Last updated: May 11, 2026
This policy describes how Dr. María García Panadero collects, uses, and protects personal information from visitors of dramariapanadero.com and patients in consultation. We comply with the Dominican Republic Personal Data Protection Law (172-13) and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.
Dr. María García Panadero, medical specialist in aesthetic medicine. Office: Av. Abraham Lincoln, Suite 402, Piantini, Santo Domingo, Distrito Nacional, Dominican Republic. WhatsApp: +1 (809) 754-9927. For privacy inquiries, contact us via WhatsApp or the contact form.
Data you voluntarily provide via the contact form or appointment booking: name, email, phone, service of interest, message. Clinical data: medical history, allergies, procedure outcomes — only during the professional relationship. Automatic technical data: IP address, browser, operating system, pages visited, traffic source (Google, Instagram, etc.), visit duration.
Process appointment bookings and clinical care. Respond to inquiries via WhatsApp or form. Improve site experience through usage analytics. Measure advertising campaign effectiveness to optimize budget. Comply with legal and tax obligations.
We use three cookie categories: (a) Necessary: essential for site function (language preference, session). (b) Analytics: Google Analytics 4 to understand site usage. (c) Marketing: Google Ads and Meta Pixel to measure ad conversions and serve relevant ads. In the European Union, UK, and Switzerland we require explicit consent before enabling analytics or marketing cookies. In the rest of the world (including Dominican Republic), cookies are enabled by default under "legitimate interest" — you can disable them anytime in your browser settings.
When you book an appointment or submit the contact form, your email and phone may be hashed with SHA-256 (irreversible hash) and sent to Google Ads as Enhanced Conversions signal. This enables accurate ad conversion attribution without sharing plaintext personal data. Google receives only the hash, not the original value. To opt out, check the exclusion box in the form or contact us via WhatsApp.
We share limited data with: Google (Analytics 4 + Ads) for measurement and advertising. Meta (Facebook/Instagram) for Pixel and ads. Odoo (internal system) for appointment management and clinical CRM. WhatsApp Business for communication. These third parties have their own privacy policies and operate under data processing agreements. We never sell personal data.
Analytics data: 14 months (standard GA4 config). Clinical data: during the professional relationship plus applicable legal period. Marketing data: up to 540 days (remarketing audience membership). Form data: until you request deletion.
Right of access: request a copy of the data we hold about you. Right of rectification: correct inaccurate data. Right of erasure: delete data when no longer needed. Right to object: oppose specific processing (analytics, marketing). Right of portability: receive your data in structured format. Right to withdraw consent anytime. To exercise these rights, contact us via WhatsApp +1 (809) 754-9927.
The site uses HTTPS/TLS encryption (A rating on SSL Labs). Credentials and sensitive data are never stored in logs. Access to CRM and clinical data is restricted to authorized personnel via two-factor authentication.
We may update this policy periodically. The last updated date appears at the top. Material changes will be communicated via email to those who have previously shared their contact info.