What does this notice cover?
What is personal data?
Personal data is defined as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’ by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) .
In simple terms, personal data is information that can be used to identify you. Personal information can be details such as name, and gender, but it also applies to more abstract data, such as IP address and location data.
The personal data that we use is detailed in the ‘What personal data do we collect?’ section.
What are your rights?
The information below gives you more information on the rights that you have regarding your data. All requests can be made on the data request page.
- The right to obtain access to the data that we hold in relation to you. You can request this data using the contact form.
- The right to data rectification. If you wish to correct personal data, you can request rectification using the contact form.
- The right to be forgotten. You have the right to have any personal data permanently removed.
- The right to restrict the use of your data.
- The right to data portability, which can be achieved in the form of a data request.
More detailed information on your rights can be found at the ICO website.
If you have an issue or complaint, you can contact us or lodge a complaint with the ICO.
What personal data do we collect from our websites?
- Email address
- Telephone numbers
- Treatments of interest
- Location in relation to nearest clinic
- Products purchased
Some of our contact and callback forms also contain a field where users can volunteer any other text information which they deem to be relevant.
The information from our forms is sent via secure email. Form information is not stored on the site, with the exception of purchases made at the shop.
What personal data do we collect from our external services?
- Digital photographs of before and after treatments with your permission
- three on your requirements following a consultation.
- Information such as age, gender and weight (when relevant)
- Medical history (when relevant)
- Address details
How do we use your personal data?
We have a responsibility to use your data lawfully and ethically. The primary use of your data is to provide you with a service. The information below provides more information:
- Supplying our services and products. We require certain information to enable us to provide services and enter into a contract with you.
- Providing a bespoke service, enabled by the personal information.
- Communication. We may need to communicate with you via phone, email, or SMS for the purposed of providing service.
- Supplying you with marketing information (only in the case where you an opted-in to this service)
- Assessing your progress and tailoring our service throughout the duration of a course of treatments.
With your explicit permission, we may use your data to inform you about special offers. You can opt-out of these communications at any time. We will never sell your data.
How long will we keep your personal data?
Your personal data will be kept for 3 years from the last point which in which we interact. You can request that we remove all alter your information at any time using our data request page.
How and where do we store or transfer your personal data?
Your data is securely stored in the UK and is protected by the GDPR regulations.
We do not store information you have provided on our web server.
Do we share your personal data?
Without your permission, we will not share your personal data with any external entity unless we are explicitly required to do so by law.
How can you access your personal data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and a copy of it. This is known as a “Data access request”.
You also have the right to request that any personal data be removed or changed.
Requests can be made in writing or by using our data request page.
There is not normally any charge for a data access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 14 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
How can you contact us?
You can contact us on [phone] or write to us at the appropriate address listed at the top of the page.
Changes to this privacy notice
Any changes will be made available on the website vivoclinic.com/privacy-policy