ProSkin Clinic & Health UK Ltd Privacy Notice
This is the privacy notice of ProSkin Esthetics. In this document, “we”, “our”, or “us” refer to ProSkin Clinic & Health UK Ltd.
Limited Company registered in UK.
This privacy notice aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. It tells you about your privacy rights and how the law protects you.
We are committed to protecting your privacy and the confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal information.
We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate.
Our policy complies with the Data Protection Act 2018 (Act) accordingly incorporating the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you regarding the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org
We collect information about you when you book an appointment for a service or visit the clinic for a treatment, whether contact is online, on paper, by email or over the phone.
The information you give us may include your name, address, email address, phone number, relevant history which may suggest that a service or treatment should not go ahead, or certain products should not be used (e.g. medical history, allergies, pregnancy, skin conditions), payment and transaction information.
For clients under the age of 16, we will only keep and use their personal information with the consent of a parent, carer or guardian.
How information will be used
In law, we can use personal information, including sharing it outside the salon, only if we have a proper reason to do so, for example:
- To fulfil a contract with you, for example to provide the service or treatment you have requested and to communicate with you about your appointments
- When it is in our legitimate interest, for example there is a business or commercial reason to do so, unless this is outweighed by your rights or interests
- When you consent to it: we will always ask for your consent to hold and use health and medical information.
We will therefore share your information with:
- Providers of our salon IT systems: Ovatu, Monday.com, Microsoft, Mailchimp
- Payment Platforms: Square, Paypal, Stripe
- Suppliers of our website: WordPress, Kinsta and Bluehost
- Phone systems: EE Broadband and Phone
We have rigorous data protection and security policies in place with all our suppliers.
- Some of the people working in our salon are self-employed. Where software systems and reception facilities are shared, our self-employed colleagues will have access to your information.
- We will not share your information with any other third party without your consent except to help prevent fraud, or if required to do so by law.
We would like to send you information about products and services which may be of interest to you. We will ask for your consent to receive marketing information.
If you have consented to receiving marketing, you may opt out at a later date.
You have the right at any time to stop us from contacting you for marketing purposes or giving your information to third party suppliers of products or services. If you no longer wish to be contacted for marketing purposes, please contact us.
How long your information will be kept for
After a year we will archive all your personal information, except for your name, relevant client history (e.g. allergy test records which we keep for 4 years) and financial transactions (which we are obliged to keep for 6 years).
Where your information is kept
Your information is stored within the European Economic Area on secure servers provided by Ovatu, Monday.com, Microsoft, WordPress, Bluehost and Virgin Media. Any payment transactions are encrypted. Sending information via the internet is not completely secure, although we will do our best to protect your information and prevent unauthorised access.
Client records are highly confidential; therefore, these files are kept in a secure locked area. Information is only be made available to persons whom consent has been given.
Access to your information and amendments
You have the right to request a copy of the personal information that we hold about you. This is free of charge.
If you would like a copy of some or all of your personal information, please contact Karina Thomas, the Data Protection Officer, by emailing firstname.lastname@example.org
We want to make sure that your personal information is accurate and up-to-date. You may ask us to correct or remove information you think is inaccurate.
You have the right to ask us to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it.
We may email e-newsletters to inform you about products, services and treatments provided by our Clinic. You can unsubscribe from e-newsletters at any time.
E-newsletters may contain subscriber tracking facilities within the actual email, for example, whether emails were opened or forwarded, which links were clicked on within the email content, the times, dates and frequency of activity. We use this information to refine future email campaigns and provide you with more relevant content based around your activity.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
Our website may include links to other websites. This privacy notice only applies to this website so when you link to other websites you should read their own privacy notices.
Changes to our privacy notice
We keep our privacy notice under regular review, and we will place any updates on this webpage or on the printed copy. This privacy notice was last updated on 17th March 2022.
How to contact us
Please contact us if you have any questions about our privacy notice or information, we hold about you:
- By email – email@example.com
- Or call us – 01452 423844
You also have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern:
Data Retention Policy
This policy sets out what information ProSkin Clinic & Health UK Ltd holds, how long we hold it for and when it will be deleted.
Information held by us
We hold personal information about:
- Former clients and prospective clients
We also hold information about financial transactions relating to these e.g. services or treatments provided, products bought.
How long is personal data held for
We aim not to hold personal data longer than necessary.
Unless requested by an individual, the following types of data will be held for the periods shown below, after which it will be securely deleted or destroyed:
Emails – One year from the end of the month in which they were received or sent unless a longer period is relevant as above.
Client general records – 6 years – however they are automatically archived after 12 months of non-activity
Client health records – 4 years
Financial transactions, invoices and supplier details – 6 years
Where is personal data held?
Personal data about clients and financial transactions are held on our secure salon software system which is backed up every day or held in secure electronic files electronically which can be accessed only by authorised company employees.
Paper records are held in a locked cabinet or in secure archive storage.
How is personal data deleted?
Personal data is permanently deleted in accordance with the retention periods listed above from:
- Salon software system
- Electronic files
- Paper records, which are securely shredded.
Access to personal information, correction and deletion
See our privacy notice
All requests for access to personal information will be handled by Karina Thomas, the Data Protection Officer.
Responses to requests will be made within 30 days.
All information relating to the individual will be compiled into a report and collected from:
- Financial transactions
- Other electronic records
- Paper records (where applicable)