MEDfacials - Privacy Policy
MEDfacials, a company registered in England and Wales whose registered address is at Kent House, St Clements Road, Truro, TR1 1EQ hereinafter referred to as ‘Medfacials’ ‘We’, ‘Us’ or ‘Our’), have created this privacy statement (‘Statement’) in order to reflect the transparency requirements expected of Us by law and Our own ethics. In this Statement, references to ‘You’, ‘Your’ and ‘Customer’ are references to Customers who uses the Site and the services at Medfacials.com.
Your privacy is extremely important, and We are only too happy to comply with the law and provide You with clear and transparent information about how We use Your personal data. We only process it for the purposes outlined and We process as little of it as possible. Our aim is not to be intrusive and We undertake not to ask You irrelevant or unnecessary questions. We will try Our best to keep Your personal data accurate and up to date but do try to help Us with this too please! We also have robust measures and procedures in place to minimise the risk of unauthorised access and to keep it secure. Also, We only share it with third parties where We have a right to do so and where we are satisfied that the third party shall treat it with the same or higher levels of respect.
For the purpose of the Data Protection Legislation, We are the Data Controller (ICO registration number: ZA747968).
For all matters relating to privacy and data protection, please contact Dr Stolte by email to contact@Medfacials.com or by telephone to 01872 229740. This website is not aimed at or intended for use by children under 18 years of age. We do not intend or knowingly collect data relating to children.
We are regulated by the General Medical Council (GMC) and the Care Quality Commission (CQC)
This Statement incorporates Our Cookie Policy and Service Terms.
1. HOW DO WE PROCESS YOUR PERSONAL DATA?
1.1 PERSONAL DATA YOU PROVIDE TO US VOLUNTARILY: So that we can provide a service to you, we need to process some of your personal data. We understand that you provide us your personal data on trust that we will use if lawfully and appropriately. We’ve outlined below the various ways we collect your personal data which we hope you find helpful. If you have any queries at all, please don’t hesitate to get in touch.
1.2 When you become one of our customers: We will collect your name, postal address, email address, phone number and date of birth, next of kin details regarding medical diagnosis,) and a record of your purchases.
This enables us to:
· Assess you and deliver treatments
· Provide you with information on our products including post treatment follow up
· to process payments for goods purchased on the MEDfacials site or directly from the clinic
· to answer any enquiries that you may have
· to send you marketing communications unless you have opted out.
· Keep records of purchases
· Be able to inform your next of kin in the event of an emergency
· To contact you regarding Post Treatment Surveys to ensure that you are happy, and we can improve our business.
· To comply with our legal obligations
Processing your personal data in this way means that we can fulfil our contract to you. Because we are a healthcare company, we may require you to give us medical details about yourself which requires a medical diagnosis.
When you purchase items from our website, you will be either dealing with MEDfacials directly or you will be taken to the webpage of our Affiliate partners, Harper Grace. See 3.4 for more information on Harper Grace and a link to their Privacy Policy.
1.3 When you are a potential customer of ours: We will collect your name, phone number and email address so that we can provide you with marketing communication via email or SMS if you have given us your consent to do so.
1.4 If you send us an enquiry via email, social media, or the website: We will answer your enquiry and enter into correspondence with you.
1.5 When you visit our website: We use Cookies on the website which collect various types of personal data. The types of data obtained about you includes your visits to our website; page views, downloads, navigation and exit; IP address; geographical location; browser type and version; operating system; referral source; length of your visit.
Some of these cookies are necessary to ensure that the website works correctly, and other cookies can be opted out of. You can find out more about our cookies and how you can manage your consent in our cookie policy here.
1.6 Our website may contain links to other external websites. We aren’t responsible for the practices, policies or content of such websites and suggest that you check their privacy policies to ensure that you are happy to continue browsing
2. How long do we keep your personal data
2.1 If you are a customer, we will keep your personal data in line with BMA guidelines for the foreseeable future. We keep financial data for 7 years in line with HMRC guidelines.
2.2 If you are on our marketing list, we will keep your personal data if you are signed up and on a suppression list if you unsubscribe to ensure that we do not email you in error.
2.3 Enquiries: We’ll keep these as long as is necessary and then for a further 12 months.
2.4 When we use Legitimate Interest, we will have done an assessment to make sure that we aren’t infringing on your rights.
3. HOW DO WE USE YOUR PERSONAL DATA TO COMMUNICATE WITH YOU?
3.1 Non-Marketing Communications
(a) If you have purchased on our website: We will email or text the confirmation of sale, information regarding dispatch and any other notifications regarding the sale of goods on our website.
(b) If you have made an appointment with us: We will contact you by phone, text or email to confirm your appointment or advise you of any changes. If you have contact us via Social Messaging services such as Facebook we will respond to you via that channel.
(c) If you request any information from us: We will contact you by phone, text or email as you have requested
3.2 Marketing Communications
(a) If you are on our marketing list: we will send you emails with information about latest news and offers from MEDfacials.
(b) If you decide to opt out of our email marketing list your data will then go onto our ‘suppression’ list which means that we won’t email you again by mistake
3.3 If you have not opted out of non-essential cookies, you will be profiled based on the information you have given us (such as Geographical location) and you may be served Online Advertising. If you decided to change your cookie consent, you can do so by visiting the Cookie Consent Management Platform. We do not use automated processing in any of our businesses
3.4 OTHER WEBSITES OR APPLICATIONS & THEIR POLICIES:
The Site may contain links to other websites or applications. We are not responsible for the privacy practices or policies or for the content of such websites or applications of such third parties, so You should be careful to read and understand those policies independently.
►Chat Bot: On our Site, we have a ChatBot installed which will communicate with you and send you emails to follow up on your enquiry. You may also sign up to our email marketing list on our ChatBot. You may unsubscribe at any time.
►Apple Business Chat: On our Site, we have a Messenger service installed, which is available to customers with iOS devices, which will communicate with you and allow you to ask questions. You will be able to purchase, schedule appointments via this messaging service.
►Affiliate Links: When you click on the iSClinical, Codage, Totally Derma or Déesse pages in our online shop, you will be taken to our Affiliate Partner, Harpar Grace so they can process your order, payment and arrange delivery of the products you have chosen. You can read more on their Privacy Notice here.
►Social media plugins: On Our Site, we have included social media plugins that You can use to share certain content over social networks. To protect your privacy, we offer you these social plugins as so-called “2-click buttons.” The “2-click solution” prevents data (e.g. your IP address) from being transmitted to social networks such as Facebook or Twitter as soon as You open our site. For this purpose, the buttons are deactivated by default and are only activated by clicking the social plugins for the first time. After activation, the plugins also collect personal data such as Your IP address and send it to the servers of the respective provider where it is stored. In addition, activated social plugins set a cookie with a unique identifier when loading the relevant website. This also allows providers to create profiles of your usage behaviour. The data will be used to show you personalised advertising, as well as for market and opinion research purposes. Personal data transfer is independent of whether you have an account with the plugin provider and are logged in there. If you are logged in with the plugin provider, your data collected with Us will be assigned to your existing account with the plugin provider. We have no exact information about the concrete use of the data nor about the storage period.
Please read the privacy policy of the respective providers. We have integrated the plugins of the following providers on our site:
· Facebook (Facebook Inc., USA, Data protection declaration: https://www.facebook.com/policy.php)
· Twitter (Twitter Inc., USA; Data protection declaration: https://twitter.com/privacy/)
· Pinterest (Pinterest Inc., USA; Data protection declaration: https://de.about.pinterest.com/privacy/)
· Instagram (Instagram Inc., USA Data protection declaration; https://help.instagram.com/402411646841720
4. WHO HAS ACCESS TO YOUR DATA & WHERE IS IT STORED?
We are very careful about who we share your personal data with. We make sure that the organisations we work with, such as couriers, take your personal data as seriously as we do. We would never share your data with third parties for marketing activity without your express consent.
When we store personal data outside the U.K., it will follow the UKGDPR adequacy regulations or other safeguards such as Standard Contractual Clauses or Binding Corporate Rules.
The organisations we share data with are:
4.1 Our CRM platform, Our Booking Partners, Phorest, Couriers, Webhosts, Servers, Marketing & IT Consultants, our Accountant, Accounting package and Solicitor and Authorities (if required). We use Microsoft, Google, Get Response and Gmail within the business to communicate and make sure we run efficiently.
4.2 Laboratory and other Medical Professionals who assist us with any testing or professional advice we may need.
4.3 We use Payment Providers such as Stripe. Please see Stripe’s Privacy Notice as when you submit your personal data on a payment platform, you will be subject to their own terms.
4.4 You may see various links on our website to other websites. We are not responsible for the content of these websites.
4.5 Our Social Media: We are on Facebook, Instagram and Twitter. You can find a copy of our Privacy Notice on the ‘About’ section of our Facebook Page.
4.6 Transfer of Personal Data in the Event of the Sale of MEDfacials or its Assets. In the event that MEDfacials is sold or transfers some of its assets to another party, your personal data could be one of the transferred assets. If your personal data is transferred, its use will remain subject to this Statement. Your personal data will be passed on to a successor in the event of a liquidation or administration.
5. WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION?
5.1 You have a number of rights that you can exercise free of charge and on request in certain circumstances, however, if your requests are obviously unfounded or excessive, we reserve the right to charge a reasonable fee or to refuse to act. You have the right:
(a) to be informed about the collection and use of your personal data. This is why we have a Privacy Notice,
(b) to access your personal data and supplementary information (‘DSAR’);
(c) to have inaccurate personal data corrected, or completed (if it is incomplete);
(d) to have your personal data erased;
(e) to restrict Our processing of your personal data;
(f) to receive a copy of any personal data you have provided to us, in a machine-readable format, or have this information ported to a third party;
(g) to object AT ANY TIME to processing of your personal data for direct marketing purposes;
(h) to object in certain other situations to the continued processing of your personal data
For more information on these rights and when you can exercise them, see the Information Commissioner’s Guide
5.2 If you wish to exercise any of these rights, please contact Dr Stolte on contact@medfacials.com. We will respond to you within one month from when we receive your request, unless the complexity and number of requests We receive means that we need more time. If we do need more time (up to two further months), We will tell you why within the first month.
6. HOW CAN YOU SUBMIT A QUERY OR A COMPLAINT?
6.1 QUERY: We are happy to provide any additional information or explanation needed in respect of Our processing activities upon request. For all matters relating to privacy and data protection, please contact Dr Stolte on contact@medfacials.com.
6.2 COMPLAINT: We try to meet the highest standards when processing your personal data. For this reason, we take any complaints we receive about this very seriously and encourage you to bring it to our attention. While we hope to be able to resolve any concerns you have about the way that we are processing your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). If you believe that your personal data has been processed in a way that does not comply with the Data Protection Legislation or have any wider concerns about our compliance. You can do so by calling the ICO helpline on 0303 123 1113 or via their website here.
7. CHANGES TO THIS STATEMENT
We keep our Privacy Statement under regular review. This Statement was last updated on 07 December 2021.
Contains public sector information from https://ico.org.uk licensed under the Open Government Licence v3.0 [[https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/]].