VSP Skin and LASER Clinic is committed to respecting and protecting a Client’s privacy We aim to ensure that any personal data provided, is managed in accordance with the General Data Protection Regulations (GDPR).  We have committed to a Policy of protecting the rights and privacy of Individuals, Clients, Staff and others, in accordance with the GDPR.

To comply with various legal and insurance obligations, including the obligations imposed by the GDPR, VSP Skin and LASER Clinic is committed to being transparent about how it collects, uses and stores your personal information.

Please note that our Privacy Notice applies to information collected through our website, on-site at the clinic, field sales, exhibitions and events.

It is important that you read this Policy so that you are aware of how and why VSP Skin and LASER Clinic is collecting, using and storing your personal data.

There is important information about your rights which we have summarised and explained in the ‘What are my rights’ section of this Privacy Notice.

All data that we use, collect and store are obtained for service and business-related purposes such as personalisation of content, business information, user experience, account setup, administration, delivering marketing and events communications, carrying out polls and surveys, internal research and development purposes, providing goods and services, legal obligations and meeting internal audit requirements. Please note that this is not an exhaustive list and will be subjective to review.

OUR CONTACT DETAILS

VSP Skin and LASER Clinic
25 High Street
West Drayton
Middlesex
UB7 7QG

Tel:  01895 449279
Email:  info@vspclinic.co.uk

WHO IS THE DATA CONTROLLER?

Here at VSP Skin and LASER Clinic the Data Controller is our Director Miss Sonia Shah.  She can be contacted on 01895 449 279 or info@vspclinic.co.uk.

WHO ARE THE DATA PROCESSORS?

Here at VSP Skin and LASER Clinic all members of staff are Data Processors, whether employed or self-employed and authorised personnel.

WHAT LEGAL BASIS DO WE HAVE FOR PROCESSING YOUR DATA?
  • Consent:
    • In order for us to provide a product and/or treatment for you, you will be giving us clear consent for us to process your personal data for this specific purpose.
    • For marketing purposes, contact details will only be used by our in-house marketing department to provide you with information about our products and services which may be of interest to you.
    • Please note that we have a separate photographic consent form which will be available at your first treatment.
    • To comply with a legal obligation, for example to comply with money laundering checks.
  • Contract: As we are providing you with a product and/or treatment, we are entitled to process your information in order to provide the product and/or treatment.
  • Vital Interest: In order to protect your skin’s integrity, we will be collecting and processing information that fall under special categories of personal data.
  • Legitimate Interest: We will process your data to provide you with suitable goods and services.
WHEN DO WE COLLECT YOUR DATA?

VSP Skin and LASER Clinic collects Personal Data when it is given to us, via our website, email, at a Clinic appointment or event, or over the phone.  Data may also be given to us by Third Parties such as Distributors or Manufacturers where individuals have expressed an interest in one or more of the Products and Treatments we offer.

Where you have provided your data to a third party, for the specific purpose of receiving products or treatments, we will advise you that we have received personal data about you and confirm the source, and we will check whether you are happy for us to engage in any further communications with you.

Please note that we do not purchase or sell Data.

WHOSE PERSONAL DATA DO WE COLLECT?

We collect Data from:

  • Individuals who have expressed their interest in our Treatments when registering their interest on our website, walk-ins, or social media platforms.
  • Individuals who have expressed interest at launch events, field sales or open evenings.
  • Individuals who have had Treatments.
  • Individuals who have bought products.
  • Recommendations by other Clinics, Beauty or Aesthetic Companies.
  • Individuals who have expressed an interest via distributors or manufacturers.
  • Interactions with VSP members of Staff.

Please note that Anonymized Data and Data relating to a deceased person is/are not subject to GDPR.

WHAT PERSONAL DATA DO WE COLLECT?

VSP Skin and LASER Clinic collects and stores Personal Data that is given to us by an individual through the various platforms mentioned above under “when do we collect your Data?”.

We collect and store the following data:

  • Identity data: Includes names, date of birth and marital status.
  • Profile data: Appointments, treatments at the clinic, treatments previously done, treatments expressed interest in, products bought from the Clinic, products previously used, expectations, habits, lifestyle choices.
  • Special categories of personal data: Relevant medical information, sex, gender, race or ethnicity, religious or philosophical beliefs, sexual orientation, health and genetic information. Depending on how you use our facilities you may choose to volunteer information about your personal and/or work circumstances. Please be aware that you are responsible for deciding what information or profile information you are choosing to share with us.
  • Contact data: Including all methods of contact you give to us such as your email address, telephone numbers, home and/or work address, including application platforms such as Whatsapp.
  • Photograph data: This would include all photographs including Scanned images taken of the Client, Treatment Area and those sent to us via digital platforms.
  • CCTV data: Video and still images of individuals who enter the signposted areas of the Clinic premises inside and outside.
  • Financial data: You may provide us with financial details such as bank account and payment debit and credit card details via telephone or in the Clinic.
  • Transaction data: This may include details about previous transactions, products or treatments you have with us or transactions, products, services or treatments which you are interested in accessing.
  • Business Transaction Data: In case we decide to merge/acquire an organization or if we sell an asset, the personal data may be transferred. If any of this happens, we will inform the Users.
  • Technical data: Our website may obtain your internet protocol (IP) address, your log in data, browser type and version, time zone setting and location, browser plug in type and versions, operating systems and platform and other technology or the devices you use to access the clinic website.
  • Usage data: Includes information about how you use our website and what treatments and products you have bought, had or used in Clinic.
  • Marketing Communications data: We do not directly collect marketing and communications data through our website traffic but as a result of using our website you may link into our marketing tools in which you can indicate your preferences in terms of receiving marketing from us and your communication preferences; you may also indicate your preferences when you attend or visit our Clinic.
  • Survey data: You may choose to provide us with personal data in completing any surveys.

We also collect, use and share:-

  • Aggregated Data such as statistical demographic data for any purpose. Aggregated data may be derived from your personal data, but it is not considered personal data in law as this data does not directly or indirectly reveal your identity. We will aggregate your Usage Data to collect the percentage of users accessing a specific website feature, treatments or products.  We do not combine or connect aggregated data with your personal data so that it can never directly or indirectly identify you.
  • Product, Photographic and Treatment Data: Depending on the level of consent you have given us we may share the data with our distributors, manufacturers, insurance company, social media platforms and other colleagues in the same industry. Please note that in the event of possible litigation or a reaction we will share the information with our insurance company, distributors and manufacturers.

We do not collect some of the special categories of personal data about you intentionally.  This would include details about your political opinions, trade union membership and biometric data.  Nor do we collect any information about criminal convictions and offences.

WHY DO WE COLLECT AND STORE YOUR DATA?

It is important for us to collect, use and store the identity of individuals are so that we can ensure to provide safe and effective treatments and treatment plans. It is also important to meet the business’s legal obligations, for example, to prevent fraud.

We need to have contact data to be able to communicate with individuals in respect to the running of the Clinic such as taking payment, booking or cancelling appointments.  If individuals have subscribed or opted in to receive Marketing Communications we would use the Contact data to send out marketing information such as information requested about products or treatments, or other treatments that we think you may find beneficial or interesting.

You can opt in and out of marketing communication at any time, using our ‘subscribe’ and ‘unsubscribe’ options via email or verbally with our in-clinic team members.

The information we request under Profile data and Special Categories of Personal Data is to ensure we are complying with the training given to us by manufacturers and distributors of the products and treatments we sell.  We must ensure the suitability of a treatment and/or product by asking these questions.  If a piece of information is given that is considered a contraindication, the treatment or product will not be sold.  We also have to consider that not everyone is the same and that from time-to-time individuals can react differently.  If an individual has shown an unwanted reaction to the treatment or service, we would have to share that information with the insurance company, the distributors and manufacturers.

We are required by our insurance company, distributors and manufacturers to take photographs of the treatment area.  This is to protect an individual and ensure the individual that they are receiving the optimal product or treatment.  It helps to monitor the progress of the treatment.  The level of consent you give will determine who will have access to this data.

CCTV data is collected to protect all individuals who are attending the Clinic from disputes, criminal activities and to prevent criminal activities.

We will need to store financial data for when you may set up direct debits through a system we use called GoCardless.  We will also need to take payment over the phone, but we will not retain your credit/debit card details. This is to set up your account to take payment.

WHERE AND HOW WILL THE DATA BE USED AND STORED?

In order to prevent unauthorised access, maintain data accuracy and to ensure the correct use of information, we have in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect.

The data will be used to assess suitability of products and treatments, and to create appropriate treatment plans. If you have opted in to marketing communication data, used for marketing and events communication and we may also use the data for research and development purposes.

At VSP Skin and LASER Clinic we will be storing data on several platforms.  They may be stored in hard copy (paper or manual files) and soft copy (electronic records, photographs and CCTV images).  We may also hold facts or opinions about a person.

All information is kept safe, secure, password protected and encrypted in the Clinic. VSP Skin and LASER Clinic has policies and procedures in place to ensure that only authorised personnel, with defined roles and responsibilities, can access this information, which is stored and handled in a secure and sensible manner.

VSP Skin and LASER Clinic holds regular security audits. All systems that can access your information have proportionate and reasonable security measures in place.

Our trusted suppliers have access to your personal information:

  • HubSpot
  • WhatsApp
HOW WE USE AUTOMATED DECISION MAKING AND PROFILING

We do not use automated decision making and profiling

WHO WILL HAVE ACCESS TO AN INDIVIDUAL'S DATA?

The data controller and data processors will have access to the data on a daily basis.  This will include consultants, employees and self-employed individuals.  As a matter of best practice, other agencies and individuals working with VSP Skin and LASER Clinic, who have access to personal information, will be expected to read and comply with this policy.

We may also share data with our manufacturers and distributors.

WILL WE SHARE AN INDIVIDUAL'S DATA?

We will not buy or sell data.

We may have to disclose your personal data in good faith for the following purposes (and is not limited to): To fulfil a legal obligation, to protect against legal liability, to defend the rights of the VSP Skin and LASER Clinic, to determine maximum efficacy in a treatment plan, to determine any violation in using this service and to strengthen the safety of users of this service.

We have ensured that we obtain the right consent from individuals.  We will only be sharing data depending on the level of consent given by an individual, for insurance, educational and research purposes with our colleagues (employed and not employed by VSP Skin and LASER Clinic), distributors and manufacturers.  Please note that a Product or Treatment A will only be communicated to Distributors or Manufacturers of Product or Treatment A. If and when data is shared, it will be shared electronically or in person. Data will be password protected and/or encrypted.

WILL MY DATA BE TRANSFERRED OUTSIDE OF THE UK, IF SO, WILL MY DATA BE SAFE?

VSP skin and LASER clinic currently uses products and equipment whose head offices are in the United States of America, Spain, Poland, France, and Germany. In instances of litigation, insurance claims and reactions we may need to share and transfer data. We will endeavor to ensure that appropriate safeguards are put in place to ensure safe transfer of data.

HOW LONG IS MY DATA KEPT FOR?

We reserve the right to amend our storage policies from time to time. Currently, physical files, papers and electronic data are securely stored for a period of 12 years. Certain personal information must be acquired and retained for legal and regulatory reasons or as part of our insurance requirements. Certain data is retained for a longer period.

WHAT ARE YOUR RIGHTS?

GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • The right related to automated decision making and profiling

If you wish to exercise any of the rights set out above, please contact us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

DOES THIS POLICY APPLY TO OUR WEBSITE?

Yes. This privacy policy applies to our website.

WEBSITE POLICY

You can browse our website without entering any personal information. However, our website anonymously logs your IP address (which identifies your computer) and browser type (the computer programme you use to access the internet), to provide you with the best possible user experience. Every so often we analyse our IP address logs so that we can more effectively market our products and services to our website visitors.

Any queries or concerns should be sent to the management team at info@vspclinic.co.uk or on 01895 449 279.

Alternatively, you can contact the Information Commissioner on 0303 123 1113. More information can be obtained from www.ico.org.uk/concerns

DEFINITIONS

VSP Skin and LASER Clinic is referred to as “us”, “we”, or “our” on this page. We operate https://vspclinic.co.uk, products and treatments which are termed as “service” on this page.

We have also tried to help you with some terms and how they are used.

  • Service: Service is the https://vspclinic.co.uk, products and treatments operated by VSP Skin and LASER Clinic.
  • Cookies: Cookies represent information that is stored by websites in your browser to boost website loading times and to achieve other functional benefits.
  • Usage Data: Usage Data is data that is automatically generated by this Service by using the activities of the users on this Service.
  • Personal Data: Personal Data is the data about a living individual who can be identified by using that data.
  • Anonymized Data: This is removing personal identifiable information, so that the individual concerned cannot be identified
  • Data Controller: Data Controller is a person who determines how the personal data of users will be processed and used. For this service, we are the Data Controller of your Personal Data.
  • Data Subject/User: A User is a living person who uses this Service and is the subject of Personal Data.
  • Data Processors/Service Providers: Data Processor or Service Provider means any natural or legal person who processes the data on behalf of the Data Controller. We use the services of various Service Providers to make the data processing effective.
  • Clients: Individuals who have received products and treatments, registered their interest on the service at VSP Skin and LASER Clinic.
  • Products:  Are items sold by the Clinic that have been supplied by the authorized distributors.
  • Treatments: This is not an exhaustive list and includes skin peels, skin needling, skin resurfacing, mesotherapy, cryo-stimulation/cryotherapy, LED therapy, facials.
  • Training: when an individual attends the Clinic to be taught by an authorized trainer.