1. Intro­duc­tion

1.1    We are com­mit­ted to safe­guard­ing the pri­va­cy of our web­site vis­i­tors and ser­vice users.

1.2    This pol­i­cy applies where we are act­ing as a data con­troller with respect to the per­son­al data of our web­site vis­i­tors and ser­vice users; in oth­er words, where we deter­mine the pur­pos­es and means of the pro­cess­ing of that per­son­al data.

1.3    We use cook­ies on our web­site. Inso­far as those cook­ies are not strict­ly nec­es­sary for the pro­vi­sion of our web­site, we will ask you to con­sent to our use of cook­ies when you first vis­it our web­site.

1.4    In this pol­i­cy, “we”, “us” and “our” refer to Renew Skin & Health Clin­ic Ltd. [ For more infor­ma­tion about us, see Sec­tion 19.]

  1. How we use your per­son­al data

2.1    In this Sec­tion 2 we have set out:

(a)    the gen­er­al cat­e­gories of per­son­al data that we may process;

(b)    the pur­pos­es for which we may process per­son­al data; and

©    the legal bases of the pro­cess­ing.

2.2    We may process data about your use of our web­site and ser­vices (“usage data”). The usage data may include your IP address, geo­graph­i­cal loca­tion, brows­er type and ver­sion, oper­at­ing sys­tem, refer­ral source, length of vis­it, page views and web­site nav­i­ga­tion paths, as well as infor­ma­tion about the tim­ing, fre­quen­cy and pat­tern of your ser­vice use. The source of the usage data is our ana­lyt­ics track­ing sys­tem. This usage data may be processed for the pur­pos­es of analysing the use of the web­site and ser­vices. The legal basis for this pro­cess­ing is our legit­i­mate inter­ests, name­ly mon­i­tor­ing and improv­ing our web­site and ser­vices.

2.3    We may process your per­son­al data (“account data”). The account data may include your name, email address, phone num­ber and your address. The source of the account data is you. The account data may be processed for the pur­pos­es of processed your enquire, pro­vid­ing our ser­vices, ensur­ing the secu­ri­ty of our web­site and ser­vices, main­tain­ing back-ups of our data­bas­es and com­mu­ni­cat­ing with you. The legal basis for this pro­cess­ing is the con­sent our legit­i­mate inter­ests, name­ly the prop­er admin­is­tra­tion of our web­site and busi­ness.

2.4    We may process your infor­ma­tion includ­ed in your per­son­al pro­file on our CRM sys­tem (“pro­file data”). The pro­file data may include your name, address, tele­phone num­ber, email address, gen­der, date of birth. The pro­file data may be processed for the pur­pos­es of processed your enquire or inform you about pro­mo­tions regard­ing a con­di­tion which you enquired.

2.5    We may process infor­ma­tion con­tained in any enquiry you sub­mit to us regard­ing goods and or ser­vices (“enquiry data”). The enquiry data may be processed for the pur­pos­es of offer­ing, mar­ket­ing and sell­ing rel­e­vant goods and or ser­vices to you. The legal basis for this pro­cess­ing is con­sent which you give us tick­ing the check­box “I agree”.

2.6    We may process infor­ma­tion relat­ing to trans­ac­tions, includ­ing pur­chas­es of goods and ser­vices, that you enter into with us and/or through our web­site (“trans­ac­tion data”). The trans­ac­tion data may include your con­tact details, your card details and the trans­ac­tion details. The trans­ac­tion data may be processed for the pur­pose of sup­ply­ing the pur­chased goods and ser­vices and keep­ing prop­er records of those trans­ac­tions. The legal basis for this pro­cess­ing is the per­for­mance of a con­tract between you and us and/or tak­ing steps, at your request, to enter into such a con­tract and our legit­i­mate inter­ests.

2.7    We may process infor­ma­tion that you pro­vide to us for the pur­pose of sub­scrib­ing to our email noti­fi­ca­tions and/or newslet­ters (“noti­fi­ca­tion data”). The noti­fi­ca­tion data may be processed for the pur­pos­es of send­ing you the rel­e­vant noti­fi­ca­tions and/or newslet­ters. The legal basis for this pro­cess­ing is con­sent or the per­for­mance of a con­tract between you and us and/or tak­ing steps, at your request, to enter into such a con­tract.

2.8    We may process infor­ma­tion con­tained in or relat­ing to any com­mu­ni­ca­tion that you send to us (“cor­re­spon­dence data”). The cor­re­spon­dence data may include the com­mu­ni­ca­tion con­tent and meta­da­ta asso­ci­at­ed with the com­mu­ni­ca­tion. Our web­site will gen­er­ate the meta­da­ta asso­ci­at­ed with com­mu­ni­ca­tions made using the web­site con­tact forms. The cor­re­spon­dence data may be processed for the pur­pos­es of com­mu­ni­cat­ing with you and record-keep­ing. The legal basis for this pro­cess­ing is our legit­i­mate inter­ests, name­ly the prop­er admin­is­tra­tion of our web­site and busi­ness and com­mu­ni­ca­tions with users.

2.10  We may process any of your per­son­al data iden­ti­fied in this pol­i­cy where nec­es­sary for the estab­lish­ment, exer­cise or defence of legal claims, whether in court pro­ceed­ings or in an admin­is­tra­tive or out-of-court pro­ce­dure. The legal basis for this pro­cess­ing is our legit­i­mate inter­ests, name­ly the pro­tec­tion and asser­tion of our legal rights, your legal rights and the legal rights of oth­ers.

2.11  We may process any of your per­son­al data iden­ti­fied in this pol­i­cy where nec­es­sary for the pur­pos­es of obtain­ing or main­tain­ing insur­ance cov­er­age, man­ag­ing risks, or obtain­ing pro­fes­sion­al advice. The legal basis for this pro­cess­ing is our legit­i­mate inter­ests, name­ly the prop­er pro­tec­tion of our busi­ness against risks.

2.12  Please do not sup­ply any oth­er person’s per­son­al data to us, unless we prompt you to do so.

  1. Auto­mat­ed deci­sion-mak­ing

3.1    We will use your per­son­al data for the pur­pos­es of auto­mat­ed deci­sion-mak­ing in rela­tion to your enquire.

3.2    This auto­mat­ed deci­sion-mak­ing will involve all your per­son­al data nec­es­sary to process your enquire.

  1. Pro­vid­ing your per­son­al data to oth­ers

4.2    We may dis­close your per­son­al data to our insur­ers and/or pro­fes­sion­al advis­ers inso­far as rea­son­ably nec­es­sary for the pur­pos­es of obtain­ing or main­tain­ing insur­ance cov­er­age, man­ag­ing risks, obtain­ing pro­fes­sion­al advice, or the estab­lish­ment, exer­cise or defence of legal claims, whether in court pro­ceed­ings or in an admin­is­tra­tive or out-of-court pro­ce­dure.

4.3    We may dis­close per­son­al data to our sup­pli­ers or sub­con­trac­tors e.g. doc­tors inso­far as rea­son­ably nec­es­sary for pro­vid­ing a treat­ment.

4.4    Finan­cial trans­ac­tions relat­ing to our ser­vices  may be han­dled by our pay­ment ser­vices providers. We will share trans­ac­tion data with our pay­ment ser­vices providers only to the extent nec­es­sary for the pur­pos­es of pro­cess­ing your pay­ments, refund­ing such pay­ments and deal­ing with com­plaints and queries relat­ing to such pay­ments and refunds.

  1. Inter­na­tion­al trans­fers of your per­son­al data

5.1    We will not dis­close your per­son­al data to coun­tries out­side the Euro­pean Eco­nom­ic Area (EEA).

  1. Retain­ing and delet­ing per­son­al data

6.1    This Sec­tion 6 sets out our data reten­tion poli­cies and pro­ce­dure, which are designed to help ensure that we com­ply with our legal oblig­a­tions in rela­tion to the reten­tion and dele­tion of per­son­al data.

6.2    Per­son­al data that we process for any pur­pose or pur­pos­es shall not be kept for longer than is nec­es­sary for that pur­pose or those pur­pos­es.

6.3    We will retain your per­son­al data as fol­lows:

(a)    Per­son­al data will be retained for a min­i­mum peri­od of 6 months fol­low­ing date of your enquire, and for a max­i­mum peri­od of 12 months fol­low­ing date of your enquire.

6.4    In some cas­es it is not pos­si­ble for us to spec­i­fy in advance the peri­ods for which your per­son­al data will be retained. In such cas­es, we will deter­mine the peri­od of reten­tion based on the fol­low­ing cri­te­ria:

(a)    the peri­od of reten­tion of your per­son­al data will be deter­mined based on the time required to keep your med­ical his­to­ry.

6.5    Notwith­stand­ing the oth­er pro­vi­sions of this Sec­tion 6, we may retain your per­son­al data where such reten­tion is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which we are sub­ject, or in order to pro­tect your vital inter­ests or the vital inter­ests of anoth­er nat­ur­al per­son.

  1. Secu­ri­ty of per­son­al data

7.1    We will take appro­pri­ate tech­ni­cal and organ­i­sa­tion­al pre­cau­tions to secure your per­son­al data and to pre­vent the loss, mis­use or alter­ation of your per­son­al data.

7.2    We will store all your per­son­al data on secure servers, per­son­al com­put­ers and mobile devices, and in secure man­u­al record-keep­ing sys­tems.

7.3    The fol­low­ing per­son­al data will be stored by us in encrypt­ed form: your name, con­tact infor­ma­tion, address, phone num­ber, email address.

7.4    You acknowl­edge that the trans­mis­sion of unen­crypt­ed (or inad­e­quate­ly encrypt­ed) data over the inter­net is inher­ent­ly inse­cure, and we can­not guar­an­tee the secu­ri­ty of data sent over the inter­net.

  1. Amend­ments

8.1    We may update this pol­i­cy from time to time by pub­lish­ing a new ver­sion on our web­site.

8.2    You should check this page occa­sion­al­ly to ensure you are hap­py with any changes to this pol­i­cy.

8.3    We may noti­fy you of changes to this pol­i­cy by email or through the pri­vate mes­sag­ing sys­tem on our web­site.

  1. Your rights

9.1    In this Sec­tion 9, we have sum­marised the rights that you have under data pro­tec­tion law. Some of the rights are com­plex, and not all of the details have been includ­ed in our sum­maries. Accord­ing­ly, you should read the rel­e­vant laws and guid­ance from the reg­u­la­to­ry author­i­ties for a full expla­na­tion of these rights.

9.2    Your prin­ci­pal rights under data pro­tec­tion law are:

(a)    the right to access;

(b)    the right to rec­ti­fi­ca­tion;

©    the right to era­sure;

(d)    the right to restrict pro­cess­ing;

(e)    the right to object to pro­cess­ing;

(f)    the right to data porta­bil­i­ty;

(g)    the right to com­plain to a super­vi­so­ry author­i­ty; and

(h)    the right to with­draw con­sent.

9.3    You have the right to con­fir­ma­tion as to whether or not we process your per­son­al data and, where we do, access to the per­son­al data, togeth­er with cer­tain addi­tion­al infor­ma­tion. That addi­tion­al infor­ma­tion includes details of the pur­pos­es of the pro­cess­ing, the cat­e­gories of per­son­al data con­cerned and the recip­i­ents of the per­son­al data. Pro­vid­ing the rights and free­doms of oth­ers are not affect­ed, we will sup­ply to you a copy of your per­son­al data. The first copy will be pro­vid­ed free of charge, but addi­tion­al copies may be sub­ject to a rea­son­able fee. You can access your per­son­al data by con­tact our data con­troller offi­cer.

9.4    You have the right to have any inac­cu­rate per­son­al data about you rec­ti­fied and, tak­ing into account the pur­pos­es of the pro­cess­ing, to have any incom­plete per­son­al data about you com­plet­ed.

9.5    In some cir­cum­stances you have the right to the era­sure of your per­son­al data with­out undue delay. Those cir­cum­stances include: the per­son­al data are no longer nec­es­sary in rela­tion to the pur­pos­es for which they were col­lect­ed or oth­er­wise processed; you with­draw con­sent to con­sent-based pro­cess­ing; you object to the pro­cess­ing under cer­tain rules of applic­a­ble data pro­tec­tion law; the pro­cess­ing is for direct mar­ket­ing pur­pos­es; and the per­son­al data have been unlaw­ful­ly processed. How­ev­er, there are exclu­sions of the right to era­sure. The gen­er­al exclu­sions include where pro­cess­ing is nec­es­sary: exer­cis­ing the right of free­dom of expres­sion and infor­ma­tion; for com­pli­ance with a legal oblig­a­tion; or for the estab­lish­ment, exer­cise or defence of legal claims.

9.6    In some cir­cum­stances you have the right to restrict the pro­cess­ing of your per­son­al data. Those cir­cum­stances are: you con­test the accu­ra­cy of the per­son­al data; pro­cess­ing is unlaw­ful but you oppose era­sure; we no longer need the per­son­al data for the pur­pos­es of our pro­cess­ing, but you require per­son­al data for the estab­lish­ment, exer­cise or defence of legal claims; and you have object­ed to pro­cess­ing, pend­ing the ver­i­fi­ca­tion of that objec­tion. Where pro­cess­ing has been restrict­ed on this basis, we may con­tin­ue to store your per­son­al data. How­ev­er, we will only oth­er­wise process it: with your con­sent; for the estab­lish­ment, exer­cise or defence of legal claims; for the pro­tec­tion of the rights of anoth­er nat­ur­al or legal per­son; or for rea­sons of impor­tant pub­lic inter­est.

9.7    You have the right to object to our pro­cess­ing of your per­son­al data on grounds relat­ing to your par­tic­u­lar sit­u­a­tion, but only to the extent that the legal basis for the pro­cess­ing is that the pro­cess­ing is nec­es­sary for: the per­for­mance of a task car­ried out in the pub­lic inter­est or in the exer­cise of any offi­cial author­i­ty vest­ed in us; or the pur­pos­es of the legit­i­mate inter­ests pur­sued by us or by a third par­ty. If you make such an objec­tion, we will cease to process the per­son­al infor­ma­tion unless we can demon­strate com­pelling legit­i­mate grounds for the pro­cess­ing which over­ride your inter­ests, rights and free­doms, or the pro­cess­ing is for the estab­lish­ment, exer­cise or defence of legal claims.

9.8    You have the right to object to our pro­cess­ing of your per­son­al data for direct mar­ket­ing pur­pos­es (includ­ing pro­fil­ing for direct mar­ket­ing pur­pos­es). If you make such an objec­tion, we will cease to process your per­son­al data for this pur­pose.

9.9    You have the right to object to our pro­cess­ing of your per­son­al data for sci­en­tif­ic or his­tor­i­cal research pur­pos­es or sta­tis­ti­cal pur­pos­es on grounds relat­ing to your par­tic­u­lar sit­u­a­tion, unless the pro­cess­ing is nec­es­sary for the per­for­mance of a task car­ried out for rea­sons of pub­lic inter­est.

9.10  To the extent that the legal basis for our pro­cess­ing of your per­son­al data is:

(a)    con­sent; or

(b)    that the pro­cess­ing is nec­es­sary for the per­for­mance of a con­tract to which you are par­ty or in order to take steps at your request pri­or to enter­ing into a con­tract,

and such pro­cess­ing is car­ried out by auto­mat­ed means, you have the right to receive your per­son­al data from us in a struc­tured, com­mon­ly used and machine-read­able for­mat. How­ev­er, this right does not apply where it would adverse­ly affect the rights and free­doms of oth­ers.

9.11  If you con­sid­er that our pro­cess­ing of your per­son­al infor­ma­tion infringes data pro­tec­tion laws, you have a legal right to lodge a com­plaint with a super­vi­so­ry author­i­ty respon­si­ble for data pro­tec­tion. You may do so in the EU mem­ber state of your habit­u­al res­i­dence, your place of work or the place of the alleged infringe­ment.

9.12  To the extent that the legal basis for our pro­cess­ing of your per­son­al infor­ma­tion is con­sent, you have the right to with­draw that con­sent at any time. With­draw­al will not affect the law­ful­ness of pro­cess­ing before the with­draw­al.

9.13  You may exer­cise any of your rights in rela­tion to your per­son­al data by writ­ten notice to us.

  1. Third par­ty web­sites

10.1  Our web­site includes hyper­links to, and details of, third par­ty web­sites.

10.2  We have no con­trol over, and are not respon­si­ble for, the pri­va­cy poli­cies and prac­tices of third par­ties.

  1. Per­son­al data of chil­dren

11.1  Our web­site and ser­vices are tar­get­ed at per­sons over the age of 18.

11.2  If we have rea­son to believe that we hold per­son­al data of a per­son under that age in our data­bas­es, we will delete that per­son­al data.

  1. Updat­ing infor­ma­tion

12.1  Please let us know if the per­son­al infor­ma­tion that we hold about you needs to be cor­rect­ed or updat­ed.

  1. Act­ing as a data proces­sor

13.1  In respect of finance we do not act as a data con­troller; instead, we act as a data proces­sor.

13.2  Inso­far as we act as a data proces­sor rather than a data con­troller, this pol­i­cy shall not apply. Our legal oblig­a­tions as a data proces­sor are instead set out in the con­tract between us and the rel­e­vant data con­troller.

  1. About cook­ies

14.1  A cook­ie is a file con­tain­ing an iden­ti­fi­er (a string of let­ters and num­bers) that is sent by a web serv­er to a web brows­er and is stored by the brows­er. The iden­ti­fi­er is then sent back to the serv­er each time the brows­er requests a page from the serv­er.

14.2  Cook­ies may be either “per­sis­tent” cook­ies or “ses­sion” cook­ies: a per­sis­tent cook­ie will be stored by a web brows­er and will remain valid until its set expiry date, unless delet­ed by the user before the expiry date; a ses­sion cook­ie, on the oth­er hand, will expire at the end of the user ses­sion, when the web brows­er is closed.

14.3  Cook­ies do not typ­i­cal­ly con­tain any infor­ma­tion that per­son­al­ly iden­ti­fies a user, but per­son­al infor­ma­tion that we store about you may be linked to the infor­ma­tion stored in and obtained from cook­ies.

  1. Cook­ies that we use

15.1  We use cook­ies for the fol­low­ing pur­pos­es:

(a)    shop­ping cart — we use cook­ies to main­tain the state of your shop­ping cart as you nav­i­gate our web­site

(b)    analy­sis — we use cook­ies to help us to analyse the use and per­for­mance of our web­site and ser­vices

  1. Cook­ies used by our ser­vice providers

16.1  Our ser­vice providers use cook­ies and those cook­ies may be stored on your com­put­er when you vis­it our web­site.

16.2  We use Google Ana­lyt­ics to analyse the use of our web­site. Google Ana­lyt­ics gath­ers infor­ma­tion about web­site use by means of cook­ies. The infor­ma­tion gath­ered relat­ing to our web­site is used to cre­ate reports about the use of our web­site. Google’s pri­va­cy pol­i­cy is avail­able at: https://www.google.com/policies/privacy/.

16.3  We pub­lish Google AdSense inter­est-based adver­tise­ments on our web­site. These are tai­lored by Google to reflect your inter­ests. To deter­mine your inter­ests, Google will track your behav­iour on our web­site and on oth­er web­sites across the web using cook­ies. You can view, delete or add inter­est cat­e­gories asso­ci­at­ed with your brows­er by vis­it­ing: https://adssettings.google.com. You can also opt out of the AdSense part­ner net­work cook­ie using those set­tings or using the Net­work Adver­tis­ing Initiative’s mul­ti-cook­ie opt-out mech­a­nism at: http://optout.networkadvertising.org. How­ev­er, these opt-out mech­a­nisms them­selves use cook­ies, and if you clear the cook­ies from your brows­er your opt-out will not be main­tained. To ensure that an opt-out is main­tained in respect of a par­tic­u­lar brows­er, you may wish to con­sid­er using the Google brows­er plug-ins avail­able at: https://support.google.com/ads/answer/7395996.

  1. Man­ag­ing cook­ies

17.1  Most browsers allow you to refuse to accept cook­ies and to delete cook­ies. The meth­ods for doing so vary from brows­er to brows­er, and from ver­sion to ver­sion. You can how­ev­er obtain up-to-date infor­ma­tion about block­ing and delet­ing cook­ies via these links:

(a)    https://support.google.com/chrome/answer/95647?hl=en (Chrome);

(b)    https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Fire­fox);

©    http://www.opera.com/help/tutorials/security/cookies/ (Opera);

(d)    https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Inter­net Explor­er);

(e)    https://support.apple.com/kb/PH21411 (Safari); and

(f)    https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

17.2  Block­ing all cook­ies will have a neg­a­tive impact upon the usabil­i­ty of many web­sites.

17.3  If you block cook­ies, you will not be able to use all the fea­tures on our web­site.

  1. Cook­ie pref­er­ences

18.1  You can man­age your pref­er­ences relat­ing to the use of cook­ies on web­sites by man­ag­ing cook­ies as is describe in point 17.

  1. Our details

19.1  This web­site is owned and oper­at­ed by Renew Skin & Health Clin­ic Ltd

19.2  We are reg­is­tered in Eng­land and Wales under reg­is­tra­tion num­ber 07359901 and our reg­is­tered office is at Leam­ing­ton Spa, 18 Guy Street, CV32 4RT.

19.3  Our prin­ci­pal place of busi­ness is at 18 Guy Street, Leam­ing­ton Spa, CV32 4RT,Warwickshire, Unit­ed King­dom

19.4  You can con­tact us:

(a)    by post, to the postal address giv­en above;

(b)    using our web­site con­tact form;

©    by tele­phone, on the con­tact num­ber pub­lished on our web­site from; or

(d)    by email, using the email address pub­lished on our web­site .

  1. Data pro­tec­tion reg­is­tra­tion

20.1  We are reg­is­tered as a data con­troller with the UK Infor­ma­tion Commissioner’s Office.

20.2  Our data pro­tec­tion reg­is­tra­tion num­ber is ZA216415.

  1. Rep­re­sen­ta­tive with­in the Euro­pean Union

21.1  Our rep­re­sen­ta­tive with­in the Euro­pean Union with respect to our oblig­a­tions under data pro­tec­tion law is the direc­tor of Renew Skin & Health Clin­ic Ltd Dr Naw­al Jha and you can con­tact our rep­re­sen­ta­tive by clinic’s email: info@renewskinandhealthclinic.co.uk

  1. Data pro­tec­tion offi­cer

22.1  Our data pro­tec­tion officer’s con­tact details are: md@renewskinandhealthclinic.co.uk