Welcome to Ai Beauty Clinic’s privacy notice.
Ai Beauty Clinic respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our clinic and website and tell you about your privacy rights and how the law protects you.
If you have any questions regarding this privacy notice, please email them to firstname.lastname@example.org
WHY WE HAVE A PRIVACY NOTICE?
We are committed to respecting and protecting your privacy. This privacy notice sets out the type of information we collect from you and what we do with that information. This version was last updated in May 2018. This policy may change and be updated from time to time. Please check back regularly.
Ai Beauty Clinic complies with the 1998 and 2018 Data Protection Acts, Freedom of Information Act 2000 and the new General Data Protection Regulation (EU 2016/679) (“GDPR”). This policy describes our procedures for ensuring that personal information about patients is processed fairly and lawfully. Ai Beauty Clinic is registered with The Information Commissioner’s Office as a Data Controller with reference number ZA406076
Here are the details that GDPR says we have to give you as a ‘data controller’:
- Our site address is https://ai-beauty.co
- Our company name is Ai Beauty Ltd
- Our registered address is 147 Oxford Street,
- Our nominated representative can be contacted at email@example.com.
WHAT PERSONAL INFORMATION DO WE COLLECT AND HOLD?
In order to provide you with a high standard of aesthetic medical care and attention, we need to collect and process personal information about you. This personal data comprises:
- your past and current medical condition; personal details such as your age, address, telephone number, wechat contact, emails, and your general medical practitioner
- radiographs, clinical photographs and study models
- information about the treatment that we have provided or propose to provide and its cost
- notes of conversations/incidents that might occur for which a record needs to be kept
- records of consent to treatment
- any correspondence relating to you with other health care professionals, for example in the hospital or community services
- details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data.
- information that you provide by filling in forms on our website, such as when you registered for information.
If you’ve used a contact form, email, whatsapp or Facebook, Instagram, Wechat or any other communication channels to make an enquiry, then we’ll respond to that enquiry only. If this leads to a dialogue between us – as we hope it will – then we’ll continue communications on the basis that we’re doing so at your invitation, and that you can withdraw that invitation at will.
When you register any of your details with us, they are added to our list of opted-in subscribers. We record the interest that you have indicated to ensure that we only contact you with relevant information.(which you can opt out of at any time at sending an email to firstname.lastname@example.org)
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary to protect the vital interests of you or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
USE OF WEBSITE COOKIES
We may on occasion gather information regarding your computer whilst you are on our website. This enables us to improve our services and to provide statistical information regarding the use of our website to our advertisers where appropriate.
Such information will not identify you personally; it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. Similarly to the above, we may gather information about your general internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and the service that we provide to you.
THIRD PARTY LINKS
You mind find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
WHY DO WE HOLD INFORMATION ABOUT YOU?
- We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate medical care, carry out our contracts with you and tell you our charges.
- Where you have consented to us doing so, sending you information, new treatments, new products, promotions, newsletters, and other available resources through Wechat, emails, SMS or other communications you shared with us, or sending you through customized online ads (which you can opt out of at any time at sending an email to email@example.com).
If you are already our customer, we will only contact you electronically about things similar to what was previously sold to you.
If you are a new customer, you will only be contacted if you agree to it.
If you don’t want to be contacted for marketing purposes, please do not tick the relevant opt-in box that you will find on screen.
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section, you can let us know at any time by contacting us at firstname.lastname@example.org, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide the best possible services to you.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases.
HOW WE PROCESS THE DATA？
We will process personal data that we hold about you in the following way:
We will retain your medical records while you are a practice patient and after you cease to be a patient, for eleven years or for children (with parental/guardian consent) until age 25, whichever is the longer.
SECURITY OF INFORMATION
Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer system has secure audit trails and we back up information routinely.
If our website or surgery computer system experience a data breach of any kind, the breach will be communicated to you. We will constantly assess and monitor the security of our website and computer system. We will also comply with our duty to notify the Information Commissioner’s Office, where appropriate.
DISCLOSURE OF INFORMATION
In order to provide proper and safe medical care, we may need to disclose personal information about you to:
- your general medical practitioner
- the hospital or community medical services
- other health professionals caring for you
- the Inland Revenue
- private medical schemes of which you are a member.
Disclosure will take place on a ‘need-to-know’ basis, so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information. Only that information that the recipient needs to know will be disclosed.
In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.
Where possible you will be informed of these requests for disclosure.
We may contract with third parties to supply services to you on our behalf. These may include payment processing, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. These are the third parties that have access to your information:
- Payzone Ltd
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
We use third-party advertising services like Taboola, Facebook, Google’s ad services, and other ad networks and ad servers to deliver advertising about our Services on other websites and applications you use. The ads may be based on things we know about you, like your Usage Data about our website, and things that these ad service providers know about you based on their tracking data. The ads can be based on your recent activity or activity over time and across other sites and services, and may be tailored to your interests.
Depending on the types of advertising services we use, they may place cookies or other tracking technologies on your computer, phone, or other device to collect data about your use of our Services, and may access those tracking technologies in order to serve these tailored advertisements to you. To help deliver tailored advertising, we may provide these service providers with a hashed, anonymized version of your email address (in a non-human-readable form) and content that you share publicly on the Services
You can ask us not to use your data for marketing. You can do this by indicating your preferences on our forms, or by contacting us at any time at email@example.com..
Under the GDPR, you have the right to:
- request access to, deletion of or correction of, your personal data held by us at no cost to you;
- request that your personal data be transferred to another person (data portability);
- be informed of what data processing is taking place;
- restrict processing;
- to object to processing of your personal data; and
- complain to a supervisory authority.
You also have rights with respect to automated decision-making and profiling, where relevant.
To enforce any of the foregoing rights or if you have any other questions about our site or this privacy notice, please contact us at firstname.lastname@example.org or Ai Beauty Clinic, 1st Floor, 147 Oxford St, London W1D 2JE.
We will provide a copy of your record within 30 days of receipt of the request.
IF YOU DO NOT AGREE
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this privacy notice, please discuss the matter with your practitioner. You have the right to object, but this may affect our ability to provide you with medical care.
If we change our privacy notice, we will post the changes on this page. If we decide to, we may also email you.