Cosmetica Ltd is registered in England with company number 08120441. Our registered office is Cosmetica Ltd, 4 Hildreth Street, London. SW12 9RQ. Our Data Protection Officer is Amanda Freeburn.
Main Policy Content Summary:
• What information we hold on you
• How we obtain that information
• Where we store information
• Whom information is shared with
• Why we hold and process personal data
• How long we hold records and on what basis
• We will never spam you with irrelevant emails.
• You have a right to require us to erase your personal data without undue delay on certain grounds e.g. where it is no longer necessary based on the reason it was originally recorded or where you withdraw your consent and there is no other legal grounds for processing. Patients should be aware that by providing the information requested they are providing explicit consent but you have the right to withdraw consent at any time.
• You have the right to request a copy of your personal data held by Cosmetica London under the Data Protection Act 1998. We may charge a reasonable administration fee to cover costs.
• You may opt out of our email communications at any time. You can unsubscribe from emails by clicking ‘unsubscribe’ or replying directly to firstname.lastname@example.org.
• We will never sell, rent, make public or distribute your personal information.
• We will only collect and process your personal data when absolutely necessary.
Relevant Privacy Legalisation
In line with our internal processes and systems, Cosmetica London internal documentation and website content are designed to comply with the following policies:
• UK Data Protection Act 1998 (DPA)
• EU Data Protection Directive 1995 (DPD)
• EU General Data Protection Regulation 2018 (GDPR)
• EU Privacy and Electronic Communications Regulations (PECR)
The compliance of internal documentation and website content with the above policies will likely mean that they are compliant with data protection and privacy legislation around the world.
What information do we collect about you and where do we store it?
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and internally.
We may collect and process the following personal information about you, which is stored on our secure encrypted and passworded platforms, including our Medical Spa Software, on our PC’s, internal password encrypted systems spreadsheets, word documents, ipads and as paper records. Cosmetica London does not obtain information or purchase databases from any third parties or sell information on.
Information you give to us
* Medical Records – A requirement for your clinic registration. This includes information such as your name, address, date of birth, gender, e-mail address, phone number, next of kin, GP, and medical history. Medical records are recorded in the form of consent forms, treatment records, photography (pre and post treatment imagery where required for insurance purposes), complaints/adverse events/communication between Us and You.
Failing to provide us with this information will result in us being unable to provide treatment.
* Enquiries – We may record your details in order to track and follow-up on enquiries, in addition to scheduling appointments. This includes information such as your name, e-mail address or phone number and details of the nature of your enquiry. A third party, Aesthetic Response Ltd deal with enquiries on our behalf and have taken all action to comply with the new legislation of Data Protection.
Failing to provide us with this information for marketing purposes will have no impact upon the provision of your treatment.
* Credit card details –Payments taken by phone and card machine are through our safe and secure Worldpay system. Phone payments; Transaction details are stored in this system which includes, the first and last 4 digits of card number and expiry date, customer information details, full name, billing address and phone number. Card machine, we store financial information (i.e: merchant receipts) in line with Legal Requirements Under the General Data Protection Regulation.
We will automatically collect the following information, for each visit made, when you visit our online domain www.cosmeticalondon.com.
* Technical information, including the Internet Protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and version, operating system and platform; and
* Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page.
Like most websites, our website uses Google Analytics. This tool collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this information to better understand how visitors find us and how they interact with our website. We can use this to make adjustments to our website, to deliver a better user experience.
We keep all web usage data in an anonymised form in google analytics, but we do not connect this in any form to personalised data or use to contact anyone.
* Call Recordings – We record calls via a call-tracking provider for statistical management and performance purposes and they hold the data for 30 days, following which calls are deleted.
* Online Contact forms – We collect the following information about you when you complete a form on our website:
• Full name
• Email address
• Telephone number
• Other information you supply relevant to your enquiry
A copy is sent to us by email and the information is stored on our customer management system and mailbox (email@example.com). Where you ‘opt in’ for the ‘subscribe to our mailing list’ data is also stored on Mailchimp. See section ‘Email Newsletter’.
* Email newsletter – If you choose to join our mailing list, your email address will be stored in Mailchimp. Mailchimp is a third-party data processor. At any time, you can unsubscribe from our newsletters, either from within the newsletter or by emailing us. Mailchimp’s Privacy and Terms.
How do we use the information we collect from you?
When you provide personal information to us, the purpose for which you are providing the personal information will always be made clear. We need to gather and hold data in order to provide our service and care, to maintain medical records and also to provide our clients with information. We collect information about you to understand your needs and provide you with a better service. Specifically, we use your information for:
We may use this information for some or all of the following reasons:
* To provide you with the information, treatments, products and services that you request from us
* Internally, to inform decisions about our business operations or strategy
* To notify you about changes to our service
* To send you text notifications to remind you of any appointments booked with us
* To contact you for post-treatment, follow up and care, including survey requests in order to improve our service and ensure continuity of care
* To contact you from time to time to market other services, treatments and products we provide and think may be of interest to you, based on your interests and preferences where you have made them known to us
* Provide you with any information that we are required to send you to comply with our regulatory or legal obligations; (GMC, NHS England, Insurers)
*Detect, prevent, investigate or remediate, crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
Information we collect about you
We may use this information for some or all of the following reasons:
* To administer our website www.cosmeticalondon.com and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
* To improve our website to ensure that content is presented in the most effective manner for you and for your computer
* To allow you to participate in interactive features of our website when you choose to do so
* As part of our efforts to keep our website safe and secure
* To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
* To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Who do we share your personal data with?
We take our obligations under the General Data Protection Regulation and our clinical confidentiality requirements very seriously.
Sensitive information relating to your medical history will be kept confidential and will only be disclosed to the individuals involved in delivering your treatment. We will never sell, distribute or lease your personal information to third parties unless we have your permission or are required to do so by law.
Some information sharing is absolutely necessary for Cosmetica London to provide your service and care, for example – the information shared in a prescription. Without consent, treatment cannot be provided.
For contact or marketing purposes and information sharing, we must gain consent. You must ‘opt in’ to allow us to use your data. We offer selective consent, rather than requiring all or nothing consent.
If you’re unclear as to what you have ‘opted in’ for or wish to make any changes, please contact us at Cosmetica London and speak with our Data Protection Office.
We may share your personal information with:
* Other members of Cosmetica London staff as part of your ongoing care provisions, or for the purpose of analysing the business.
* Selected third parties such as The Doctors Laboratory for diagnostics, or Healthxchange Pharmacy for prescriptive purposes in order to provide your agreed treatment. Opting out of sharing your information with these providers may affect our ability to treat you.
*There may also be circumstances where we are under a duty to disclose your personal information or share your personal information in order to comply with any legal or regulatory requirement, obligation or request. This includes the police for the prevention or investigation of a crime, or our Insurers, legal advisors or other third parties who need access to it in the context of managing, investigating or defending claims or complaints.
We cannot guarantee that the information you send us over the internet is secure, but once we receive it we will take all reasonable steps to protect the information you supply to us. Cosmetica London will not transfer your data outside of the European Economic Area. Backups of electronically stored data are taken regularly, with strong encryption used to protect all files.
If you have concerns as to the safety of your data sent via an online channel, including emails to firstname.lastname@example.org we would advise you minimise and risk but opting for direct communication by phone.
Under the General Data Protection Regulation and in line with Legal Requirements, we will only hold personal identifiable data for the maximum retention periods:
* Job applications and unsuccessful interview candidates – 6 months
* Employee Records – 6 years following termination of contract
* Medical (Aesthetic) Records – 10 years following last appointment
* Controlled Drugs Register or Prescription Information – 2 years
* Marketing Enquiries and Emails – 6 months
* Financial Records – 7 years
* CCTV footage – 2 weeks
We employ CCTV on the public areas of the building in order to aid the security of our staff, patients and premises. CCTV cameras are not in use in our treatment rooms.
A Subject Access Request may be made for footage of you. All CCTV footage is held for a maximum of two weeks. In certain circumstances, we may need to disclose CCTV footage for legal reasons.
Website cookies – A cookie is a piece of code that allows the web server to identify and track activity of the web browser. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the website. You can enable or disable your cookie settings. For further details please consult the help menu in your browser or visit allaboutcookies.org.
You have the right to ask us not to process your personal information, but where consent is withdrawn for the processing of personal data from your medical records, our ability to continue your treatments will be impaired.
You have the right to ask us not to process your personal information for marketing purposes. We will only contact you for marketing purposes if you have opted in to receive such communications. If you wish to stop receiving some or all marketing communications from us, you can let us know by email to email@example.com. Our website www.cosmeticalondon.com may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
In some circumstances, you have the right to be forgotten and we will erase all data held about you. Medical records are exempt from erasure before our maximum retention periods. Requests for erasure should be made in writing to firstname.lastname@example.org and will be assessed on a case by case basis.
ACCESS TO INFORMATION AND CORRECTION
If you provide us with your personal information, you have the following rights:
• To review the user information that you have supplied to us.
• To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us.
• To request that your user information not be used to contact you.
• To request that your user information be deleted from our records.
To exercise any of these rights, please email email@example.com or contact our Data Protection Officer. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
It is important to note that whilst personal data can be removed from our systems in relation to marketing, we will be unable to remove any medical records relating to treatment received – which cannot be erased and will be retained as required by our insurers and professional regulatory bodies – for a period of 10 years.
You have the right to request a copy of your personal data held by Cosmetica London under the Data Protection Act 1998. We may charge a reasonable administration fee to cover costs. All requests will be subject to the appropriate identification checks.
CONTACT AND COMPLAINTS