For purposes of this Agreement, “Service” refers to the Company’s service which can be accessed via our website at www.oxfordaesthetics.co.uk or through our mobile application. The terms “we,” “us,” and “our” refer to the Company. “You” refers to you, as a user of Service.
Information we Collect
We may collect both “Non-Personal Information” and “Personal Information” about you. “Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. “Personal Information” includes information that can be used to personally identify you, such as your name, address and email address.
In addition, we may also track information provided to us by your browser or by our mobile application when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We use this information for, among other things, the operation of the Service, to maintain the quality of the Service, to provide general statistics regarding use of the Service and for other business purposes. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of the Service may not work properly.
When do we collect your personal data?
- When you visit our website and use our ‘contact us’ online form
- When you engage with us on social media
- When you email or telephone us directly
- When you book a consultation with us
- When you comment on or review our services
- When you attend for a consultation and/or treatment
What personal data do we collect?
- Your name, email address, date of birth, address and contact telephone number
- Your social media username, if you interact with us through those channels
- Your full and complete medical history including medication history and allergies as well as some relevant lifestyle information. This will be recorded during your consultation to allow us to treat you safely. Your data may be written down or stored on a computer
- Your GP details with your consent (only to be used in an emergency)
- Details of the treatment we provide and products used
- Pre- and post-treatment photographs (this is a medico-legal requirement)
- Your comments and feedback
Data usage and sharing
In general, we do not sell, trade, rent or otherwise share your Personal Information with third parties without your consent. We may share your Personal Information with vendors and other third-party providers who are performing services for the Company. In general, the vendors and third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide for the Company. For example, when you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery, or return a purchase, you consent to our collecting and using such personal information for that specific purpose, including by transmitting such information to our vendors (and their service providers) performing these services for the Company.
However, certain third-party service providers, such as payment processors, have their own privacy policies in respect of the information that we are required to provide to them in order to use their services. For these third-party service providers, we recommend that you read their privacy policies so that you can understand the manner in which your Personal Information will be handled by such providers.
How and why do we use personal data?
- To respond to any questions, feedback or appointment requests
- To ensure we have a full and up to date record of your medical history in order to perform safe treatments. This is a medico-legal requirement.
- To respond to any potential complaints
- To process payments and to prevent fraudulent transactions
- To keep you informed by email about relevant products and services including tailored special offers, promotions and events. This would be with your consent only, and you are free to opt out of hearing from us at any time
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice.
- To process your consultation/treatment requests. Sometimes, we will need to share your details with a third party who is providing a service (such as the clinic in which we are performing your consultation, or the pharmacy from which we are ordering a prescribed treatment). Information is held solely for the purpose of your health and wellbeing and will only be shared with practitioners and agencies involved in your treatment and care.
- To comply with our contractual or legal obligations to share data with law enforcement.
How long will we keep your personal data?
· Electronic data will be kept indefinitely, and paper documentation for 10 years after a client is deceased.
How we protect your personal data
- All Oxford Aesthetics staff members have a duty of confidentiality
- We store your files appropriately and only relevant members of staff have access to your records.
- We use online software that is fully compliant with GDPR meaning all data is stored securely with the highest level of cyber encryption
- Where paper documentation is made, this is stored in a locked facility to which only the treating practitioner has access
- The organisation actively implements and regularly audits security measures, to ensure your information is safe
Who might we share your personal data with?
As mentioned above, it is sometimes necessary to share your personal data with trusted third parties. This is never for marketing purposes and we only provide the information they need to perform their specific services.
Examples of the ways in which we work with third parties are:
- Providing your name to the clinic reception in which we are operating, such that they can greet you for your appointment
- Providing a prescription to the pharmacy from which we order our products (Wigmore Medical and Health Xchange) which will require your name, date of birth and address
- Reporting adverse events to the manufacturers of the products we use, or the Aesthetics Complications Expert (ACE) Group
- For fraud management, we may share information about fraudulent or potentially fraudulent activity, which may include sharing data about individuals with law enforcement bodies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you, free of charge. We will provide this information within 30 days of a formal written request.
- The correction of your personal data when incorrect, out of date or incomplete.
Links to other websites
Age of consent
By using the Service, you represent that you are at least 18 years of age.
Merger or acquisition
Email communications and opting out
We will send you Service-related announcements on occasions when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, or a new enhancement is released, which will affect the way you use our Service, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature. Based upon the Personal Information that you provide us, we may communicate with you in response to your inquiries to provide the services you request and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes. We may also use your Personal Information to send you updates and other promotional communications. If you no longer wish to receive those email updates, you may opt-out of receiving them by following the instructions included in each update or communication.