Our Privacy Promise
Andresa Aesthetics is committed to protecting your personal information when you use our services. This commitment relates to our use of any personal information you provide to us collected on our website, by phone, text message (SMS), email, letters and in person.
Who are “we”?
When we say ‘we’, we mean Andresa Ltd. (Company No. 07098845) who is the ‘data controller’ for the information described in this privacy promise. This means we’re responsible for deciding how we can use your information. We have nominated a dedicated Data Protection Officer (“DPO”). You can contact the DPO by telephone or mail using these contact details.
The Legal Basis for us collecting your data
The law on data protection sets out a number of different reasons that a company can collect and process your personal data. These include:
In specific situations, we can collect and process your data with your consent. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations, for example to give to a courier if we post you a product.
If the law requires us to, we may need to collect and process your data.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
What types of information do we collect about you?
In order to provide you with a safe and individually tailored service we need to collect your potentially sensitive personal data. Typically this may include:
• Your contact details including title, full name, address, telephone, email
• Your gender, date-of-birth and employment
• Certain aspects of your medical history such as allergy information, lifestyle, diet, current treatments and the name of your doctor
• Your treatments and product purchase history
• “Marketing” data, including history of communications, whether you open email or click on links, and information about products or services we think you may be interested in, and analysing data to help target offers to you that we think are of interest or relevance to you. This may include technical information about your internet connection and browser.
• Reviews of our products and service that you may choose to complete.
• Your image may be recorded on Close Circuit TV (CCTV) when you visit the clinic. Generally this is not personally identifiable and is not stored for more than 7 days.
• Your photo may be saved to your confidential client record for the purposes of treatment recommendations and insurance.
We do not “augment” data you have given us from any third party data provider. We do not persistently save your payment card details in any of our systems. Our promise is to ensure we only collect the absolute minimum needed to provide you with the very best service.
How long will we keep your information?
We’ll keep your information only for as long as you have a relationship with us. After it ends we will only keep it where we may need it for legitimate purposes. For example, to help us respond to queries or complaints or in line with legal and regulatory requirements or guidance.
How do we use the information we collect about you?
We promise that we will only use the information that you provide to us in a responsible way and only when you have given us explicit consent. These are ways we will use the data you provide:
• Assessing and providing the appropriate treatment plan for your personal circumstances
• To improve the operation of our business and the service we provide to you
• For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service
• To comply with legal and regulatory obligations, requirements and guidance
We sometimes need to share your personal data with trusted third parties. Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
• We provide only the information they need to perform their specific service.
• They may only use your data for the exact purposes we specify in our contract with them.
• We work closely with them to ensure that your privacy is respected and protected at all times.
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
• IT companies who support our website and other business systems.
• Operational companies such as delivery couriers.
• Direct marketing companies who help us manage our electronic communications with you.
• Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
We do not share data with third party companies for their own use.
Is your personal information transferred outside the UK/EEA?
We’re based in the UK. Some of our service providers may store your personal information on servers outside the European Economic Area (EEA). If they do then we will make sure that suitable safeguards are in place, for example by using approved contractual agreements.
Your rights regarding the personal information you provide
You have a number of legal rights relating to the information we hold on your behalf. These include:
• to see what information we hold and how we process it
• to ask us to update incorrect, out-of-date or incomplete details
• to object to or restrict processing of the data
• the right to have your personal information erased (the “right to be forgotten”)
• the right to move, copy or transfer your personal information (”data portability”)
Our promise is to action a request to exercise any of these rights within 10 days.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to complain to the Information Commissioner’s Office. They can be contacted by calling them on 0303 123 1113 or online at https://ico.org.uk/.
When will you contact me?
To provide a timely and relevant service we will need to contact you. We will ask you for your preferred contact method but this may include text messages (SMS), Email, telephone or post. The following are the principal reasons for us contacting you:
• to administer/manage appointments for treatment or consultation
• in relation to any correspondence we receive from you or any comment or complaint you make about our service
• to update you on any material changes of our policies and practices
• for reasonable marketing purposes but only if you have given us consent and this will be restricted to your preferred contact method(s).
Children (clients under the age of 18)
From time-to-time we are asked to provide treatments for children. We will ask the parent or guardian to provide an explicit consent to any proposed treatment.
You can contact us on any subject relating to our use of your personal data as follows:
The Data Protection Officer
Andresa Aesthetics Ltd.
Lower Wasing Barn
Reading RG7 4LY
Telephone: 01635 800183