Ennove Beauty & Detox Clinic values your privacy and want to be clear about the data we collect, how we use it and your rights to control that information. This policy reflects the high standards established by the General Data Protection Regulation (GDPR); a set of laws passed in the European Union. It applies to information collected by us, or provided by you, during your appointment, via email, our website, or in any other way including over the phone.
All your personal data will be held and used in accordance with GDPR and national laws implementing GDPR and any legislation that replaces it in whole or in part relating to the protection of personal data.
We do not collect personally identifiable information about you, except when you provide it to us directly or through a third party. For example, if you subscribe to our newsletter, complete a survey monkey online survey, leave a review our page, book a treatment with us, or consent to have a treatment with us or make a purchase.
The Information we Record via our Website
When you visit our website (via a computer, mobile or hand-held device) you may provide us with personal information including your name, address, contact details and financial data (via Pay Pal).
This information is gathered when you register or book an appointment online using appointment plus, email Ennove Beauty & Detox Clinic, make a purchase or sign up for a newsletter from us, complete a survey monkey online survey or leave a review online.
Our website is created with Creativ Zion, which also allows us to see information on user website activity including, but not limited to page views, referral and average time spent on the website. The information is depersonalised and is displayed as numbers, meaning it will not be tracked back to individuals, which helps to protect your privacy. Using this we can see what content is popular on our website and strive to ensure you have the best user experience possible.
The information we Record via Emails
When you correspond with the Ennove Beauty & Detox Clinic by email, we may need to retain the content of your email and any photographs supplied together with our replies, as they form part of your treatment records.
The Information We Record During Your Consultations & Treatment Appointments
When you visit Ennove Beauty & Detox Clinic you provide personal information including your name, address, date of birth, contact details and medical history.
During your consultation medical notes are taken, which may include any allergies, operations, and medication. We also record treatment data which may include details of treatments or procedures you have had done.
Depending on the treatment sometimes photography may be required. This will form part of your treatment records.
During your visit you may be asked to read and sign consent and after care forms which form part of your treatment records. During your treatment we will record treatments, outcomes and may take photographs which form part of your treatment records.
How We Use Your Information
Your personal details and medical records are for legitimate purposes and ensure we can:
Provide the best possible care
Provide Beauty and Aesthetic treatments safety
Identify any contraindications you may have for specific treatments
Provide treatment plans
Maintain an accurate appointment diary for all our practitioners
Confirm your appointment by text, email, or phone
To answer your questions by email or phone
Keep you up to date on news and treatments offered by the Clinic
To contact you for post-treatment, follow up and care, including survey requests to improve our service
You have a responsibility to inform us if any of your details such as name, address, contact numbers change, so our records are accurate and up to date for you. Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email.
You have the right to ask us not to process your personal data for marketing purposes and can opt out from marketing at any time. This will not affect our use of your data to contact you to remind you about your appointments.
We take card payments using iZettle in the clinic, Pay Pal or BACS for online payments. These third parties have access to your Transaction Data and have their own GDPR compliant policies.
How We Maintain Confidentiality of your Records
Every member of staff at Ennove Beauty & Detox clinic has a legal obligation to keep information about you confidential.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
All your records are stored electronically in a GDPR compliant software system. All digital data is secure and is highly protected from unauthorised persons and is also protected from deletion or malicious hacking.
How We Share Your Information
We will only share your information if you have given us written permission to make/cancel appointments with a family member/employee.
We do not sell our database to third parties.
We never share any information with third parties unless there is a genuine need for it, or we receive their request in writing and we have your written consent.
Disclosure of Personally Identifiable Information
Fraud Protection and Compliance with Law
We may need to disclose your personal information or share your personal information to comply with any legal or regulatory requirement, obligation, or request. This includes the police for the prevention or investigation of a crime, HMRC, or our Insurers, legal advisors or other third parties who need access to it in the context of managing, investigating, or defending claims or complaints.
How long do we hold your information.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. Marketing Enquiries and Emails – 6 months.
You have the right to withdraw your consent at any time by contacting us via email or letter. Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
You have the right to request a copy of your treatment records and this request must be put in writing and signed by you (the patient). We are required to respond to you within 30 days. You have the right to have information updated or corrected if you feel it is inaccurate, incomplete, or out of date. This request must put in writing and signed by you (the patient).
Objections & Complaints
Our Data Protection Officer is responsible for ensuring the Clinic keeps your information secure and confidential. If you have concerns about the way your information is managed, please contact Ennove Beauty & Detox Clinic on +44 208 964 8667 or email firstname.lastname@example.org. If you are still unhappy you can then complain to the Information Commissioners Office (ICO) at www.ico.gov.uk or telephone 0303 123 1113.
In the unlikely event of a data breach occurring, Ennove Beauty & Detox Clinic will undertake a further investigation. Lessons learnt will be added to the policy and the relevant supervising bodies notified if required.