Mirza Aesthetics respects individuals’ rights of privacy. The corporation recognizes the necessity of open and frank communication and the collection of personal and sensitive personal data in order to administer to the needs of Mirza Aesthetics and its activity, and the corresponding necessity to maintain confidentiality and ensure that information is adequately protected. Confidentiality is highly valued.
Various countries have enacted data protection laws to ensure individuals’ rights of privacy. Mirza Aesthetics has a longstanding history of respecting privacy rights and maintaining confidentiality, even before the enactment of such data protection laws. Mirza Aesthetics will continue to protect information disclosed to it in harmony with its longstanding practice, now recorded in this policy.
Scope of Application
This policy applies to the entire corporation of Mirza Aesthetics, as represented by local offices located along the eastern seaboard of the United States.
Mirza Aesthetics handles all personal data in accordance with the following principles:
- Personal data will be processed in a fair and lawful manner.
- Personal data will be collected, processed, and used only to the extent necessary to fulfill Mirza Aesthetics’ business purposes.
- Personal data will be accurate and kept up to date. Any error will be corrected as soon as possible after the corporation becomes aware of it.
- Personal data will be kept only for as long as is necessary for the legitimate purpose(s) of the organization.
- Due consideration will be given to respect the rights of data subjects.
Appropriate technical and organizational measures will be taken to prevent unauthorized or unlawful disclosure of personal data. All computer-held personal data is held on password protected computers to which only authorized users hold passwords. Offices are locked after office hours and only authorized staff may gain entry.
Personal data will not be transferred between offices unless necessary to accomplish the business of Mirza Aesthetics, to which all patients have consented by virtue of their signed consent form.
Rights of the Data Subject
A data subject’s right to the protection of personal and sensitive personal data and to the correction or deletion of personal and sensitive personal data is to be granted according to the practice of Mirza Aesthetics set forth in this policy.
Whoever makes a request according to this section must provide sufficient evidence of his identity.
If a data subject requests access to, correction of, or deletion of personal data or sensitive personal data about himself, the corporation will fairly consider granting the request by balancing the interests of the individual in gaining access or correcting or deleting data against the legitimate interests of the company, including whether granting the request would endanger the corporation’s rights, according to the United States Constitution.
Right of Appeal
If a person believes that his rights have been infringed, he can appeal to the corporation by means of a written personal letter. The letter must be sent within two weeks of the action that forms the basis of the appeal to firstname.lastname@example.org.