Welcome to Ai Beauty Clinic’s privacy notice.
Ai Beauty Clinic respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our clinic and website and tell you about your privacy rights and how the law protects you.
If you have any questions regarding this privacy notice, please email them to email@example.com
WHY WE HAVE A PRIVACY NOTICE?
We are committed to respecting and protecting your privacy. This privacy notice sets out the type of information we collect from you and what we do with that information. This version was last updated in May 2018. This policy may change and be updated from time to time. Please check back regularly.
Ai Beauty Clinic complies with the 1998 and 2018 Data Protection Acts, Freedom of Information Act 2000 and the new General Data Protection Regulation (EU 2016/679) (“GDPR”). This policy describes our procedures for ensuring that personal information about patients is processed fairly and lawfully. Ai Beauty Clinic is registered with The Information Commissioner’s Office as a Data Controller with reference number ZA406076
Here are the details that GDPR says we have to give you as a ‘data controller’:
- Our site address is https://ai-beauty.co
- Our company name is Ai Beauty Ltd
- Our registered address is 147 Oxford Street,
- Our nominated representative can be contacted at firstname.lastname@example.org.
WHAT PERSONAL INFORMATION DO WE COLLECT AND HOLD?
In order to provide you with a high standard of aesthetic medical care and attention, we need to collect and process personal information about you. This personal data comprises:
- your past and current medical condition; personal details such as your age, address, telephone number, wechat contact, emails, and your general medical practitioner
- radiographs, clinical photographs and study models
- information about the treatment that we have provided or propose to provide and its cost
- notes of conversations/incidents that might occur for which a record needs to be kept
- records of consent to treatment
- any correspondence relating to you with other health care professionals, for example in the hospital or community services
- details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data.
- information that you provide by filling in forms on our website, such as when you registered for information.
If you’ve used a contact form, email, whatsapp or Facebook, Instagram, Wechat or any other communication channels to make an enquiry, then we’ll respond to that enquiry only. If this leads to a dialogue between us – as we hope it will – then we’ll continue communications on the basis that we’re doing so at your invitation, and that you can withdraw that invitation at will.
When you register any of your details with us, they are added to our list of opted-in subscribers. We record the interest that you have indicated to ensure that we only contact you with relevant information.(which you can opt out of at any time at sending an email to email@example.com)
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
- You have given consent to the processing of your personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which we are subject;
- Processing is necessary to protect the vital interests of you or of another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
USE OF WEBSITE COOKIES
We may on occasion gather information regarding your computer whilst you are on our website. This enables us to improve our services and to provide statistical information regarding the use of our website to our advertisers where appropriate.
Such information will not identify you personally; it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. Similarly to the above, we may gather information about your general internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and the service that we provide to you.
THIRD PARTY LINKS
You mind find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
WHY DO WE HOLD INFORMATION ABOUT YOU?
- We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate medical care, carry out our contracts with you and tell you our charges.
- Where you have consented to us doing so, sending you information, new treatments, new products, promotions, newsletters, and other available resources through Wechat, emails, SMS or other communications you shared with us, or sending you through customized online ads (which you can opt out of at any time at sending an email to firstname.lastname@example.org).
If you are already our customer, we will only contact you electronically about things similar to what was previously sold to you.
If you are a new customer, you will only be contacted if you agree to it.
If you don’t want to be contacted for marketing purposes, please do not tick the relevant opt-in box that you will find on screen.
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section, you can let us know at any time by contacting us at email@example.com, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide the best possible services to you.
In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases.
HOW WE PROCESS THE DATA？
We will process personal data that we hold about you in the following way:
We will retain your medical records while you are a practice patient and after you cease to be a patient, for eleven years or for children (with parental/guardian consent) until age 25, whichever is the longer.
SECURITY OF INFORMATION
Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer system has secure audit trails and we back up information routinely.
If our website or surgery computer system experience a data breach of any kind, the breach will be communicated to you. We will constantly assess and monitor the security of our website and computer system. We will also comply with our duty to notify the Information Commissioner’s Office, where appropriate.
DISCLOSURE OF INFORMATION
In order to provide proper and safe medical care, we may need to disclose personal information about you to:
- your general medical practitioner
- the hospital or community medical services
- other health professionals caring for you
- the Inland Revenue
- private medical schemes of which you are a member.
Disclosure will take place on a ‘need-to-know’ basis, so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information. Only that information that the recipient needs to know will be disclosed.
In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.
Where possible you will be informed of these requests for disclosure.
We may contract with third parties to supply services to you on our behalf. These may include payment processing, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. These are the third parties that have access to your information:
- Payzone Ltd
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
We use third-party advertising services like Taboola, Facebook, Google’s ad services, and other ad networks and ad servers to deliver advertising about our Services on other websites and applications you use. The ads may be based on things we know about you, like your Usage Data about our website, and things that these ad service providers know about you based on their tracking data. The ads can be based on your recent activity or activity over time and across other sites and services, and may be tailored to your interests.
Depending on the types of advertising services we use, they may place cookies or other tracking technologies on your computer, phone, or other device to collect data about your use of our Services, and may access those tracking technologies in order to serve these tailored advertisements to you. To help deliver tailored advertising, we may provide these service providers with a hashed, anonymized version of your email address (in a non-human-readable form) and content that you share publicly on the Services
You can ask us not to use your data for marketing. You can do this by indicating your preferences on our forms, or by contacting us at any time at firstname.lastname@example.org..
Under the GDPR, you have the right to:
- request access to, deletion of or correction of, your personal data held by us at no cost to you;
- request that your personal data be transferred to another person (data portability);
- be informed of what data processing is taking place;
- restrict processing;
- to object to processing of your personal data; and
- complain to a supervisory authority.
You also have rights with respect to automated decision-making and profiling, where relevant.
To enforce any of the foregoing rights or if you have any other questions about our site or this privacy notice, please contact us at email@example.com or Ai Beauty Clinic, 1st Floor, 147 Oxford St, London W1D 2JE.
We will provide a copy of your record within 30 days of receipt of the request.
IF YOU DO NOT AGREE
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this privacy notice, please discuss the matter with your practitioner. You have the right to object, but this may affect our ability to provide you with medical care.
If we change our privacy notice, we will post the changes on this page. If we decide to, we may also email you.
We do ask you to provide certain information when dealing with ai-beauty.co.uk, all information is kept and used in accordance with this privacy statement.
We may collect the following information:
– Name and job title.
– Contact information including email address.
– Personal medical information.
– Demographics such as postcode, preferences and interests.
– Other information relevant to your treatment or treatment options.
WHAT WE DO WITH THE INFORMATION WE GATHER:
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
– Internal record keeping.
– To send treatment information to clients, to be able to update customers regarding their treatment/s.
– We may use the information to improve our treatments and services.
We may periodically send promotional emails about new treatments, products, special offers or other information which we think you may find interesting using the email address which you have provided.
However these emails will only be sent once you have opted into our mailing list and give full consent to receive these emails.
HOW WE WILL SHARE YOUR DATA
We do not share or disclosure any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. We use trusted third-parties to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
We may disclose your information to third parties if:
– We are under a duty to disclose or share your personal data in order to comply with any legal obligation.
– In order to apply or enforce our contracts with you.
– To protect our rights, property, or our safety and/or the safety of our clients, or others.
We may also disclose your information to our suppliers and contractors to provide information to you on our behalf and/or in order to fulfil our contracts with you.
YOUR PERSONAL DATA:
We only collect data needed for business activities, no data will be shared with other companies unless necessary. No data will be collected without free consent being given.
WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?
You have the right to access any personal information that we process about you and to request information about:
– What personal data we hold about you.
– The purposes of the processing.
– The categories of personal data concerned.
– The recipients to whom the personal data has/will be disclosed to.
– How long we intend to store your personal data for.
– If we did not collect the data directly from you, information about the source.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
If you would like your personal data to be removed or the use to be amended, you have the right to request:
– your personal data to be erased (deleted) from our records.
– the use / processing of your personal data to be restricted in accordance with data protection laws.
– to opt out of any direct marketing from us (this can be done in a number of ways and will depend on the marketing you are receiving. Please see the marketing material for how to unsubscribe).
– If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.
We will inform you if your request is possible under current regulations and inform you to what extent your request has been processed. Where we are under legal obligation to retain your information, we will clarify the requirements around the extent of data as well as the duration we will continue to hold your personal data.
If you would like to make a request about the processing of your personal data, please contact us at firstname.lastname@example.org
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
In relation to any financial information submitted to Ai Beauty Clinic, we do not store or share any financial information with 3rd party companies and have safeguarding steps in place to maintain and protect customer financial information.
In this document you have seen how we collect, store and handle data in compliance with GDPR.
FURTHER DETAILS, QUESTIONS, OR COMPLAINTS
We hope we have provided you with plenty of information about the processing of your personal data that we undertake and the rights you have over it, however, if you have any additional questions or would like more details about any of the points listed above, please contact:
147 Oxford Street, London
LODGING A COMPLAINT
If you are not happy with this notice, believe we have processed your data in an unfair or unjust way or are non-compliant with the relevant data protection laws and you wish to raise a complaint, please contact us and we will carefully consider your complaint and respond to you. You also have the right to lodge a complaint with the supervisory authority (the Information Commissioners Office).
Information Commissioners Office:
Tel: 020 3835 5467
(15) ai-beauty.co.uk are committed to ensuring the protection of all personal information that we hold and to providing and protecting all such data. We recognise our obligations in updating and expanding this program to meet the requirements of GDPR.