Download GDPR PDF Document

Elenique Skin Clinic Elenique Skin Clinic Privacy Notice At Elenique Skin Clinic your privacy is important to us. This Privacy Notice has been prepared by Mr Tom Dahri of Algorithm Risk Consultancy Ltd (ARC Ltd), a registered company with Companies House specialising in Cyber Risk Management and Information Security. The purpose of the Privacy Notice is to be transparent and to provide accessible information to individuals about how Elenique Ltd operating as Elenique Skin Clinic will use peoples personal data as defined in the EU General Data Protection Regulation (GDPR). 1. Who are we? Elenique Ltd operating as Elenique Skin Clinic provides specialist advanced non-surgical skin treatments that use high end technology to treat a wide range of skin concerns. It is a beauty treatment business registered with Companies House (reg. no. 09586334) at 957 Fulham Road, London, SW6 5HY, which is also our main operating address. 2. What is the legal basis for obtaining your personal data. The law on data protection sets out a number of different reasons for which a we may collect and process your personal data, including: 2a. Consent In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive a text message reminder about your forthcoming appointment. Protective Marking Not Protectively Marked Suitable for Publication? Y/N YES Title and version Elenique Skin Clinic Privacy Notice Purpose Elenique Skin Clinic Notice Relevant to Elenique Skin Clinic staff, contractors and clients Summary Elenique Skin Clinic Privacy Notice Author & contact details Tom Dahri - Algorithm Risk Consultancy Ltd - tom.dahri@algorithm-risk.co.uk Creating organisation Algorithm Risk Consultancy Ltd (ARC Ltd), 20-22 Wenlock Road, London, N1 7GU, Companies House registration number 09255892 Date created 17/05/2018 Last updated 17/05/2018 1 of 5 Elenique Skin Clinic When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service. 2b. Contractual obligations In certain circumstances, we need your personal data to comply with our contractual obligations. For example, prior to treatment, we ask our clients to complete a non-intrusive medical questionnaire to ensure the client receives the appropriate skin treatment which is reviewed by the beauty treatment consultants. 2c. Legal compliance If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting the Elenique Ltd to law enforcement. 2d. Legitimate interest In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your skin treatment history to send you or make available personalised offers. We will also use your mobile phone details to send you direct marketing information by text message, telling you about products and services that we think might interest you. 3. When do we collect your information? Elenique Skin Clinic use various ways to obtain your personal information: • On-Line booking systems such as Get Timely and Treatwell • Our website • Walk-in’s • Pre-treatment medical questionnaire The third-party providers such as Treatwell take the bookings and forward the clients details to us which is recorded on our Customer Relationship Management (CRM) system. 4. What information do we collect about you? The personal information we collect may include your name, address, email address, telephone number, basic medical information to support the type of treatment clients may receive. We also retain copies of client’s payment receipts for a period of 12 months for book-keeping purposes. These are held in a secure location and In addition, as part of our staff recruitment process, which is conducted in partnership through Indeed Recruitment, we will review candidates CV’s and the information contained within it. 2 of 5 Elenique Skin Clinic 5. Who has access to your information? We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. Elenique Skin Clinic beauty consultants will have access to the CRM with the clients basic contact information. In addition, they will have access to the clients pre-treatment medical questionnaire. Only senior management will access to staff data which will be shared with third party contractors to support their lawful activities such as employment contracts and staff pay and taxation. Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the Elenique Ltd network for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. The relevant third party contractor will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. In some cases, they will be acting as a data controller of your information and therefore we advise you to read their Privacy Notice. These third party contractors will share your information with us which we will use in accordance with this Privacy Policy. 6. Marketing You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: contact@eleniqueaesthetics.co.uk. 7. Is my personal information secure? When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure website page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer. Access to your personal data is password-protected, and sensitive data such as payment card information) is secured and tokenized to ensure it is protected. In addition, we have also placed additional physical security measures to protect your data. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security. Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. 3 of 5 Elenique Skin Clinic If you need to send confidential or sensitive information over an email then we can discuss secure options available to you. 8. How do I access my information or make any corrections? This is very easy. The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: contact@eleniqueaesthetics.co.uk. In most case when reasonable requests have been made then this is FREE of charge. For security reasons you may be contacted on the registered contact number to confirm that you have made this Subject Access Request. Majority of your information is held electronically , however, some data is held in paper form. If we receive a Subject Access Request from a relevant person then the paper records can be scanned for forward dissemination to the requesting party. 9. How long will you hold my information? The information will be regularly reviewed as there is no defined period of retention but it should not be kept for longer than is necessary for that purpose or those purposes as defined in this document. Anyone can make a request at any time for their information to be deleted by emailing: contact@eleniqueaesthetics.co.uk. 10. Why we may transfer your data outside the EU? As part of our contingency planning we store majority of our electronic data on cloud servers, some of which operate outside the EU. Each cloud storage server and access point is password protected and access is only granted to authorised Elenique Ltd senior staff. 11. Does this Privacy Notice apply to other websites? No. This privacy policy only applies to the collection of information by Elenique Ltd so when you link to other websites you should read their own privacy policies. 12. Cookies Like many other websites, the Elenique Ltd website uses cookies. 'Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result. 13. Who will oversee the information collected? The information will be managed by Mrs Elena Gogolenko, Elenique Skin Clinic. It will be her role to ensure compliance with the relevant information security legislation and to action any subject access requests. 4 of 5 Elenique Skin Clinic Mrs Gogolenko is contactable on contact@eleniqueaesthetics.co.uk 14. Changes to our Privacy Notice We keep our Privacy Notice under regular review and we will place any updates directly to the Privacy Notice. 5 of 5