Xploreu Aesthetics and skin rejuvenation Clinic

Data Controller

Faces Pharmacy LTD

Collected Personal Data

HOW WE COLLECT DATA

XploreU Aesthetics LTD will generally only receive personal data from the individual concerned directly in the course of conducting business. This may be in person, via email, web form or telephone. However, in some cases personal data will be supplied by third parties (for example online booking platforms ) but only when you have specifically booked a service/treatment  offered by XploreU aesthetics LTD on a third party platform.

THE DATA WE COLLECT

In the course of our business XploreU aesthetics will collect certain types of personal data which will include:

• Names, postal addresses, telephone numbers, email addresses, and other contact details
• Financial information which could include bank details and credit card details
• Information supplied in the medical questionnaire about a person’s health and relevant medical conditions that could affect the suitability of treatments
• Still images of clients during the treatment process (to assess before and after) and any video captured.
• Technical information such as cookies, IP address, browser type etc when you visit our website
• For any disclosure of information of another person, you must have full consent of the person to disclose and process their personal information in accordance with this policy.

WHY WE PROCESS YOUR PERSONAL DATA

During the course of our business, we need to process a wide range of personal data and we will only do so in accordance with the law. Some of this is done to fulfil XploreU aesthetics legal obligations including those related to contractual obligations such as those to its insurers. In other cases, we will process data where it is in our legitimate interest except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

XploreU aesthetics believes the following use will fall within the category of legitimate interest:

• For the purpose of recommending and providing treatments & products
• For the purpose of providing information on pre- and aftercare before and following treatment.
• For the purpose of confirmation and reminding individuals of appointments via email & text messages.
• For the purpose of our newsletter and other relevant offer emails updating clients on new products and services offered by XploreU Aesthetics . You can opt out of this at any time.
• For the purpose of security to protect our websites, infrastructure and premises from attacks or threats and to report any illegal activities

Given that we need to collect health information and this is classed as a special category of personal data we need to identify a specific condition under Article 9. The condition on which we rely is that processing is necessary for the purposes of providing health care or treatment.

WHO HAS ACCESS TO DATA & WHO WE SHARE IT WITH

Personal information gathered will not be shared with any third party companies for direct marketing. Usually, personal data collected by XploreU aesthetics will remain within the company. Some of the processing is carried by third parties such as website developers, cloud storage providers but is at all times kept securely and only processed with the directions of XploreU aesthetics.

On occasion, we will need to share personal information, to meet our legal obligations or for contractual reasons, with third parties such as banks lawyers, insurers or accountants.

HOW LONG WE KEEP PERSONAL DATA

We are committed to complying with our legal obligation to the retention and deletion of personal information. The type of data and the purpose for collection will determine how long Xplore Aesthetics will retain your data. We will not process your personal information for purposes longer than necessary.

Our insurers require Xplore aesthetics to keep Client records, including medical data, images and treatment data for 10 years from the date of your last treatment following which it will be securely disposed of.

Financial and accounting records will be kept for 6 years from the end of the last company financial year they relate to or longer if the tax return was late or if HMRC requests it.

Your Rights As A Data Subject At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
• Right to the restriction of processing – where certain conditions apply to have a right to restrict the processing. Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that Aesthetic Lab refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

THIS PRIVACY NOTICE

Xplore aesthetics will update this privacy notice from time to time. Our website will be updated when necessary to reflect the most recent and up to date copy of this notice. Please check with Privacy Policy page occasionally to ensure that you are happy with the changes.

COMPLAINTS

If you believe that we have not complied with our privacy notice you may complain to the Information Commissioner’s office (ICO) although as recommend by the ICO please allow Xploreu aesthetics  the opportunity to resolve the matter before involving the regulator.

All queries and complaints in the first instance should be directed by email to Faith Tucker at faith@xploreu.co.uk.