|Language used in this privacy Notice||Definition|
|You, your, data subject,||Relates to you as a natural living person|
|We, our||Covent Garden Aesthetic Clinic|
|Your representative||Someone or some people who legally acting on your behalf|
|Third party(ies)||Refers to external suppliers who your personal data may be shared with (E.G. Delivery companies)|
|Data||Any personal information we hold on you|
|GDPR||General Data Protection Regulation (2016)|
|ICO||Information Commissioner’s Office. The UK Data Protection Regulator|
|EEA/EU||European Economic Area/ European Union States|
|Legitimate Interest||ICO 3 elements: Identify a legitimate interest;show that the processing is necessary to achieve it; andbalance it against the individual’s interests, rights and freedoms|
Scope of this Privacy Notice
This Privacy Notice covers how we handle your data from this website and within our organisation. It does not include any website you have used to access this website or any website that you access from this website
Under GDPR, we act as a data controller (make decisions) for your personal data that we collect and a data processor (process your data) or data controller for any of your data shared with us by a third-party.
Data Controller Contact Details
If you have any questions about this Privacy Notice or any other data protection queries, our Data Controller can be contacted at firstname.lastname@example.org or in writing to,
7 Goodwin’s Court
We would always welcome the opportunity to rectify any complaints that you have about your data and privacy held with us and can be contacted as shown in the ‘Data Controller Contact Details’ section above. If you would like to make a complaint to the ICO, their contact details are:
By phone – 0303 123 1113
Online – https://ico.org.uk/concerns
This Privacy Notice applies to data that you have either supplied to us, we have collected or acquired from reputable and compliant sources.
Data that you supply to us
- This is personal information about you that you share with us through filling in online or offline forms, by email, through the post, on the telephone or by any other means. Verbal personal information that you give us consent to use, will have such consent confirmed back to you in writing. Most often, your personal information will include your full name, home and/or business address and/or delivery address, personal and/or business email address and telephone and/or mobile phone number. Where payment is made, additional personal information may include your credit card details, your bank details and information needed to carry out any checks, such as credit checks. If you apply for a role with our organisation, other personal data shared is likely to include your employment history, proof of identity, qualification checks, health information etc..
- Where you are sharing personal information that does not directly relate to you (e.g. your representatives that legally act on your behalf), you must ensure you have the consent to do so and have shared this Privacy Notice with that person/those people.
- Telephone conversations may be recorded to improve training and to ensure a high level of consistent customer service.
- We generate data to understand customer and market trends.
- Website Usage Information – to better understand and continuously improve our service levels, our website uses Google Analytics to gather statistical information like how many people visits our website, how long they stay on our web pages. This information may include IP addresses used but, does not include any other personal data.
- Data may be acquired from reputable third-parties who will be contracted to provide GDPR compliant data only.
Information we receive from third-parties
- Business Partners – where we have formal relationships with business partners who may introduce new customers or sales opportunities to us, data would include personal contact details, information on the areas of interest and data required to fulfil a request, product or service
- References – new trading account, increase in any credit limits or employment opportunities with us may result in us taking out references from third-parties. This may be from compliant third-parties or from contacts that you introduce to us for this purpose.
- Social Media – where you have responded to a promotional item or offer from us through social media facilities such as Facebook, Twitter, Instagram & LinkedIn etc., we can receive profile information about you which can include your name, address, telephone number(s) and/or your business contact details. This information would be used to respond to your interest, to fulfil a request/order from you and/or to send you future information and offers, where you have given clear consent to do so.
- Publicly Available Information – we may seek personal information about you from publicly available sources. This can include your name, address and other publicly available information. As far as possible, we ensure that where any third-parties are involved in supplying such information, that they are compliant to do so.
- Other – from time to time, we may receive personal information from other sources. We will always endeavour to ensure such information is provided from reputable sources, who are compliant to do so.
How we use your data
We collect data to help operate our business and deliver our products and services to you. Where you have completed a form with the appropriate consent or given us consent in another way, we will send you relevant information in line with the consent you gave us. This can include email, telephone and/or other communication methods. We may also contact you with survey completion requests, designed to improve our service levels to you. You do not have to respond to such surveys and we will always give you the option to opt out or unsubscribe from any of these communications.
Third-Parties Who Form Part of Our Contracted Delivery Process
We may engage a reputable third-party to help us deliver the product or service we have contracted with you. E.G. A third-party delivery company may be used. They will receive the minimal data about you to complete their part of the delivery process and we contract with them that your data should not be used for any other reason.
Third-Parties may also be contracted to:
- Improve data safety and security levels
- As part of business development function
- Statistically analysis exercises
We will share personal information with the relevant agencies and without notice, where we are requested to or suspect fraudulent activities, money laundering, terrorist related activities or where there is another legal requirement to do so.
We will keep and use your data in terms of any legal or regulatory requirements that we have and can use your data to protect our legal position, if legal action is required, including the recovery of any outstanding debts.
Our Standard Business Operations
- To provide the products, services and any other responsibilities that we contract to do so with you
- To provide you with information that you request from us
- To confirm your identity as a natural living person
- As part of our billing, payments and recovery processes
We may make credit checks with reputable agencies for the following reasons:
- Where new accounts are opened for the purposes of confirming your identity and your credit history
- We will inform the main credit reference agencies of any new credit agreements that we agree with you, which they will keep for 6 years after the agreement has been completed, settled or terminated. This includes the history of how the credit agreement was adhered to
Children Under Thirteen
Our products and services are not intended to be used by children under 13 years old. We will never knowingly collect data from or on children below 13 years old. If you become aware of such a child (or another person) supplying data on that child to us, please contact using the details shown in the ‘Contact us’ section at the end of this Privacy Notice
Your data will be used for any legal or general statistical analysis. This usually will not include your specific data, although it will include you in number form (E.G. 121 people gave positive feedback). The statistical data used within our business helps us to judge performance and to make improvements to how we operate.
Special Category Data
Any data about you that can be considered as special category (E.G. your politics, beliefs. medical information etc) will not be processed by us without or consent or as a legal requirement.
Storage of Personal Data
The data you provide to us will be either securely stored and backed up within the EEA/EU or with a complaint Non-EEA/EU based supplier. Data may also be processed by employees who work for such suppliers.
We will take all reasonable actions to ensure any data processed outside of the EEA/EU protects your privacy rights and handles such data in a secure way. As part of you sharing your data with us, you are agreeing to such data being handled and cared for in this way.
Selling, Hiring or Transferring Your Data
We do not sell or hire your data or customer lists to any third-party. We may engage a reputable and trusted third-party to contact you on our behalf, with areas that you have given us consent, it is part of our contractual agreement, is a legal requirement or there is clear Legitimate Interest between us. These services may include sending you email, calling you by telephone, information through the post, customer service related communication, arranging deliveries etc.. These third-parties will only receive and be authorised to use the minimal data required and contracted to not use your data for any other reason than that contracted for.
We may share your or disclose your data in the following circumstances:
- If we buy, sell or merge any business or assets of that business and are required to share data as part of the buying, selling or merger agreement
- If our website is acquired by a third-party, where data is transferred as part of the purchased assets
Once your data reaches us, we will use our strict data processes and security procedures to protect it. For any data transmitted to us including our website by you, before it reaches us, is at your own risk.
Timescales That We Keep Your Data For
The timescale for this will vary depending on the requirement. The criteria for this includes:
- The reason we are using your data. We will keep the minimum amount of data required for that reason and for the timescale that that reason requires (E.G. Warranty and service agreement periods)
- Legal requirements and where a minimum timescale is set (E.G. Her Majesty’s Revenue and Customs (HMRC))
We will keep your data for the term you have consented to, the contracted term between us or where there is a legitimate interest for us to remain in contact with you plus 3 years in case of any queries that you may have (E.G. copy of the original agreement) or for legally required reasons, whichever is the longest period.
Your Data Protection & Privacy Rights
There are various rights that you have as a UK natural living person (individual) under the GDPR. Below are the abbreviated ICO definitions and include:
- The right to be informed – Individuals have the right to be informed about the collection and use of their personal data
- The right of access – Individuals have the right to access their personal data and supplementary information
- The right to rectification – Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure – The right for individuals to have personal data erased. This is also known as ‘the right to be forgotten. Please note this right is not absolute and only applies in certain circumstances
- The right to restrict processing – The right to request the restriction or suppression of their personal data. Please note this is not an absolute right and only applies in certain circumstances
- The right to data portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
- The right to object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics
The full ICO rights under GDPR can be seen at the Internet link below or calling them on 0303 123 1113:
You can exercise your rights by contacting us using the details set out in the “Contact us” section below.
A Cookie is a small text file that is added to your device’s hard drive by a web server within our domain. Cookies cannot be used to run software programs or add a virus to your device. They are unique to you and avoid you having to input the same information and preferences each time you visit our website(s).
Write to us at our address: at 7 Goodwin’s Court, WC2N 4LL
By telephone: 02032897904
By e-mail: email@example.com