Privacy Policy

OUR COMMITMENT We are committed to protecting your privacy, and the privacy of our website visitors. Any information that will be collected and will be used in accordance with the General Data Protection Regulation and the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003. Information gathered will not be shared with any third party companies for direct marketing. WHO WE ARE This Privacy Notice is provided by Leicester MediSpa which is the trading name of Leicester MediSpa LTDl. This Notice applies to all data subjects whose personal data is collected by Leicester MediSpa. Leicester MediSpa is a clinic that provides an extensive list of treatments for face and body. We provide a bespoke treatment for each client matching the services we offer with the needs of the clients. Leicester MediSpa is located at 19 The Parade, Oadby, LE2 5BB Our GDPR owner and data protection representative is Shanur Dharamshi who will deal with all enquiries concerning Leicester MediSpa’s use of your personal data and can be contacted directly at shanur.dharamshi@leicestermedispa.co.uk or 0116 303 255. The purpose of this notice is to inform you (data subjects) of what personal data we collect about you in line with the requirements of GDPR. HOW WE COLLECT DATA Leicester MediSpa will generally only receive personal data from the individual concerned directly in the course of conducting business. This may be in person, via email, web form or telephone. However, in some cases personal data will be supplied by third parties (for example online booking platforms or job sites) but only when you have specifically booked a service/treatment or responded to a vacancy offered by Leicester MediSpa on a third party platform. THE DATA WE COLLECT In the course of our business Leicester MediSpa will collect certain types of personal data which will include:

• Names, postal addresses, telephone numbers, email addresses, and other contact details (telephone calls may also be recorded for training purposes).
• Financial information which could include bank details and credit card details
• Personnel files in connection with employment and recruitment
• Information supplied in the medical questionnaire about a person’s health and relevant medical conditions that could affect the suitability of treatments
• Still images of clients during the treatment process (to assess before and after) and any video captured by the CCTV security system installed at our premises.
• Technical information such as cookies, IP address, browser type etc when you visit our website
• For any disclosure of information of another person, you must have full consent of the person to disclose and process their personal information in accordance with this policy.
• Where Leicester MediSpa is required to process the data of a child (individuals under the age of 16) we will ask for consent to be authorised by the holder of parental responsibility for the child.

WHY WE PROCESS YOUR PERSONAL DATA During the course of our business, we need to process a wide range of personal data and we will only do so in accordance with the law. Some of this is done to fulfil Leicester MediSpa’s legal obligations including those related to its employees or contractual obligations such as those to its insurers. In other cases, we will process data where it is in our legitimate interest except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Leicester MediSpa believes the following use will fall within the category of legitimate interest:

• For the purpose of recommending and providing treatments & products
• For the purpose of providing information on pre- and aftercare before and following treatment.
• For the purpose of confirmation and reminding individuals of appointments via email & text messages.
• For the purpose of our newsletter and other relevant offer emails updating clients on new products and services offered by Leicester MediSpa. You can opt out of this at any time.
• For the purpose of security to protect our websites, infrastructure and premises from attacks or threats and to report any illegal activities

Given that we need to collect health information and this is classed as a special category of personal data we need to identify a specific condition under Article 9. The condition on which we rely is that processing is necessary for the purposes of providing health care or treatment. WHO HAS ACCESS TO DATA & WHO WE SHARE IT WITH Personal information gathered will not be shared with any third party companies for direct marketing. Usually, personal data collected by Leicester MediSpa will remain within Leicester MediSpa and will be processed by appropriate employees. Some of the processing is carried by third parties such as website developers, cloud storage providers but is at all times kept securely and only processed with the directions of Leicester MediSpa. On occasion, we will need to share personal information, to meet our legal obligations or for contractual reasons, with third parties such as banks lawyers, insurers, accountants or government authorities such as HRMC if you are an employee. If you decide to apply for finance we will only share your email address with the finance company so that they may communicate with you directly. HOW LONG WE KEEP PERSONAL DATA We are committed to complying with our legal obligation to the retention and deletion of personal information. The type of data and the purpose for collection will determine how long Leicester MediSpa will retain your data. We will not process your personal information for purposes longer than necessary. Employee data can be kept for up to seven years following departure from the company. Details of an unsuccessful applicant to vacancies will be stored for up to one year. Our insurers require Leicester MediSpa to keep Client records, including medical data, images and treatment data for 10 years from the date of your last treatment following which it will be securely disposed of. Data of those engaged with the business such as contacts for an active contract or receivers of our monthly newsletter will be retained as long as the service is being contracted or newsletter is being sent. Emails of those who have opted out of receiving our newsletter services will be kept indefinitely to ensure continued compliance. Financial and accounting records will be kept for 6 years from the end of the last company financial year they relate to or longer if the tax return was late or if HMRC requests it. Your Rights As A Data Subject At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
• Right to the restriction of processing – where certain conditions apply to have a right to restrict the processing. Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that Leicester MediSpa refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

THIS PRIVACY NOTICE Leicester MediSpa will update this privacy notice from time to time. Our website will be updated when necessary to reflect the most recent and up to date copy of this notice. Please check with Privacy Policy page occasionally to ensure that you are happy with the changes. COMPLAINTS If you believe that we have not complied with our privacy notice you may complain to the Information Commissioner’s office (ICO) although as recommend by the ICO please allow Leicester MediSpa the opportunity to resolve the matter before involving the regulator. All queries and complaints in the first instance should be directed by email to Hannah Bull, hannah.bull@leiecestermedispa.co.uk