

To exercise your rights, write to dpo@mklongevity.example. We will respond within one month.

9. Security

We apply technical and organisational measures appropriate to the sensitivity of the data, including encryption in transit and at rest, role-based access controls, regular backups, audit logging, staff training and confidentiality obligations binding all personnel and processors.

10. Children

We provide services to minors only with the consent of a parent or legal guardian, and we process their data accordingly. We do not direct online marketing to children.

11. Changes to this policy

We may update this Privacy Policy to reflect changes in our services or legal requirements. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated through the website or, where appropriate, by direct notice.

12. Contact

Questions or requests about this policy or your personal data:
MK Longevity Institute
[Registered address]
Email: dpo@mklongevity.example
Phone: [Phone number]