PRIVACY POLICY

1. Data & Privacy

This document concerns YOUR personal data, legally defined as information concerning any living person that is not already in the public domain, and covers legislation from The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulations (GDPR).

The aforementioned regulations seek to protect and enhance your rights as a data subjects, and cover the safeguarding of personal data, protecting the user against the unlawful processing of personal data and the unrestricted transfer of personal data within the EU.

Please be aware; GDPR does not apply to information already accessible in the public domain, for example, Companies House data, or domain registration information.

In this policy document, “we”, “us” and “our” refer to the data controller listed in Section 2.4 of this document.

1.1 Aesthetify Ltd is committed to safeguarding the privacy of visitors to our website (https://www.aesthetify.co.uk) and general service users, in accordance with the General Data Protection Regulation (GDPR) 2018.

1.2 This Privacy Policy applies to all cases in which aesthetify.co.uk is acting as a data controller responsible for the processing and safeguarding of personal data of website visitors and service users.

1.3 Upon first visiting our website, you will be asked to agree to the terms presented in this policy document, and to the use of cookies. Continued use of our website after the privacy/cookie notice implies consent has been granted by the user (YOU).

2. Who we are

The information provided in this section clearly defines who “we” are, and who is responsible for managing your personal data. Methods of contact should also be clearly defined in accordance with EU laws on service provider transparency.

If you believe information is missing or incorrect in this section, or does not adequately describe the service provider, you should discontinue use of this website immediately.

2.1 Who are we?

Aesthetify.co.uk is an aesthetic clinic which specialises in offering a range of proven, safe and highly successful beauty services including laser hair removal and advanced procedures.

2.2 Physical address

Our principal place of business is at:

UNTIL Marylebone
105 Wigmore Street, London
W1U 1QY 

2.3 Contact methods

You can contact us via any of the following methods:

(a) By post to our Company address

71-75 Shelton Street
Covent Garden, London
WC2H 9JQ 

(b) Use of our website’s contact form on the following URL

www.aesthetify.co.uk/contactus

(c) By telephone

07770 040250

2.4 Data Protection Officer

Our data protection officer/data controller is Prashanth Sathiagnanam and contact details for the aforementioned controller are as detailed above in section 2.3.

3. Data Collection and Purpose of Collection

The section below will detail the types of data that is collected, in addition to the methods of collecting this data.

3.1 User provided information

Aesthetify.co.uk will collect direct information provided by you (via contact forms, for example) to provide quotations, make telephone contact, or to email you concerning any information you may request.

We have many patients/service users with similar names so it vitally important for all patients/service users to be properly identified as individuals. In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:

  • Full name

  • Date of birth

  • Permanent (home, not a temporary) address

  • Email address

  • Contact number

When you log in we collect name and address, telephone, email address, username and password. This provides us with default details for your order processing and sets up security (so viewing of your account details, designs and order history is password protected).

3.2 Automatically collected information

Whilst visiting our website, some additional personal data may be collected, including but not limited to personally-identifying information like Internet Protocol (IP) addresses, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information concerning the timing, frequency and pattern of your service use.

3.3 How YOUR data on our website is collected and stored

Data will be collected on our website in the following ways:

a) Via web contact forms on our website

Data provided via our website forms is manually submitted by the user, and stored by a third party provider in a secure storage environment.

b) Via Google Analytics tracking

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic and user behaviour, enabling us to enhance the user experience and analyse marketing.

Google use cookies to offer this service and their privacy policy is available at:

https://www.google.com/policies/privacy/

All data is stored on Google’s secure servers.

c) Via web server tracking software provided with our web hosting

Our web hosting provider may track user behaviour and monitor potential security threats, and as such will collect data designed to keep the website operational and your information secure.

All data is stored on our web host’s secure servers and will be made available in association with a relevant data protection request.

d) Via browser cookies

Our website uses cookies, defined as a string or array of information that a website stores on a visitor’s computer. YOUR browser provides this information on each visit to our website.

Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website.
Further information on browser cookies and how to manage them can be found in section 12 of this document.

e) When you place an order we allocate you a customer number, capture order details, invoicing address, and credit card details to process and fulfil your order. Invoicing address is retained so you do not have to enter them again. Order details are retained so you can view your order history.

f) You acknowledge that many parts of the service provided on the Site may be provided by third-party service providers and not by us. You consent to us transferring your information to such third-party service providers for the purposes of dealing with your queries, orders and for record keeping.

g) When you enter credit card details you are in communication over a secure link with the Stripe merchant system (or such other financial system as may be used, from time to time). It retains details of the credit card transaction. You must enter the details for each purchase for security reasons.

f) To assist you with your promotions and marketing and tailor our service to your needs we will ask you for feedback, about you and any products or treatments you may require. Supply of this information is optional and not mandatory. All this data will be stored so we can effectively meet your needs.

g) You are entitled to ask for a copy of the information held about you at any time by contacting us. We may charge a small fee for this.

h) You consent to us (and our representatives) disclosing information to third parties: (i) if we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and any other contract entered into with us, or to protect the rights, property, or safety of our customers, ourselves or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and (ii) if we determine that such disclosure is necessary in connection with any investigation or complaint regarding your use of the Site.

4. Use of YOUR personal data

It is required that ANY use of YOUR personal data will be lawful and fair, and initiation of data transfer from user (YOU) to Aesthetify.co.uk should be easy to understand and be transparent as to which data is being processed and how it may be used.

4.1 Lawful basis for data processing

Your personal data will only be used only to provide or enhance a service that you have initiated or requested.

Aesthetify.co.uk will never use your personal data for operations outside the defined scope of our working arrangement or contract, unless legally required to do so.

4.2 Legal obligations

Should it be legally required to divulge your personal information to a higher authority such as law enforcement organisations, YOU as the user will be notified of any such data transfer.

4.3 Duty of care

We need to keep a record of the care you receive to ensure that:

  • Professionals involved in your care have accurate and up-to-date information

  • We have all the information necessary for assessing your needs and providing excellent care

  • Your concerns can be properly investigated if you raise a complaint

  • Accurate information about you is available if you:

    • Move to another area

    • Need to use another service

    • See a different healthcare professional.

We have a duty to:

  • Maintain full and accurate records of the care we provide to you

  • Ensure that your records are confidential, secure and accurate

  • Provide a copy at your request that is an accessible format (e.g. in large type if you are partially sighted).

  • Your record may include some or all of the following:

    • Your name, address and date of birth

    • Your email address and telephone number

    • Contacts we have had with you, such as appointments

    • Notes and reports on your health

    • Details of treatment and care, images and test results

    • Information on medicines, side effects and allergies

    • Relevant information from people who care for you and know you well, such as health professionals and relatives.

    • The staff who see you may also add notes on their professional opinion.

If you wish us to, and it is practical, we will discuss and agree with you what we are going to enter on your record and show you what we have recorded.

4.4 Keeping us updated

How you can help us to keep your health record accurate:

  • Let us know when you change address, telephone number or name

  • Tell us if any information in your record is incorrect

  • Give your consent so that we can share information about you with other health professionals to make sure you receive the right healthcare

  • Tell us if you change your mind about how we share the information in your record.

4.5 How we may contact you

We take your privacy seriously so please let us know how you want us to contact you.

  • Telephone
    It is important for us to have a valid contact number for you. We may ring, leave a message or text you with information relevant to your treatment such as appointment confirmation, pre-care advice and post-treatment follow-up. Please let us know if you do not wish to be contacted by telephone.

  • Email
    It is important for us to have a valid email address for you. We use this to send information relevant to your treatment such as appointment confirmation, pre-care information and aftercare advice. We may also use your email to send you a regular newsletter about the clinic and our services; however, you can opt out of this if you do not wish to receive this.

Please read the following before providing us with your email address.

  • Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet.

  • Be aware also that if you share your computer others may read your emails.

  • You could use email to contact staff in relation to a query or to ask about an appointment.

  • Do not give more personal information than we need to process your request.

  • Do not ask us to send you medical details that you would not want seen by other people.

If you have an urgent question or feel unwell after going home after treatment contact the clinic on 07770040250 (Monday-Saturday 9AM to 7PM) or an emergency service e.g., 111 NHS emergency service or 999 for life threatening conditions by telephone.

*Please do NOT email in an emergency*

4.6 How your records are kept

Our guiding principle is that we hold your records in strict confidence.

Aesthetify Limited is registered under the Data Protection Act 2018. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security.

We will fully fulfil its obligations under this Act, including ensuring that the following eight principles governing the processing of personal data are observed.

  • personal data shall be processed fairly and lawfully;

  • personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes;

  • personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed;

  • personal data shall be accurate and, where necessary, kept up to date;

  • personal data shall be kept for no longer than is necessary for the purposes for which it is processed;

  • personal data shall be processed in accordance with the rights of data subjects under the Act;

  • personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage;

  • personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection

Information about you and the services you receive may be held in a number of formats and will be kept for the specific retention periods outlined by the relevant professional bodies. We use secure electronic systems to store user records, images and details of prescriptions. Patient data held on paper or disk will be processed in accordance with the Data Protection Act and destroyed using secure documented procedures after the time periods set out by the Department of Health.

4.7 Anonymised data

We may remove your name and other details that could identify you so that we can use the information in your record anonymously to:

  • Monitor and improve the quality of care received by patients/service users

  • Protect the health of the general public, for example we may share anonymous and aggregated patient information with organisations such as the National Institute for Clinical Excellence and the Cancer Registry for research or statistical purposes

  • Train and educate staff

Wherever possible, we anonymise your data or use a quasi- identifier such as a patient number.

5. Security

The Site has numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures are, or will remain, adequate. We do take data security very seriously and will use all reasonable endeavours to protect the integrity of the information you provide.

Access to your account data is password protected. You must keep all passwords confidential and not disclose or share them with anyone. You are responsible for all activities that occur under your passwords. You must notify us in the event you know or suspect someone else knows your passwords. If we have reason to believe there is a breach of security or misuse of the Site, we may require you to change your passwords or we may suspend your account without notice.

Our Site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check such policies before submitting any information to these websites.

Credit card details are processed by a secure server.

6. Cookies

What are Cookies?

We use cookies to personalise your interface with the site, and to remember you when you return to our site. They are small packets of data stored by your browser on your computer’s hard drive to identify yourself to us and help us to keep track of what you have in your basket. Your browser may have a feature to disable cookies, or you can delete them if you wish and your interface will not be severely restricted.

Please note that cookies can’t harm your computer. We don’t store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. For example, they help us to identify and resolve errors, or to determine relevant related products to show you when you’re browsing. Each browser is different, so check the ‘Managing cookies’ information below of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.

We’re giving you this information as part of our initiative to comply with relevant legislation, and to make sure we’re honest and clear about your privacy when using our website.

Third party cookies

When you visit our sites you may notice some cookies that aren’t related to w3p. If you go on to a web page that contains embedded content, for example from Google, you may be sent cookies from these websites. We don’t control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.

Some of the business partners that may set cookies on w3p sites include:

Cookie: Google Maps

Purpose:  These are Google Maps third party cookies, which are unique identifiers to allow traffic analysis to Google Maps.

‘Share’ Tools

If you take the opportunity to ‘share’ content with friends through social networks – such as Facebook and Twitter – you may be sent cookies from these websites. We don’t control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.

Managing Cookies

If cookies aren’t enabled on your computer, it will mean that your shopping experience on our website will be limited to browsing and researching; you won’t be able to add products to your basket and buy them.

To enable Cookies

If you’re not sure of the type and version of web browser you use to access the Internet:

  • For PCs: click on ‘Help’ at the top of your browser window and select the ‘About’ option

  • For Macs: with the browser window open, click on the Apple menu and select the ‘About’ option

7. Sharing your health record

Aesthetify Limited has a designated Information Lead/Data Protection Officer who is responsible for protecting the confidentiality of patient information and making sure that information is shared where this is appropriate.

To make sure you receive all the care and treatment you need, we may need to share the information in your health record with other staff and organisations. This could include:

  • Other healthcare professionals, such as doctors, pharmacists, and pathology and radiology staff involved in the analysis and reporting of diagnostic tests

  • Other hospitals and private sector organisations involved in your care

  • Local authority departments

  • Administrative support staff

Note that anyone who receives information from us also has a legal duty to keep it confidential.

We may also share information that identifies you, where:

  • You ask us to do so

  • We ask for specific permission and you agree to this

  • We are required to do this by law

  • We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed).

  • We do not give the names and addresses of patients/service users to other organisations except under the circumstances described in this Privacy Notice. Unless you have signed an additional consent, we will not contact you after your visit for purposes other than:

    • Follow up of care

    • Collecting your views about your stay with us

    • Settlement of any account that may be due, if appropriate

    • Complaints and concerns handling.

Exceptional Circumstance

Sometimes we have a legal duty to provide information about people; examples are reporting some infectious diseases, and when a court order instructs us to do so. Records may also be shared without the patient’s consent in exceptional situations, such as to safeguard adults or children.

Sharing your records outside the EU

If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU specifically to promote your ongoing care. This would normally be the doctor who referred you to us for treatment. If you wish, we can give you the documents so that you have physical control over this information.

In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions with regard to confidentiality and security in addition to the obligations imposed by the Data Protection Act 1998.

Exceptionally we may make use our suppliers are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.

Where necessary we may transfer personal information overseas for processing to support the long- term effectiveness of treatment and monitor patient outcomes. Personal information will be processed in this way where it is not possible to achieve this purpose with the use of anonymised or pseudonymised information only.

How can I stop my information from being shared?

Aesthetify Limited acts to provide information principally for other health and social care professionals who have requested this since they require further detailed investigations on their patients/service users. So naturally we will normally need to share this information with your doctor who has referred you to our service.

If you do not want us to share your information with your GP, other healthcare providers or carers, please tell the team looking after you. But please note that not sharing your information may affect the care that can be provided for you.

You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given to us to process information about you.

If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your professional, or email us typing ‘Opt Out Request’ in the subject line of the email.

Your Legal Rights

Aesthetify Limited is the Data Controller of the data it holds about its patients/service users and staff.

You have the right to confidentiality under the Data Protection Act 2018 (DPA), the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.

You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:

  • The right to obtain a copy of your record in permanent form;

  • The right to have the information provided to you in a way you can understand, and explained, where necessary, for example where abbreviations have been used. You would not be entitled to see information that:

    • Has been provided about you by someone else if they haven’t given permission for you to see it

    • Identifies another person who has not given permission for you to see the information about them

    • Relates to criminal offences

    • Is being used to detect or prevent crime

    • Could cause physical or mental harm to you or someone else. 
If you are currently receiving services from us and wish to view the record without obtaining a copy, discuss your request with the professional in charge of your care.

Obtaining a copy of your record

If you wish to apply for access to the information we hold about you:

  • You should send your request in writing to us.

  • You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth, any unique identifier number.

  • We will take every reasonable step respond to you within 40 days of receiving your request

  • You may be required to provide a form of ID before any information is released to you. 
Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.

This Privacy Policy is effective immediately and will remain in effect until further notice.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.