Privacy Policy
Essence Medical Cosmetic Clinic is committed to protecting your privacy. We understand the importance of ensuring that our personal information is protected and respected. Therefore, we treat personal data following our obligations under the General Data Protection Regulation (GDPR) and our confidential clinical requirements.
Essence Medical Cosmetic Clinic is registered in Scotland with company number SC360101. Our registered office is at c/o M J Lynas Accountants, 192 Dukes Road, Burnside, Glasgow, G73 5AA and our trading address is Dundas Court, 38 New City Road, Glasgow G4 9JT.
We have produced this privacy notice to inform you how we handle your personal data. All handling of your data is done in compliance with the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”).
reCAPTCHA v3
To protect our site and users from spam and abuse, we have implemented reCAPTCHA v3 on your site, and the use of reCAPTCHA v3 is subject to the Google Privacy Policy and Terms of Use.
What are your rights?
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
- The right to be informed of how your Personal Data is used (through this notice);
- The right to access any personal data held about you;
- The right to withdraw consent at any time by emailing contact@essencemedical.co.uk
- The right to rectify any inaccurate or incomplete personal data held about you;
- The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy or where you have withdrawn consent;
- The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
- The right to object to processing results in decisions being made about you by automated processes and prevents those decisions from being enacted.
Who is the Data Controller?
- If we have collected your data directly from you for our own purposes, we are the Data Controller.
- If we have purchased your data from a third party for our purposes, we are the Data Controller. Where we have purchased your data, we will contact you to let you know before we first start to use it or, at the latest, within one month of acquiring it.
- If we have been passed your data from a third party for our own purposes, we are the Data Controller. We will contact you to let you know before we start using it or, at the latest, within one month of acquiring it.
- If we have been passed your data from a third party for a joint purpose that we both influence, we are the joint Data Controller. We will contact you to let you know before we first start to use your data or, at the latest, within one month of acquiring it.
- If your data has been passed to us by a third party for processing under their instruction, that third party is the Data Controller. They should have notified you that they would be passing your data to us, at Essence Medical, at the time they collected your data and within their own privacy notices/standards.
What is the Lawful Basis for Processing Personal Data?
Under Data Protection Legislation, there must be a ‘lawful basis for using personal data. The legal bases are outlined in Article 6, Section 1 of the GDPR. They are sub-sections:
a) ‘your consent;
b) ‘performance of a contract;
c) ‘compliance with a legal obligation;
d) ‘protection of your, or another’s vital interests;
e) ‘public interest/official authority; and
f) ‘our legitimate interests.
About our Processing of Your Data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped as follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing, delivery, email, and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from our third parties and us and your communication preferences.
We also collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, suppose we combine or connect Aggregated Data with your data so it can directly or indirectly identify you. In that case, we treat the combined data as personal data, which will be used following this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Our use of Cookies
Cookies are small text files placed on your computer’s hard drive through your web browser when you visit any website. They are widely used to make websites work more efficiently, as well as to provide information to the site owners.
Like all other users of cookies, we may request the return of information from your computer when your browser requests a web page from our server. Cookies enable our web server to identify you to us and to track your actions and the pages you visit while you use our website. The cookies we use may last for a single visit to our site (they are deleted from your computer when you close your browser) or remain on your computer until you delete them or until a defined period has passed.
Although your browser software enables you to disable cookies, we recommend that you allow the use of cookies to take advantage of the features of our website that rely on their use. If you prevent their use, you will not be able to use all the functionality of our website. Here are the ways we may use cookies:
- To record whether you have accepted the use of cookies on our website. This is solely to comply with the law. If you have chosen not to accept cookies, we will not use cookies for your visit, but unfortunately, our site will not work well for you.
- to allow essential parts of our website to operate for you.
- To operate our content management system.
- To operate the online notification form – the form you use to contact us for any reason. This cookie is set on your arrival at our website and deleted when you close your browser.
- To enhance security on our contact form. It is set for use only through the contact form. This cookie is deleted when you close your browser.
- To collect information about how visitors use our site. We use the information to improve your experience of our site and enable us to increase sales. This cookie gathers information anonymously, including the number of visitors to the site, where visitors have come to the site, and the pages they visited.
- To record that a user has viewed a webcast. It collects information in an anonymous form. This cookie expires when you close your browser.
- To record your activity during a webcast. For example, whether you have asked a question or provided an opinion by ticking a box. This information is retained so we can serve your information when you return to the site. This cookie will record an anonymous ID for each user, but it will not use the information for any other purpose. This cookie will last for a while, after which it will delete automatically.
- Store your personal information, so you do not have to provide it afresh when you visit the site next time. This cookie will last for some time, after which it will delete automatically.
- to enable you to watch videos we have placed on YouTube. When you use YouTube’s privacy-enhanced mode, YouTube will not store personally identifiable cookie information.
What happens if I refuse to give Essence Medical my data?
The information about you that we have collected for the performance of our contracts is required for us to fulfil our obligations to you successfully. If you choose not to provide the personal data requested, we will not be able to enter into a contract with you to deliver the benefits we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.
We process some personal information as part of a contractual relationship with a Data Controller. Therefore, any requests to restrict this processing should be forwarded to the Data Controller; they will be responsible for discussing your concerns and making any decisions.
What are Essence Medical’s ‘legitimate interests?
- Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. Of course, you can object to our processing, and we shall consider how this affects whether we have a legitimate interest. If you want to find out more about our legitimate interests, please contact us via contact@essencemedical.co.uk.
How Long Will Your Data be Kept?
Essence Medical holds different categories of personal data for different periods. Wherever possible, we will endeavour to minimise the amount of personal data that we have.
- If ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as the purpose for which it was collected and your consent, are still valid. We review your consent status every twelve (12) months and treat non-response to our requests for renewal of consent as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your data obtained by consent. If we do, we will inform you that we intend to maintain it under these conditions and identify the interest specifically.
- If we process your data based on ‘legitimate interests, we will retain your data for so long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months. We will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
- All categories of personal data held by us, because they are essential for the performance of a contract, will be held for six years, as determined by reference to the Limitations Act 1980, to exercise or defend legal claims.
Who can you Complain to?
- In addition to sending your complaints to contact@essencemedical.co.uk, you can send complaints to our supervisory authority. Essence Medical predominantly handles the personal data of UK nationals, and our supervisory authority is the Information Commissioner’s Office. If you believe that we have failed in compliance with data protection legislation, this authority can be made by visiting https://ico.org.uk/concerns/.
This Privacy Policy was updated September 2022.