COOKIE POLICY

§1. General Information

1. This Cookie Policy applies to the website oneandonlyclinic.pl (hereinafter referred to as the “Website”).
2. The Website uses cookies and similar technologies (e.g. localStorage, pixels, tags) to ensure proper operation, improve functionality, perform analytics, and enable marketing — depending on the User’s settings.
3. Cookies are small text files stored on the User’s device.

§2. Who is the Data / Cookie Controller?

The controller is One and Only Clinic (identification and contact details as specified in the Privacy Policy).
Contact: info@ooclinic.pl

§3. Categories of Cookies Used on the Website

The Website may use the following categories of cookies:

1. Necessary (technical) – essential for the operation of the Website (e.g. navigation, security, core features). These do not require consent.
2. Functional (preferences) – improve the usability of the Website (e.g. language settings, customization). Consent is required if not strictly necessary.
3. Analytical (statistical) – measure traffic and user behavior to enhance the Website. Require consent.
4. Marketing – used for personalized advertising, campaign management, and effectiveness measurement (e.g. retargeting). Require consent.

§4. Tools and Third-Party Providers (Based on Website Content)

1. As indicated in the Privacy Policy, analytical and marketing tools may be used, in particular Google Analytics, Facebook Pixel and Hotjar.
2. The Website enables online appointment booking via an external booking system available under the felg.app domain (“Book an appointment online”).
3. The Website includes links to social media profiles (e.g. TikTok, Facebook, Instagram). Clicking these links or viewing embedded content may result in data processing by those providers.

§5. Purposes and Legal Bases

1. Necessary cookies: legal basis – necessity for the performance of an electronic service (Article 6(1)(b) GDPR / legitimate interest – Article 6(1)(f) GDPR).
2. Analytical and marketing cookies: legal basis – User’s consent (Article 6(1)(a) GDPR) and ePrivacy requirements (consent for storage/access).

§6. Consent and Cookie Management (Banner / CMP)

1. Upon the first visit, the User should see a cookie banner offering the following options:
   • „Akceptuję wszystkie”,
   • „Tylko niezbędne”,
2. Consents cannot be pre-selected.
3. The User must be able to withdraw consent easily at any time — via a permanent link or icon such as “Cookie settings.”

§7. Storage Period

1. Session cookies – deleted after closing the browser.
2. Persistent cookies – stored until their expiration or manual deletion by the User.
3. Specific storage periods depend on the tool provider and configuration.

§8. How to Disable Cookies in Your Browser

The User can delete or restrict cookies in browser settings at any time. Note that disabling necessary cookies may affect the Website’s functionality.

§9. Changes to the Cookie Policy

This Cookie Policy may be updated due to technological or legal changes. The current version is always published on the Website.

§10. Detailed Information on Website Traffic Analysis Using the Hotjar Service

For the purpose of analyzing how the website is used and improving its functionality, the Controller uses the analytical tool provided by Hotjar Ltd., based in Malta.

The Hotjar tool enables the Controller to understand how users interact with the website by analyzing their behavior within the service.

In particular, Hotjar enables:

• creating heatmaps showing how users navigate the website,
• analyzing clicks, scrolling behavior, and interactions with website elements,
• analyzing anonymous recordings of user sessions,
• analyzing the use of online forms in order to improve their usability.

The purpose of using Hotjar is to:

• improve the functionality of the website,
• optimize the structure and layout of content,
• improve user experience (UX),
• identify functional errors on the website.

The Controller uses the data solely for statistical and analytical purposes.

Scope of Processed Data

Hotjar may process, in particular, the following information:

• anonymized IP address of the user,
• device type and screen resolution,
• browser type and version,
• user’s operating system,
• time spent on the website,
• visited subpages,
• manner of interaction with the website (e.g. clicks, scrolling).

Hotjar does not collect data allowing direct identification of the user, such as:

• name and surname,
• email address,
• medical data,
• data entered into forms.

In the case of forms, form field masking is applied, preventing data entered by users from being recorded in session recordings.

Legal Basis for Processing

The legal basis for data processing in connection with the use of Hotjar is:

Article 6(1)(a) of the GDPR – the consent of the data subject, expressed by accepting analytical cookies through the cookie banner displayed on the website.

Hotjar is activated only after obtaining the user’s consent.

Transfers of Data Outside the European Economic Area

In connection with the use of Hotjar, users’ data may be transferred outside the European Economic Area.

In such cases, data transfers are carried out on the basis of the European Commission’s Standard Contractual Clauses (SCCs), ensuring an adequate level of personal data protection.

Data Retention Period

Data collected through Hotjar is stored for the period necessary to achieve the analytical purposes, but no longer than 12 months, unless applicable law requires longer retention.

Right to Withdraw Consent

Users may withdraw their consent to the use of analytical cookies at any time by:

• changing settings in the consent management panel available on the website,
• changing their browser settings.

Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.

Additional Information

Detailed information regarding Hotjar’s data processing practices is available at:

https://www.hotjar.com/legal/policies/privacy