PRIVACY POLICY
Derma Beauty Clinic is a trading name of Derma Beauty Clinic Limited. We provide high-quality beauty and cosmetic treatments, complementary therapies, and training courses. Our privacy notice is a document that publishes the way we as a business gather, hold, communicate, and manages our information. It fulfils a legal requirement to protect your ‘right to privacy and our responsibilities as a business.
​
You have the right to be informed about the collection and use of your personal information. This is a key requirement of the data protection regulations and this privacy notice aims to provide you with the information relating to: (a) how we lawfully use your information; (b) the purpose for which; and (c) the manner in which your information is controlled and remains secure giving you an opportunity to review and object to how your information is being processed.
​
Derma Beauty Clinic is the controller for the personal information we process, unless otherwise stated. Should you have any questions relating to the use of your information please contact Leanne Power, the data protection officer. There are many ways you can do this, including by phone, email and post. All our contact details can be found at the end of this privacy notice.
Derma Beauty Clinic wishes to remain open about the information we’re collecting about you, why it’s needed, how it’s being processed and who has access to it. This notice provides you with all the information necessary to ensure you retain the confidence that your personal information is protected from misuse and is being used and treated as you would expect.
This notice will cover the following:
-
Information relating to Derma Beauty Clinic, including how to contact us
-
Our commitment to you
-
The information we hold about you
-
How we collect your information
-
Who/why we sometimes share your information
-
How we use your information
-
How we protect your information
-
How long we keep your information
-
Your ‘right to privacy
Our Commitment to You
Derma Beauty Clinic commits to:
-
value the personal information entrusted to us and make sure we respect that trust
-
follow all laws and regulations when it comes to handling personal information, and adopt good practice standards
-
consider and address the privacy risks first when we are planning to use or hold personal information in new ways, such as when introducing new systems
-
be open with individuals about how we use their information and whom we share it with
-
make it easy for individuals to access and correct their personal information
-
keep personal information to the minimum necessary and delete it when we no longer need it
-
have effective safeguards in place to make sure personal information is kept securely and does not fall into the wrong hands
-
ensure staff who handle personal information, treat it as a disciplinary matter if they misuse or don’t look after personal information properly
-
put appropriate financial, technical and protective measures in place when looking after personal information to make sure we can live up to our promises
-
regularly check that we are living up to our promises and report on how we are doing
The information we hold about you:
Personal information is any information that relates to, or can be related back to you. This can include your name, contact details or any other information we gather as part of our relationship with you.
​
The information we hold can be categorised into several key groups, known as ‘information categories’. These categories cover all the information requirements needed to provide you with the various products and services offered by Derma Beauty Clinic, many of which may be applicable to you based on the contractual relationship you have with us.
These categories are:
Who you are: such as name, age and identification
Where you are: such as your home, work or email addresses together with telephone contact numbers
How you pay: such as your payment history (no bank or payment details are retained)
What you have: such as the products and services you have or had with us and your written consent to undertaking any treatment and your agreement to using any images obtained during or after treatment for use on our own website and social media platforms (including Facebook, Instagram and Twitter)
What qualifications you hold including certificates, if applicable
What we require: such as health and allergy matters. The collection and use of this information is subject to stricter controls and its use remains limited.
On occasions, we may require information outside of the categories listed above. This information may relate to things such as, dietary requirements [if we are arranging catering for you]. Information requested of this nature will often require your consent; as such you will be notified of this at the relevant time before its collection or use.
How we collect your information
The majority of personal information we process is provided directly by you, for one of the processing activities we have listed in the ‘how we use your information section’.
In addition to this, there are also multiple other collection methods used by Derma Beauty Clinic, which vary dependant on the types of services or information categories in question.
These methods are:
Direct collection: As we mentioned earlier, this method of collection applies when you provide Derma Beauty Clinic with the information directly. This can be either; over the phone, in person, via our website, during an event, on a form/questionnaire or simply through postal or email communication responses.
Technical collection: Derma Beauty Clinic may collect information based on your access/booking platforms such as our client portal and website. Additional information, such as; usernames and passwords and booking preferences may be captured – these are based solely on the types of products/services or interactions we have with you so may not always be relevant and as such will not be captured.
Legal collection: This method relates to information collected to satisfy any legal, insurance or regulatory requirements.
How we use your information General
Derma Beauty Clinic will only process (i.e. use) your information where we have a legal or regulatory and proportionate basis to do so, in accordance with our ‘commitments to you’ and our legal requirements.
​
The legal basis for ‘use’ will form at least one of the following categories:
Your consent: This basis is used when we have provided you a choice on how your data is used and you agree [consent] that Derma Beauty Clinic can use your data as we have described for that specific purpose.
​
Your contract with us: This basis is used when we need your information to deliver the terms of our contract with you. Whilst your ‘right to privacy’ remains, information used for this purpose cannot be restricted or removed without possibly disrupting the contracted services you have with us. The impact of which may result in the failure to provide the agreed services or the subsequent cancellation of the contracted services.
​
Our ‘legal’ obligation: This basis is used when Derma Beauty Clinic must comply with a legal or regulatory obligation.
​
Our ‘legitimate interests’: This basis is used when Derma Beauty Clinic feel it is within our own interests to use your information, in a lawful capacity by taking both your ‘right to privacy’ and the needs of the business (to deliver its services to you); into consideration.
​
Derma Beauty Clinic will never use your information when our own interests supersede your overall right to privacy or the legal basis for which we can process your information. If you have any concerns relating to how your information is used, please contact the data protection officer immediately.
​
Direct Marketing
Derma Beauty Clinic will never send ‘direct marketing’ communications to you unless you subscribe. You will be provided with details of your options either: (a) when you join Derma Beauty Clinic as a client; (b) if you attend an event in which you agree to receive promotional materials.
.
To unsubscribe from direct marketing communications, please contact Derma Beauty Clinic data protection officer. See ‘contact us’ for further details
If you accept and subscribe to direct marketing communications, the mailings sent to you will be designed/created by Derma Beauty Clinic
Derma Beauty Clinic, does not share, allow access to, or sell your information to third parties for additional marketing purposes, unless express consent is obtained from you and we are transparent and details contained in our communications on the matter.
How we protect your information:
We apply the highest standards of security when it comes to hosting and protecting information.
​
We have policies and technical measures in place to protect your personal data against unauthorised access, accidental loss, improper use and disclosure. All of our employees and any third parties we engage to process your personal information are obliged to respect the confidentiality of your information and thorough due-diligence checks are carried out.
We do not sell, rent, distribute or otherwise make personal information commercially available to any third party, except as described in this policy or with your prior permission.
How long we keep your information:
We will only use/store your information for as long as we are permitted to do so. Often this is based on the purpose upon which we collected the information in the first instance. However, there are a few exceptions in which it may be kept for longer. These are; (a) where legal or regulatory obligations require us to keep the information for longer or for a specified period, or: (b) until the expiry of any limitation period in relation to potential insurance claims us or: (c) until the expiry of any limitation period in relation to potential claims made by us.
​
Derma Beauty Clinic has a retention policy which ensures data is kept only for as long as it is needed and to satisfy any/all statutory or other legal obligations regarding the retention of such records. This information can be requested upon request.
​
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accountancy or reporting requirements as part of a contract.
To determine the appropriate retention period, Derma Beauty Clinic will consider: (a) the amount; (b) its nature; (c) its sensitivity; (d) the potential risk of harm from unauthorised use or disclosure; (e) the purposes for which it’s processed; (f) whether we can achieve those purposes through other means, and (e) the applicable regulatory or legal requirements..
Your ‘right to privacy’
Derma Beauty Clinic respects your right to privacy and will act in accordance with the latest privacy laws and security frameworks to ensure we meet our underlying commitment to you, as set out by this notice.
​
Further information relating to your rights can be found on the Information Commissioners Office website. www.ico.org.uk
In summary, you have the:
-
right to know how your Information is processed by Devine Cosmetics Training Academy
-
right to obtain copies of the information Derma Beauty Clinic holds, including how it’s processed and by whom
-
right to correct any mistakes made to your information
-
right to request that your information is deleted (in certain circumstances)
-
right to object if you feel your information is not being processed securely or lawfully
-
right to restrict the use of your information in specific areas, such as ‘marketing’ communications
right to know how decisions, which are automated, are madePlease contact our data protection office immediately should you wish to exert any of these rights. No fees are due to exercise these rights, unless they are deemed to be excessive, spurious or repetitive – in any case we will contact you directly to discuss the matter further.
Contacting Derma Beauty Clinic General
Derma Beauty Clinic data protection officer is Rachel Londors.
If you’d like further information relating to this privacy notice or wish to: (a) log a complaint: (b) report an incident: or (c) request the information that we hold about you; or any other data protection related query – please contact our data protection office via post or by email.
FAO: Rachel Londors [Data Protection Officer]
Derma Beauty Clinic Ltd, 164 queens road, Buckhurst Hill IG9 5BD
Email: info@derma-beauty-clinic.com
​
It is important that the information we hold about you remains accurate at all times. Please keep us informed should any of your details change using the contacts above.
For general enquiries, please allow up to seven working days for a response.
You always have the option to raise your concerns directly with the Information Commissioners Office, whether you’ve raised the matter with Derma Beauty Clinic already or not. This is your right.
​
Information requests [subject access request]
You have the right to access/request the information that Derma Beauty Clinic holds about you. This is often referred to as subject access. You can make a subject access request in person, verbally or in writing. Subject access requests help you to understand how and why we are using your data, and to check that it’s being handled lawfully and is acceptable to you.
Derma Beauty Clinic have one month to respond/fulfil your request, there is no fee for this service.
​
Information requests will be responded to within the regulatory guidelines, unless the complexity or volume of information requested impacts upon these timescales. In such cases, we will notify you directly to discuss completion dates.
​
Incidents or complaints:
Incidents and/or complaints relating to Derma Beauty Clinic use or controls around your personal information are taken very seriously and we encourage you to bring any instances to our attention which you feel is unfair, misleading or inappropriate.
An incident can be anything from: (a) failure to notify you of an activity in which your data is being used; (b) the loss of personal information relating to you; (c) the vulnerability or potential misuse of personal information relating to you; (d) unlawful access or damage to your personal information.
​
Our data protection officer has the responsibility to coordinate any/all responses relating to an incident or complaint and will ensure that each matter is brought to its sensible conclusion within the expected timeframes and in accordance with the directions set out from within this policy.
​
Derma Beauty Clinic is required by law to inform the Information Commissioners Office when an incident or complaint causes significant damage(s), upset or discomfort to you. The data protection officers’ duty is to ensure any/all notifications of this nature are carried out within 72 hours of being made aware of the incident or complaint.
​
On occasions, we may need to request further information from you in order to: (a) confirm your identity; (b) exercise your rights; or (c) to ensure we possess the necessary information to investigate the matter in hand. Any/all information we capture at this stage will be treated in the same manner as set out from within this privacy notice.
​
Notifications to the ICO or other interested parties (in the matter above), may require the further use (communication) of your personal information. In any case, this information will be used only for the purposes of the notification in question and will not be processed by any other means. Anonymisation will be used when possibly and/or when it is deemed suitable.
To ensure Derma Beauty Clinic prevents repeated incidents involving personal information, extracts from incidents or complaints raised will be used as case studies to strengthen corrective actions and build stronger privacy practices across the firm. These case studies contain no personal information and any/all references to individuals will be removed. Phrases such as ‘customer’, ‘client’ or ‘employee’ will be used as substitute.