1) We respect your privacy.
2) We make sure that privacy and security are embedded in everything we do.
3) We will not send you marketing communications unless you have asked us to and we will stop immediately if asked to do so.
4) We will never sell your personal data.
5) We are committed to keeping your personal data safe and secure.
6) We only work, when necessary, wit partners compliant with the GDPR policy.
7) We are committed to being open and transparent about how we use your personal data.
8) We will not use your personal data in ways that we have not told you about.
9) We respect your rights, and will always try to accommodate your requests as far as possible, in line with our own legal and operational responsibilities.
The General Data Protection Regulation (GDPR) is a new European privacy law due to replace the existing EU Data Protection Directive on May 25, 2018. It is intended to enhance and harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
How to contact us
We support the GDPR and will ensure all Da Vinci Aesthetics services comply with its ordinances from May 2018. Not only is it an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.
• By contacting our Data Protection Officer at firstname.lastname@example.org
• If you desire to be contacted via telephone, please sent an email to the address above with your number and we will contact you as soon as possible
How we collect your information
We collect your personal information when you interact with us or use our services, such as when you use our Sites to request information or book a consultation. We also look at how visitors use our Sites, to help us improve our services and optimise customer experience.
We collect information:
◦ when you make an enquiry with us;
◦ when you request or pay for a product or service provided at Berkeley Square Medical (including for payments);
◦ when you contact us directly via email, phone, post, message or via our chat function; and
◦ when you browse and use our Site.
As part of our commitment to the privacy of our customers and visitors to our Sites more generally, we want to be clear about the sorts of information we will collect from you.
1. When you visit the Sites or make an enquiry through the Site, you are asked to provide information about yourself including your name, contact details, email address, and payment information such as credit or debit card information.
2. We also collect information about your usage of the Sites and information about you from any messages you post to the Sites or when you contact us or provide us with feedback, including via e-mail, letter, phone or chat function. If you contact us by phone, we may record the call for training and service improvement purposes, and make notes in relation to your call if they are relevant to your medical history.
3. We collect technical information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Sites or sending/receiving emails. We do this for the purpose of ensuring important emails we send you are opened and replied to where required.
4. We process all medical information about you, for example, if you specify any food allergies/medical allergies/current treatments etc.
Use of your information
We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. Da Vinci Aesthetics will have a lawful basis for processing your information: if we need to process your information in order to provide you with the service you have requested or to enter into a contract; we have your consent; we have a justifiable reason for processing your data; or we are under a legal obligation to do so.
1. Where we need to, in order to provide you with the service you have requested or to enter into a contract, we use your information:
– to enable us to provide you with access to the relevant parts of the Sites;
– to supply the services you have requested;
– to enable us to collect payment from you; and
– to contact you where necessary concerning our services to you.
2. We also process your data where we have a justifiable reason for doing so— for example personalisation of our service, including processing data to make it easier for you to make appointment bookings. We have listed these reasons below:
• to improve the effectiveness and quality of service that our customers can expect from us in the future;
• to enable our customer support team to help you with any enquiries or complaints in the most efficient way possible;
• to contact you for your views and feedback on services that we have provided to you and to notify you if there are any important changes or developments to the Sites or our services, including letting you know that our services are operating in a new area, where you have asked us to do so;
• to analyse your activity on the Sites so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud;
• to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect the rights of Da Vinci Aesthetics (including to prevent fraud);
3. Where we rely on legitimate interest as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests.
4. Where we are under a legal obligation to do so we may use your information to:
• create a records i.e Medical Records
• comply with any legal obligation or regulatory requirement to which we are subject.
1.We conduct fraud checks on all customers. Where we believe we may detect fraudulent activity we may block you from interacting with us and using our Site.
2. We share your information to our undertake fraud checks on all patients because this is necessary for us to perform our contracted services to patients, by ensuring that the services we provide are duly paid for, and also so that individuals themselves are protected from fraudulent transactions on their payment cards.
3. You have certain rights in respect of this activity – please see ‘Your Rights’ section below for more information. Our fraud detection is in place to protect all of our customers as well as Da Vinci Aesthetics. You have the right to contest any fraud decision made about you and to be given more information about why any such decision was made by contacting us as set out in section 1 above.
We will not retain your information for any longer than we think is necessary.
• Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of my information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting or record-keeping purposes.
• When determining the relevant retention periods, we will take into account factors including:
• our contractual obligations and rights in relation to the information involved;
• legal obligation(s) under applicable law to retain data for a certain period of time;
• the statute of limitations under applicable law(s);
• our legitimate interests where we have carried out balancing tests (see section on ‘How we use your personal information’ above);
• (potential) disputes; and
• guidelines issued by relevant data protection authorities.
• Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
Disclosure of your personal information
The information we collect about you will be transferred to and stored on our servers located within the EU. We are very careful and transparent about who else your information is shared with.
1. Sharing your information internally
We share your information with other Da Vinci Aesthetics group companies only where necessary for the purposes set out in section 4.
2. Sharing your information with third parties
We share your information with third-party service providers. The types of third party service providers whom we share your information with includes:
• Payment providers (including online payment providers and fraud detection providers): for the purposes of providing services to us, for example when they process information such as credit card payments for us, provide support services to you or carry out fraud checks for us;
• IT service providers (including cloud providers): for the purposes of data storage and analysis;
• Full-time staff members – at Da Vinci Aesthetics;
3. If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.
4. We may also share your information:
• if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement. This includes exchanging information with other companies and other organisations for the purposes of fraud protection and prevention, specialist referrals to fellow medical practitioners etc;
• in order to enforce our contractual terms with you and any other agreement;
• to protect the rights of Da Vinci Aesthetics including to prevent fraud.
We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected.
1. We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
2. Where you have chosen a password that allows you to access certain parts of the Sites, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
3. Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our Data Protection Officer using the contact details set out above. For additional information on your rights please contact your data protection authority and see below.
1. The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.
2. The right of access. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (see Contact Details).
3. The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in the information that we hold by contacting us (see Contact Details).
4. The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain information that we hold about you by contacting us (see Contact Details).
5. The right to restrict processing. You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.
6. The right to data portability. You have the right to obtain your personal information in an accessible and transferable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (see Contact Details).
7. The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
8. The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not, however, make unlawful our use of your information while consent had been apparent.
9. The right to object to processing.You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences or disabling cookies as set out in sections 7 and 8 above.
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
• Telephone number: 0303 123 1113
• Website: www.ico.org.uk