The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, protects and enhances the rights of individuals (data subjects) in relation to information which is collected about them. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain.
We are committed to ensuring that your privacy is protected. We will comply with the GDPR, along with any national implementing laws, regulations and secondary legislation in the UK, including (without limitation) the Data Protection Act 2018 (DPA).
• how we collect personal information from you; and
• how that the personal information you provide will be processed by us.
Why we collect personal data
We collect personal information in order to provide and tailor our services and products to our clients and potential clients. We will use the information collected from you in order to provide quotations, and to make contact with you (by telephone, email, SMS message, through social media messaging platforms and by post) in order to provide you with information regarding our products and services either in which you have expressed an interest, or which we believe will be of interest to you as a client or potential client of Skintique Clinic.
We may from time to time use such information to identify our website visitors; we may also collect statistics about the behaviour of visitors to our website(s).
In addition, we may use your personal information to identify and prevent fraud, to enhance the security of our computer network and information systems, and to identify the effectiveness of promotional campaigns or advertising.
Giving and withdrawing your consent
You have the right to withdraw your consent to the processing of your personal data at any time or if you prefer not to receive promotional marketing messages from us. Please let us know by contacting us:
• by emailing email@example.com ; or
• by clicking on the unsubscribe option in any marketing email we send to you,
and we will ensure that your information is deleted as soon as reasonably practicable.
How we collect personal data
Personal data may be collected about you from the forms and surveys you complete (either electronically, online or on paper and including (but not limited to) medical and other questionnaires provided by us), from records of our correspondence and telephone calls, and from details of your visits to our website (including but not limited to personally identifying information like Internet Protocol (IP) addresses).
Disclosure of personal data to third parties
Skintique Clinic does not sell, trade or pass on information gained from your engagement with us to any other party without your consent. We may, however, disclose your personal information if we are required to do so in order to meet our legal obligations, regulatory requirements or in response to a valid governmental request. We may also disclose your personal information if we are required to do so in order to enforce our contractual rights against you (under our terms and conditions of business or otherwise), including: investigating potential breaches of those terms and conditions; to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of Skintique Clinic, our other clients and/or the wider community.
Legal basis for processing any personal data
We request and process your personal data in order to meet our contractual obligations to you (including the assessment of the suitability of any treatment(s) for you), and also to provide you with newsletters and informational emails relating to our services and products.
We store your personal data using cloud-based technology provided by a UK-registered external third party service provider, and therefore your personal data is shared with them. This may involve transferring your data outside the European Economic Area (EEA). Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission may not have given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to such legally enforceable mechanism(s) for transfers of personal data as may be permitted under the General Data Protection Regulation that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
If you would like further information as to the safeguards we have in place in relation to international transfers of data, please contact our Clinic Manager (see the Complaints and contact details section below).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What information do we store?
Information is collected from you when you complete any enquiry form on our website, where you have requested (via the website or in person) that we send you marketing information, or when you complete any forms or questionnaires in person or online in relation to the provision of our services to you. The information which you provide to us may include (but not be limited to):
• your name;
• your email address;
• your postal address / location;
• your telephone number(s);
• your medical history and any other information pertinent to you receiving services from us.
We will retain your personal information whilst we are corresponding with you or providing services to you. We will retain this information until you tell us that you no longer want to hear from us, or:
• up to 5 years if we do not provide any treatment to you; and
• if we provide any treatment to you, up to 10 years from the date of the last treatment provided to you,
whichever is the longer. These time periods have been recommended to us by our insurers.
Your rights as a data subject
At any point whilst we are in possession of or processing your personal data, you have the following rights in relation to your personal information held by us:
• a right of access: you have the right to request a copy of the information that we hold about you;
• a right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete;
• the right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records;
• the right to restriction of processing: where certain conditions apply you have a right to restrict our processing of your personal information;
• the right of portability: you have the right to have the data we hold about you transferred to another organisation;
• a right to object: you have the right to object to certain types of processing such as direct marketing;
• the right to object to automated processing, including profiling: you have the right not to be subject to the legal effects of automated processing or profiling.
In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
In response to a request by you, we can confirm what information we hold about you and how it is processed.
You can request the following information from us:
• the identity and the contact details of the person or organisation appointed by us that has determined how and why to process your data;
• the contact details of the person responsible for data protection at Skintique Clinic, where applicable;
• the purpose of the processing as well as the legal basis for processing;
• if the processing is based on the legitimate interests of Skintique Clinic;
• the categories of personal data collected, stored and processed;
• the identity of the recipient(s) or categories of recipients that the data is/will be disclosed to;
• how long the data will be stored;
• details of your rights to correct, erase, restrict or object to such processing;
• information about your right to withdraw consent at any time;
• how to lodge a complaint with the supervisory authority (Data Protection Regulator);
• whether the provision by you of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
• The source of personal data if it wasn’t collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access the personal data we hold about you, identification will be required
We will accept the following forms of ID when you request information relating to the personal data held by us:
• a copy of the photo page of your passport, national ID card or driving licence; and
• a utility bill not older than three months.
A minimum of one piece of photographic ID listed above and a supporting document is required. If Skintique Clinic is dissatisfied with any identification document provided by you or the quality of any part of it, further information may be sought by us before personal data can be released.
All requests should be made to firstname.lastname@example.org , by telephoning 0116 270 0123 or by writing to us at the address further below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Complaints and contact details
In the event that you wish to make a complaint about how your personal data is being processed by us, you have the right to complain to our Clinic Manager. We will respond to all legitimate requests within 30 days. In addition, you have the right to make a complaint at any time to the data protection regulator which is the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The details for each of these contacts are:
The Clinic Manager
The Clinic Manager
Skintique Clinics Limited
342 Welford Road
The Information Commissioner’s Office
Contact details are at: www.ico.org.uk/global/contact-us