Privacy Policy

Keeping your data safe

the derma clinic is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website or by visiting our clinic, then you can be assured that it will only be used in accordance with this Privacy Policy.

This Privacy Policy sets out how the derma clinic uses and protects any information that you give the derma clinic when you use this website.

the derma clinic may change this Privacy Policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25/05/2018.


Who are we?

the derma clinic is a privately owned sole trading beauty clinic. We provide beauty treatments, services and related products to the public. For you to use our website and our clinic, particularly the booking system and the contact form and for us to provide treatments, services and related products to you we ask that you provide us with personal data to enable us to maintain our internal record keeping system and to ensure that we operate under the required legal obligations within the beauty industry.

Who’s in control?

It is important that you understand who is responsible for keeping your data safe. We are the "controller" of all personal data collected and used for the purposes of providing beauty treatments, services and related products from the derma clinic and for any other purposes set out in this Privacy Policy. This means that we are responsible for deciding how and why your data is used and for ensuring that your data is handled legally and safely.

We have decided not to appoint a Data Protection Officer to the derma clinic for the following reasons:

  • We are not a public authority
  • Our core activities do not require large scale, regular and systematic monitoring of individuals (for example, online tracking behaviour)
  • Our core activities do not consist of large scale processing of special categories of data or data relating to criminal convictions and offences

We do however record this decision to help demonstrate compliance with the GDPR accountability principle.

What data do we collect and where from?

We collect some data directly from you when you create a booking with the derma clinic or when you have an initial consultation with the derma clinic, through our website, by telephone, by direct face to face communication within the clinic or by any combination of these three mediums. This data includes the following:

  • First Name
  • Last Name
  • Home Number and/or Mobile Number
  • Mobile Number
  • Email Address

This data may be stored in both paper based and digital format.

Should we require you to take a patch test and if you ask us to deliver that patch test, or if you decide that you want us to deliver products to you we may also collect the following data:

  • Address Line 1
  • Address Line 2
  • Address Line 3
  • City
  • County
  • Postcode

This data may be stored in both paper based and digital format.

Should we need to take some notes about treatments you have had at the derma clinic in order for us to determine any suitable follow up treatments, services or products, we will store these against the personal details you provide above. This data may be stored in both paper based and digital format.

Should we need to take digital photographs of you within the derma clinic’s premises in order for us to determine how well your treatments are progressing and for us to determine any follow up treatments, services or products, we will store these against the personal details you provide above. This data will be stored in offline digital format only and will only be stored with your explicit consent.

We also log and use information about any service errors or interruptions that you have experienced in order to help us create fixes and to make technical improvements to our website, this includes IP addresses and device identifiers.

What do we use your data for?

We use your data for the following purposes:

  • Maintaining your record as a client of the derma clinic
  • Linking your client record and any associated notes and digital photography to any consultations, treatment bookings and product purchases that you make with the derma clinic
  • Communicating treatment booking reminder notifications via email and SMS
  • Producing business reports on any related consultations, treatment bookings and product purchases that you make with the derma clinic
  • Sending out marketing communication directly via email and/or SMS if and only if explicit consent has been provided by you, noting that this is an opt-in preference

What is our legal basis for using your data?

With the exception of email marketing, we process your personal data for all of the purposes identified under What do we use your data for?

Purpose: Maintaining your record as a client of the derma clinic

Legitimate Interests: To ensure that we as a beauty clinic can identify the clients we serve and maintain our business through the business’ management system.

Purpose: Linking your client record and any associated notes and digital photography to any consultations, treatment bookings and product purchases that you make with the derma clinic

Legitimate Interests: To ensure that we as a beauty clinic can maintain an accurate management system through the association of client records to related treatments, services and products.

Purpose: Communicating treatment booking reminder notifications via email and SMS

Legitimate Interests: To ensure that we as a beauty clinic can maintain an effective management system, specifically booking management.

Purpose: Producing business reports on any related consultations, treatment bookings and product purchases that you make with the derma clinic

Legitimate Interests: To ensure we as a business can carry out required financial operations.

Who do we share your data with?

the derma clinic does not share client data with anyone external to the business.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

How long do we keep your data for?

We will keep your personal data for as long as you are a client of the derma clinic. If you no longer want to remain a client of the derma clinic please write to us at info@thedermaclinic.com or the following address:

  • the derma clinic
  • The Coach House
  • Wrinehill Road
  • Wynbunbury
  • Nantwich
  • Cheshire
  • CW5 7NU

If you do this, we will anonymise your personal data as soon as we can after you have notified us of your request to no longer be a client of the derma clinic.

If you have not had any treatments, used our services or purchased any products from the derma clinic for a period of two years, we will send you a reminder email to remind you to make an appointment. If you still do not make an appointment, we will send a further reminder email before anonymising your personal data as set out above.

We may need to keep your personal data after closure for limited purposes, for example if we need your data in order to respond to any complaints or claims that you make. If this is the case, we will only keep the data for as long as we need to in order to fulfil those purposes.

We keep information relating to any service errors or interruptions you have experienced for between 15-30 days.

Any data you submit to our contact form will be retained for a period of two years from submission, after which it is anonymised.

What rights do you have?

You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.

We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information.

A right to access your information

You have a right to ask us to send you a copy of your personal data that we hold about you. A request to exercise this right is called a "subject access request" and must be made in writing to: info@thedermaclinic.com or to: the derma clinic, The Coach House, Wrinehill Road, Wynbunbury, Nantwich, Cheshire, CW5 7NU

A right to object to us processing your information

You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing. This includes all of your personal data that we process for all of the purposes set out in this Privacy Policy, with the exception of our use of your email address to send you marketing communications with your consent (but you can withdraw your consent to this at any time).

If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.

You can exercise this right by emailing info@thedermaclinic.com.

A right to ask us not to market to you

You can ask us not to send you direct marketing or advertising. You can do this by opting out (if you have previously opted in) of the advertising you no longer want to receive by emailing info@thedermaclinic.com.

A right to have inaccurate data corrected

You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.

A right to have your data erased

You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this Privacy Policy.

We will fully anonymise any personal data we hold about you when you close your client account, as set out under How long do we keep your data for? above. This means that it will no longer identify you and ceases to be “personal data”.

If you ask us to delete your personal data and you are happy for your client account to be closed, we will close your client account and fully anonymise your personal data as set out above.

If you would like to make a request to exercise this right, please email info@thedermaclinic.com. If we are required by law to comply with your request, we will fully anonymise your data so that it is no longer personal data and cannot be used to identify you.

A right to have processing of your data restricted

You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.

Restricting your personal data means that we only store your personal data and don't carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect through paper based and online methods.

How can you contact us?

If you have any questions or concerns about this Privacy Policy and/or our processing of your personal data, you can get in touch using: info@thedermaclinic.com or in writing to: the derma clinic, The Coach House, Wrinehill Road, Wynbunbury, Nantwich, Cheshire, CW5 7NU

What if you have a complaint?

You have a right to complain to the Information Commissioner's Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.

You can find out how to do this by visiting ico.org.uk (opens in new window).

What if this policy changes?

We may make changes to this Privacy Policy from time to time. Any changes we make will be posted on this page. We may also notify you by email if significant changes are made.

Policy updated on 25 May 2018