​

1. Introduction

This Privacy Policy details how we, Dr Gracia Rose Aesthetics collect, use and process personal data provided to us. If you have any questions on this Privacy Policy or otherwise relating to how we process your personal data you can contact us at drgraciaroseaesthetics@outlook.com

​

This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide your personal data to us. This means that we may be unable to provide any services to you. 

​

We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you of the updates if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any updates.

We are the controller of the personal data provided to us for the purposes of applicable data protection legislation.

​

2. What personal data is collected?

By personal data we mean identifiable information about you, such as your name, email address, gender, age, medical information, mobile and home telephone number and your IP address. 

​

We collect information from you:

•   when you make a booking.

•   when you visit a one of our practitioners for either a consultation or treatment appointment.

•   make an enquiry.

•   provide feedback or reviews to us.

•   when you sign up to marketing emails.

•   otherwise contact us including with queries, comments or complaints.

•   photographs or videos of the relevant treatment area

​

We do not knowingly collect personal data about any individual under the age of 18.

 

You may provide personal data to us directly, or to us through our social media platforms.

​

We shall process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory to be provided to us in order that we can deliver a service to you and we shall make this clear to you at the point of collection of the personal data.

​

If you provide to us personal data about any other individual, for example, if you wish to book an appointment for another individual, you must have their consent to do so.

​

When you contact us by email or post, we may keep a record of the correspondence.

​

3. How your information is used

Our use of your personal data will always have a lawful basis, either because it is necessary to complete a booking, because you have consented to our use of your personal data (e.g. by consenting to be contacted by your practitioner following treatment), or because it is in our legitimate interests.

​

We require the information outlined in the previous section to understand your needs and provide you with a better service, and in particular for the following reasons:

​

•   Internal record keeping.

•   Send you service emails/texts (booking confirmation and post treatment before and after photos).

•   Improve our products and services.

•   Send marketing communications if you have opted in to receive them.

•   We may use the information to customise the website according to your interests.
   

The lawful purposes that we rely on under this Privacy Policy are:

• consent (where you choose to provide it);

• performance of our contract with you;

• compliance with legal requirements; and

• legitimate interests.

 

When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.

​

If you wish to access and use our website as a client, we shall use your personal data to allow you to do so all in accordance with the Client Terms of Use via Glowday and we will contact you with prompts and reminders about any appointments you book.

​

We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety.

​

4. Information we automatically collect about you

When you use our website, we automatically collect and store information about your device and your activities. This information could include:

• technical information about your device such as type of device, web browser or operating system;

• your preferences and settings such as time zone and language;

• how long you used the website and which services and features you used.

 

Some of this information is collected using cookies and similar tracking technologies. 

​

5. Security

We shall process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate pseuonymisation and strong encryption electronic measures within our electronic data management systems.

However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.

​

6. Marketing

You may consent to receive marketing email messages from us about the services we offer. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.

If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. We will still contact you as necessary about any appointments you have booked.

​

7. Your rights

You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here

Right of access: You have the right to obtain from us a copy of the personal data that we hold for you.

Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.

Right to portability: You can request that we transfer your personal data to another service provider.

Right to restriction of processing: In certain circumstances, you have the right to require that we restrict the processing of your personal information.

Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. 

Right to stop receiving marketing information: You can ask us to stop sending you information about our services, but please note we shall continue to contact you in relation to any necessary contact regarding your treatment. 

We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.

If you have any complaints in relation to this Privacy Policy or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time.You can also contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority

​

8. Retention of personal data

Subject to the provisions of this Privacy Policy, we will retain personal data in accordance with applicable laws.

In particular, we shall retain your personal data for as long as you are a client and for sufficient time in order to deal with any issues that might arise. 

​

9. General

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect. This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.

 

Last updated: October 2022