PRIVACY POLICY
PRIVACY POLICY
Your Privacy, Explained
Your Privacy, Explained
We collect only what we need, we tell you exactly what we do with it, and we never share it without your knowledge.
We collect only what we need, we tell you exactly what we do with it, and we never share it without your knowledge.
FOLiQA is built on the principle that patients deserve honest, independent advice. That principle extends to how we handle your data. This policy explains everything.
Who We Are
FOLiQA is an independent hair transplant advisory service operated by FOLiQA Health ehf., a company registered in Iceland (reg.no.: 660707-1150). Our registered address is Hrísholt 5, 210 Garðabær, Iceland. We can be reached at privacy@foliqahealth.com.
FOLiQA is the data controller for all personal data collected through this website and our advisory services.
Our supervisory authority is the Icelandic Data Protection Authority (Persónuvernd), Laugavegi 166, 105 Reykjavík. www.personuvernd.is
What Data We Collect and Why
We collect the following categories of personal data.
Identity and contact data
Your name, email address, WhatsApp number, country of residence, and age. We collect this to deliver your assessment report and communicate with you throughout our advisory relationship.
Health data
Information about your hair loss, including your estimated Norwood stage, treatment history (including any medications such as finasteride or minoxidil), and any relevant medical background you choose to share. We also collect procedure data if you proceed with a hair transplant, including clinic attended, procedure type, graft count promised and delivered, surgeon involvement, and your satisfaction and outcome scores over a 12-month follow-up period.
Important: Health data is a special category of personal data under GDPR. We process it only with your explicit consent, given at the time you submit your intake form.
Payment data
Confirmation of payment for our assessment service. We do not store card details — payment is processed by Revolut Business.
Usage data
Standard website analytics (pages visited, time on site). This is collected in anonymised or aggregated form only.
Legal Basis for Processing
We process your data on the following legal bases:
— Explicit consent (Article 9(2)(a) GDPR) for health data
— Contract performance (Article 6(1)(b) GDPR) for identity, contact, and payment data necessary to deliver your assessment
— Legitimate interests (Article 6(1)(f) GDPR) for anonymised outcomes data used to improve our clinic scoring methodology, where you have separately consented to this use
How We Use Your Data
We use your data to:
— Prepare and deliver your personalised FOLiQA assessment report
— Communicate with you during and after the assessment process
— Send aftercare follow-up emails if you proceed with a procedure (with your consent)
— Improve our clinic evaluation methodology using anonymised, aggregated outcomes data (only where you have explicitly consented to this use)
We do not use your data for automated decision-making or profiling.
Who We Share Your Data With
Clinics
If you are referred to a clinic following your assessment, we will share relevant assessment data with that clinic only with your explicit consent and only to the extent necessary to facilitate your enquiry. We will always tell you which clinic we are referring you to before any data is shared.
Referral fees
FOLiQA receives referral fees from some clinics when a client proceeds with a procedure. These fees are always disclosed by name and amount. The existence of a referral relationship does not affect our assessment — our methodology is applied independently. Full details are published on our Transparency page.
Service providers
We use the following third-party processors to operate our service:
— Airtable (database/CRM) — US-based, operating under Standard Contractual Clauses
— Revolut Business — for payment processing
— Tally — for collecting your assessment information
Each of these providers is bound by a Data Processing Agreement and processes your data only on our instructions.
We do not sell your data. We do not share your data with advertisers. We do not share your data with any party not listed above without your explicit consent.
International Data Transfers
FOLiQA Health ehf. is based in Iceland, which is part of the EEA and subject to GDPR. Some of our service providers (including Airtable) are based outside the EEA. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
How Long We Keep Your Data
We retain your personal data for as long as necessary to deliver our services and fulfil our legal obligations:
— Assessment data: retained for the duration of your advisory relationship plus 24 months
— Aftercare follow-up data: retained for 12 months post-procedure plus 24 months
— Anonymised outcomes data: retained indefinitely, where you have consented to this use
— Payment records: retained for 7 years in accordance with Icelandic accounting law
When retention periods expire, data is securely deleted or irreversibly anonymised.
Your Rights
— Access: request a copy of the personal data we hold about you
— Rectification: ask us to correct inaccurate data
— Erasure: ask us to delete your data, subject to legal retention requirements
— Restriction: ask us to limit how we use your data
— Portability: receive your data in a portable format
— Objection: object to processing based on legitimate interests
— Withdraw consent: withdraw consent for health data processing at any time, without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, contact us at privacy@foliqahealth.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with Persónuvernd at www.personuvernd.is.
Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Access to patient records is restricted to FOLiQA team members who require it to deliver our services.
In the event of a data breach affecting your personal data, we will notify Persónuvernd within 72 hours and inform affected individuals without undue delay where the breach is likely to result in a risk to your rights and freedoms.
Cookies
Our website uses essential cookies required for basic functionality. We do not use tracking or advertising cookies. If analytics cookies are added in the future, this section will be updated and a cookie consent mechanism implemented.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated to active clients by email. The current version is always available at foliqahealth.com/privacy-policy.
Contact
For any privacy-related questions, contact us at privacy@foliqahealth.com.
FOLiQA Health ehf., Hrísholt 5, 210 Garðabær, Iceland — foliqahealth.com
FOLiQA — Independent Hair Transplant Advisory — FOLiQA Health ehf. — May 2026
FOLiQA is built on the principle that patients deserve honest, independent advice. That principle extends to how we handle your data. This policy explains everything.
Who We Are
FOLiQA is an independent hair transplant advisory service operated by FOLiQA Health ehf., a company registered in Iceland (reg.no.: 660707-1150). Our registered address is Hrísholt 5, 210 Garðabær, Iceland. We can be reached at privacy@foliqahealth.com.
FOLiQA is the data controller for all personal data collected through this website and our advisory services.
Our supervisory authority is the Icelandic Data Protection Authority (Persónuvernd), Laugavegi 166, 105 Reykjavík. www.personuvernd.is
What Data We Collect and Why
We collect the following categories of personal data.
Identity and contact data
Your name, email address, WhatsApp number, country of residence, and age. We collect this to deliver your assessment report and communicate with you throughout our advisory relationship.
Health data
Information about your hair loss, including your estimated Norwood stage, treatment history (including any medications such as finasteride or minoxidil), and any relevant medical background you choose to share. We also collect procedure data if you proceed with a hair transplant, including clinic attended, procedure type, graft count promised and delivered, surgeon involvement, and your satisfaction and outcome scores over a 12-month follow-up period.
Important: Health data is a special category of personal data under GDPR. We process it only with your explicit consent, given at the time you submit your intake form.
Payment data
Confirmation of payment for our assessment service. We do not store card details — payment is processed by Revolut Business.
Usage data
Standard website analytics (pages visited, time on site). This is collected in anonymised or aggregated form only.
Legal Basis for Processing
We process your data on the following legal bases:
— Explicit consent (Article 9(2)(a) GDPR) for health data
— Contract performance (Article 6(1)(b) GDPR) for identity, contact, and payment data necessary to deliver your assessment
— Legitimate interests (Article 6(1)(f) GDPR) for anonymised outcomes data used to improve our clinic scoring methodology, where you have separately consented to this use
How We Use Your Data
We use your data to:
— Prepare and deliver your personalised FOLiQA assessment report
— Communicate with you during and after the assessment process
— Send aftercare follow-up emails if you proceed with a procedure (with your consent)
— Improve our clinic evaluation methodology using anonymised, aggregated outcomes data (only where you have explicitly consented to this use)
We do not use your data for automated decision-making or profiling.
Who We Share Your Data With
Clinics
If you are referred to a clinic following your assessment, we will share relevant assessment data with that clinic only with your explicit consent and only to the extent necessary to facilitate your enquiry. We will always tell you which clinic we are referring you to before any data is shared.
Referral fees
FOLiQA receives referral fees from some clinics when a client proceeds with a procedure. These fees are always disclosed by name and amount. The existence of a referral relationship does not affect our assessment — our methodology is applied independently. Full details are published on our Transparency page.
Service providers
We use the following third-party processors to operate our service:
— Airtable (database/CRM) — US-based, operating under Standard Contractual Clauses
— Revolut Business — for payment processing
— Tally — for collecting your assessment information
Each of these providers is bound by a Data Processing Agreement and processes your data only on our instructions.
We do not sell your data. We do not share your data with advertisers. We do not share your data with any party not listed above without your explicit consent.
International Data Transfers
FOLiQA Health ehf. is based in Iceland, which is part of the EEA and subject to GDPR. Some of our service providers (including Airtable) are based outside the EEA. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
How Long We Keep Your Data
We retain your personal data for as long as necessary to deliver our services and fulfil our legal obligations:
— Assessment data: retained for the duration of your advisory relationship plus 24 months
— Aftercare follow-up data: retained for 12 months post-procedure plus 24 months
— Anonymised outcomes data: retained indefinitely, where you have consented to this use
— Payment records: retained for 7 years in accordance with Icelandic accounting law
When retention periods expire, data is securely deleted or irreversibly anonymised.
Your Rights
— Access: request a copy of the personal data we hold about you
— Rectification: ask us to correct inaccurate data
— Erasure: ask us to delete your data, subject to legal retention requirements
— Restriction: ask us to limit how we use your data
— Portability: receive your data in a portable format
— Objection: object to processing based on legitimate interests
— Withdraw consent: withdraw consent for health data processing at any time, without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, contact us at privacy@foliqahealth.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with Persónuvernd at www.personuvernd.is.
Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Access to patient records is restricted to FOLiQA team members who require it to deliver our services.
In the event of a data breach affecting your personal data, we will notify Persónuvernd within 72 hours and inform affected individuals without undue delay where the breach is likely to result in a risk to your rights and freedoms.
Cookies
Our website uses essential cookies required for basic functionality. We do not use tracking or advertising cookies. If analytics cookies are added in the future, this section will be updated and a cookie consent mechanism implemented.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated to active clients by email. The current version is always available at foliqahealth.com/privacy-policy.
Contact
For any privacy-related questions, contact us at privacy@foliqahealth.com.
FOLiQA Health ehf., Hrísholt 5, 210 Garðabær, Iceland — foliqahealth.com
FOLiQA — Independent Hair Transplant Advisory — FOLiQA Health ehf. — May 2026
© 2026 FOLiQA Health ehf. All rights reserved.
FOLiQA is not a medical service. Nothing on this site constitutes medical advice. Consult a qualified medical professional before making any health-related decision.
© 2026 FOLiQA Health ehf. All rights reserved.
FOLiQA is not a medical service. Nothing on this site constitutes medical advice. Consult a qualified medical professional before making any health-related decision.