privacy

PRIVACY POLICY


This Privacy Policy outlines My Cosmetic Doctor’s (" we ", " our " or " the Company ") practices with respect to information collected from users who access our website at www.mycosmeticdoctor.co.uk (" Site "), or otherwise share personal information with us (collectively: " Users "). 

We are dedicated to protecting your privacy. Any information that we collect will be used in accordance with the General Data Protection Regulation and the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003. We do not share any information gathered with any third party companies for direct marketing.


WHO IS MY COSMETIC DOCTOR


This Privacy Policy is from My Cosmetic Doctor, the trading name for My Cosmetic Doctor Limited. As a result this policy shall be applied to all data subjects whose personal data is collected by My Cosmetic Doctor.

My Cosmetic Doctor is a non-surgical aesthetic clinic treating a variety of aesthetic concerns in the face and skin. Every treatment requires a bespoke consultation in order to be able to select and provide the most appropriate treatments. Our clinics are based in Birmingham.

This privacy policy is designed to inform you (data subjects) about what personal data is collected in keeping with the requirements of GDPR.


GROUNDS FOR DATA COLLECTION


Processing of your personal information (meaning, any information which may potentially allow your identification with reasonable means; hereinafter " Personal Information ") is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject.

When you use the Site, you consent to the collection, storage, use, disclosure and other uses of your Personal Information as described in this Privacy Policy.

We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions. 


HOW Do WE COLLECT DATA


My Cosmetic Doctor collects data through the website and through consultations. Through the website you will be asked to provide contact details in the form of name, email, and mobile number. This will be used to contact you. Consent is implied with the data subject completing the contact form. We will only contact you with marketing information if you opt in to this service, in line with GDPR requirements. During the course of business more personal data will be collected as part of your medical consultation.

In addition to receiving data when you provide your personal details through our Site; when you use or access our Site in connection with your use of our services; we may also receive data from third party providers, services and public registers (for example, traffic analytics vendors).

Occasionally your personal data will be stored and supplied to us via third parties (for example online booking platforms), but this information will only be used with your consent (i.e. when you have requested contact, booked a treatment, or responded to an advert).

We cannot guarantee that the information you send us over the internet is secure, but once we receive it we will take all reasonable steps to protect the information you supply to us.


THE DATA That WE COLLECT


We collect two types of data and information from Users. 

The first type of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Site (“ Non-personal Information ”). We are not aware of the identity of a User from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, etc.) in order to enhance the functionality of our Site. We may also collect information on your activity on the Site (e.g. pages viewed, online browsing, clicks, actions, etc.).


The second type of information Personal Information which is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. Such information includes:


  • Device Information: We collect Personal Information from your device. Such information includes geolocation data, IP address, unique identifiers (e.g. MAC address and UUID) and other information which relates to your activity through the Site.
  • Registration information: When you register to our Site you will be asked to provide us certain details such as: full name; e-mail or physical address, and other information. 
  • Financial information which may include bank details and credit card details
  • All information supplied in our medical questionnaire and gained through our extensive bespoke consultations which will include information about your personal health and medical conditions that may affect your suitability for treatments
  • Before and after Still images of clients during the treatment and consultation process


We may also collect information such as cookies, IP address, browser type etc when you visit our website

When disclosing information of another person, you must have full consent of the person to disclose and process their personal information in accordance with this policy.


In the event of processing data of a child we will ask for consent to be authorised by the holder of parental responsibility for the child.

Failing to provide us with this information will result in us being unable to provide treatment.


WHY DO WE PROCESS YOUR PERSONAL DATA


We need to process a variety of personal data as part of our business. We do so in accordance with the law. Data is collected to ensure your suitability and safety for treatments. In addition data is collected to fulfil legal and contractual obligations such as to our insurers. In other instances we process data where it is in our legitimate interest except where these are overridden by the interests or rights and freedoms of the data subject.

We believe the following uses will fall within the area of legitimate interest:


  • Data collection in order to recommend and provide treatments and products
  • Data collection in order to provide information pre treatment and aftercare instructions both before and after treatment.
  • In order to confirm and send reminders for appointment times using email and SMS.
  • In order to circulate our newsletter and offers as per your optin in (in accordance with GDPR).
  • In order to protect our websites, infrastructure and premises from attacks or threats and to report any illegal activities
  • For communicating with you – sending you notices regarding our services, providing you with technical information and responding to any customer service issue you may have;
  • To communicate with you and to keep you informed of our latest updates and services;
  • To serve you advertisements when you use our Site (see more under "Advertisements"); 
  • To market our websites and products (see more under "Marketing"); 
  • Conducting statistical and analytical purposes, intended to improve the Site.
     

In addition to the different uses listed above, we may transfer or disclose Personal Information to our subsidiaries, affiliated companies and subcontractors.


Given that we need to collect health information and this is classed as a special category of personal data we need to identify a specific condition under Article 9. The condition on which we rely is that processing is necessary for the purposes of providing health care or treatment.


WHO HAS ACCESS TO DATA & WHO WE SHARE IT WITH


We will never share any personal information with any third party companies for direct marketing. We do not rent, sell, or share Users’ information with third parties except as described in this Privacy Policy. Personal data usually remains with My Cosmetic Doctor and is uploaded to a cloud based records software called Glowday. Your personal information is used only by employees of My Cosmetic Doctor and Glowday. Sometimes the processing is carried out by third parties such as website developers and cloud storage providers (Glowday). However, it is always kept securely and only processed under our instruction and direction.

There may be occasions were we need to share personal information, to meet legal obligations or for contractual reasons, which may be with third parties such as banks, lawyers, insurers, accountants, or government authorities such as HMRC. There are also occasions where in order to provide our professional services we may require third parties to fulfil our contract with you and to contact you. This may involve disclosure of your contact details and sometimes personal data about you (with your consent) which is relevant to the service being provided. Examples of this includes Pathology laboratories for tests and swabs and pharmacies for prescriptions. If you opt out of sharing your information with these providers it may affect our ability to care for you. Please note that all our suppliers have entered into appropriate confidentiality obligations and/or contractual data processing clauses with us.


In addition to the purposes listed in this Privacy Policy, we may share Personal Information with our trusted third party providers, who may be located in different jurisdictions across the world, for any of the following purposes: 


  • Hosting and operating our Site;
  • Providing you with our services, including providing a personalized display of our Site;
  • Storing and processing such information on our behalf; 
  • Serving you with advertisements and to assist us in evaluating the success of our advertising campaigns and to help us retarget any of our users;
  • Providing you with marketing offers and promotional materials related to our Site and services; 
  • Performing research, technical diagnostics or analytics;


In addition there could be circumstances where we are under a duty to disclose your personal information or share your personal information in order to comply with any legal or regulatory requirement, obligation or request. Examples of this include the police, for prevention or investigation of a crime. It also includes disclosure to insurers, legal advisors or other third parties who need access to it in the context of managing, investigating or defending claims or complaints.


We may also disclose information if we have good faith to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.


HOW LONG do WE KEEP PERSONAL DATA


My Cosmetic Doctor is committed to complying with legal obligations to the retention and deletion of personal information. The type of data and the purpose for collection will determine how long My Cosmetic Doctor will retain your data.

We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations. 


We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.


Our insurers require us to keep client records, including medical data, images and treatment data for 5 years from the date of your last treatment following which it will be securely deleted/destroyed. If you are or become a patient, we may retain contract information (including personal data) longer if there is a legitimate indication or if required to by our insurers.

Data of anyone actively engaged with us, for example contacts with a contract or on a mailing list will be kept for as long as the service is operating. This information can be removed/deleted/destroyed at your request. If you have opted out of receiving marketing emails/texts/newsletters, then your email address may be kept indefinitely to ensure we comply with your request.

Financial and accounting records will be kept for 6 years from the end of the last company financial year they relate to or longer if the tax return was late or if HMRC requests it.


USER RIGHTS


Your Rights As A Data Subject At any point while we are in possession of or processing your personal data:

  • Right of access – you have the right to request a copy of the information that we hold about you. We will endeavour to fulfil this request within one calendar month.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
  • Right to the restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review - in the event that My Cosmetic Doctor refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.


However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

You have the right to ask us not to process your personal information, but where consent is withdrawn for the processing of personal data from your medical records, our ability to continue your treatments will be impaired.

You have the right to ask us not to process your personal information for marketing purposes. We will only contact you for marketing purposes if you have opted in.


There are situations where you have the right to request data erasure and we will erase all data held about you. However, medical records may be exempt from erasure and our insurers will be consulted.

If you wish to exercise any of the aforementioned rights, or receive more information, please contact our Data Protection Officer (“DPO”) using our email address (mycosmeticdr@gmail.com).


COOKIES


We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 

A "cookie" is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

a. 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 

b. 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 

c. 'third party cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyse our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.

We also use a tool called “Google Analytics” to collect information about your use of the Site. Google Analytics collects information such as how often users access the Site, what pages they visit when they do so, etc. We use the information we get from Google Analytics only to improve our Site and services. Google Analytics collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy .


THIRD PARTY COLLECTION OF INFORMATION


Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to. 

This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties which we may disclose information as set forth in this Privacy Policy. 


safeguarding your information


We take great care in implementing and maintaining the security of the Site and your information. We employ industry standard procedures and policies to ensure the safety of the information we collect and retain, and prevent unauthorised use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy. We use Glowday software to store your information which is stored securely. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorised access or abuse our Site, and we make no warranty, express, implied or otherwise, that we will prevent such access.


Transfer of data outside the EEA


Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.


advertisements


We may use a third-party advertising technology to serve advertisements when you access the Site. This technology uses your information with regards to your use of the Services to serve advertisements to you (e.g., by placing third-party cookies on your web browser). 

You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative ("NAI") and the Digital Advertising Alliance ("DAA"). For more information about this practice by NAI and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: http://optout.networkadvertising.org/#!/ and http://optout.aboutads.info/#!/ .


marketing


We may use your Personal Information, such as your name, email address, telephone number, etc. ourselves or by using our third party subcontractors for the purpose of providing you with promotional materials, concerning our services, which we believe may interest you. 


Out of respect to your right to privacy we provide you within such marketing materials with means to decline receiving further marketing offers from us. If you unsubscribe we will remove your email address or telephone number from our marketing distribution lists. 

Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important e-mail communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.


corporate transaction


We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.


minors


We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children. Under no circumstances shall we allow use of our services by minors without prior consent or authorisation by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at mycosmeticdr@gmail.com.


updates and amendments


We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the "Last modified" section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.


how to contact us


If you have any general questions about the Site or the information we collect about you and how we use it, please contact us using our email below.

If you feel that we have not complied with this privacy notice then you may complain to the Information Commissioner’s office (ICO). The ICO does allow us the opportunity to resolve the matter before involving them as a regulator.

We kindly request that all queries and complaints initially are directed to My Cosmetic Doctor via mycosmeticdr@gmail.com



My Cosmetic Doctor


Last Modified 26th January 2021

Share by: