the derma clinic is a privately owned sole trading beauty clinic. We provide beauty treatments, services and related products to the public. For you to use our website and our clinic, particularly the booking system and the contact form and for us to provide treatments, services and related products to you we ask that you provide us with personal data to enable us to maintain our internal record keeping system and to ensure that we operate under the required legal obligations within the beauty industry.
We have decided not to appoint a Data Protection Officer to the derma clinic for the following reasons:
We do however record this decision to help demonstrate compliance with the GDPR accountability principle.
We collect some data directly from you when you create a booking with the derma clinic or when you have an initial consultation with the derma clinic, through our website, by telephone, by direct face to face communication within the clinic or by any combination of these three mediums. This data includes the following:
This data may be stored in both paper based and digital format.
Should we require you to take a patch test and if you ask us to deliver that patch test, or if you decide that you want us to deliver products to you we may also collect the following data:
This data may be stored in both paper based and digital format.
Should we need to take some notes about treatments you have had at the derma clinic in order for us to determine any suitable follow up treatments, services or products, we will store these against the personal details you provide above. This data may be stored in both paper based and digital format.
Should we need to take digital photographs of you within the derma clinic’s premises in order for us to determine how well your treatments are progressing and for us to determine any follow up treatments, services or products, we will store these against the personal details you provide above. This data will be stored in offline digital format only and will only be stored with your explicit consent.
We also log and use information about any service errors or interruptions that you have experienced in order to help us create fixes and to make technical improvements to our website, this includes IP addresses and device identifiers.
We use your data for the following purposes:
With the exception of email marketing, we process your personal data for all of the purposes identified under What do we use your data for?
Purpose: Maintaining your record as a client of the derma clinic
Legitimate Interests: To ensure that we as a beauty clinic can identify the clients we serve and maintain our business through the business’ management system.
Purpose: Linking your client record and any associated notes and digital photography to any consultations, treatment bookings and product purchases that you make with the derma clinic
Legitimate Interests: To ensure that we as a beauty clinic can maintain an accurate management system through the association of client records to related treatments, services and products.
Purpose: Communicating treatment booking reminder notifications via email and SMS
Legitimate Interests: To ensure that we as a beauty clinic can maintain an effective management system, specifically booking management.
Purpose: Producing business reports on any related consultations, treatment bookings and product purchases that you make with the derma clinic
Legitimate Interests: To ensure we as a business can carry out required financial operations.
the derma clinic does not share client data with anyone external to the business.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We will keep your personal data for as long as you are a client of the derma clinic. If you no longer want to remain a client of the derma clinic please write to us at email@example.com or the following address:
If you do this, we will anonymise your personal data as soon as we can after you have notified us of your request to no longer be a client of the derma clinic.
If you have not had any treatments, used our services or purchased any products from the derma clinic for a period of two years, we will send you a reminder email to remind you to make an appointment. If you still do not make an appointment, we will send a further reminder email before anonymising your personal data as set out above.
We may need to keep your personal data after closure for limited purposes, for example if we need your data in order to respond to any complaints or claims that you make. If this is the case, we will only keep the data for as long as we need to in order to fulfil those purposes.
We keep information relating to any service errors or interruptions you have experienced for between 15-30 days.
Any data you submit to our contact form will be retained for a period of two years from submission, after which it is anonymised.
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information.
You have a right to ask us to send you a copy of your personal data that we hold about you. A request to exercise this right is called a "subject access request" and must be made in writing to: firstname.lastname@example.org or to: the derma clinic, The Coach House, Wrinehill Road, Wynbunbury, Nantwich, Cheshire, CW5 7NU
If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
You can exercise this right by emailing email@example.com.
You can ask us not to send you direct marketing or advertising. You can do this by opting out (if you have previously opted in) of the advertising you no longer want to receive by emailing firstname.lastname@example.org.
You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
We will fully anonymise any personal data we hold about you when you close your client account, as set out under How long do we keep your data for? above. This means that it will no longer identify you and ceases to be “personal data”.
If you ask us to delete your personal data and you are happy for your client account to be closed, we will close your client account and fully anonymise your personal data as set out above.
If you would like to make a request to exercise this right, please email email@example.com. If we are required by law to comply with your request, we will fully anonymise your data so that it is no longer personal data and cannot be used to identify you.
You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect through paper based and online methods.
You have a right to complain to the Information Commissioner's Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
You can find out how to do this by visiting ico.org.uk (opens in new window).
Policy updated on 25 May 2018