Aluminate Clinic Policies
Data Protection Notice
1.1 To facilitate your treatment and to evaluate and improve the services we provide, we (as your clinic) wish to collect, hold and process a variety of personal data about you by means of the “Consentz” service, further details of which are set out below. If you consent to us doing so, please click on the “Accept” button below.
1.2 This statement provides more information about the types of information we will hold, the types of things we will do with it, who will have access to it and how you can exercise your rights in respect of it.
We are your data controller for the purposes of the personal data we will collect. Our details are as follows:
2.1 Our name, address and registered number (if any):
2.2 Our representative (if any):
2.3 Our data protection officer (if any):
[///data protection officer///]
3.1 Data to be processed:
The personal data to be processed is as follows:
Date of Birth
Act of kin
Contact preferences – email/ SMS/ push notifications
Method of receiving appointment reminders
Medical information and records relating to the treatment being undertaken.
Purpose for which the personal data are intended to be processed:
The personal data collected from you will be used for the purposes of:
facilitating, administering, and recording your current, and any future, treatment by us or third party practitioners, including General Practitioners and Consultants;
to evaluate and improve the services provided by the clinic;
being provided on an anonymised basis to Consentz to allow it to evaluate and improve its services; and
providing you with information, from time to time, about the products and service we offer using the contact channels agreed by means of the contact preferences mentioned above.
In addition, once they are provided, we will also retain (and process) your personal data to the extent necessary to enable us to establish, exercise or defend legal claims.
3.2 Basis for the processing:
The processing is being given on the basis of your explicit consent (as given by means of you clicking to “accept” our processing your data on the Consentz service).
Once collected, we will also retain (and process) your personal data for the purport of establishing, excising or defending claims.
3.3 Persons with whom we may share you data:
In general, access to your personal data will be restricted to those who have a need to access it in order to carry out their duties (for example, our medical staff and finance teams).
We will also share your personal data with the following external third parties in some circumstances:
medical regulators such as the GMC, and government authorities such as HMRC or the police, if we are required to do so by law or if the regulator or authority requests it and we regard that request as reasonable;
our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending claims or complaints; and
Consentz Limited (a company registered in England and Wales under company number 08294329, whose registered office is at 5 Margaret Road, Romford, Essex, RM2 5SH) who provide us with this service by which your personal data are stored and processed.
3.4 Period for which personal data will be stored:
[Seven years or such other period as may be stipulated by the clinic.]
Your rights (with effect from 25 May 2018)
The law gives you certain rights in respect of the personal data that we hold, which you should be aware of:
4.1 You have the right to obtain from us, without undue delay, the rectification of any inaccurate personal data concerning you;
4.2 Taking into account the purposes of the processing, you shall also have the right to have incompleted personal data completed, by means of providing a supplementary statement;
4.3 You have the right to require us to erase your personal data without undue delay on certain grounds (including where they are no longer necessary for the purpose for which they were collected or where you withdraw your consent and there is no other legal grounds for the processing);
4.4 You have the right to require us to restrict the processing of your personal data on certain grounds (including where you contest the accuracy of the personal data; the processing is unlawful, but you request a restriction of the processing rather than erasure; or we (as controller) no longer need the data for the purposes of the processing, but you required them to establish, exercise or defend legal claims);
4.5 You have the right to withdraw your consent at any time (to do so please email us at: [●]). Please note that if you do so, then all personal data (other than that required to be kept to enable us to establish, exercise or defend legal claims) will be immediately deleted;
4.6 Should you have any complaints or issue with our treatment of your personal data, you may lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk);
4.7 You have the right to request a copy of any of your personal data held by us. The first copy will be free of charge, but we reserve the right to charge a small fee for additional requests; and
4.8 Providing your personal data is not obligatory, but not doing so may mean that we cannot commence or continue with your treatment.
Your aesthetic procedure appointment is reserved specifically for you. We therefore politely request that you notify us at least 48 hours in advance if you wish to cancel or reschedule your appointment.
Late cancellations and ‘no show’ appointments cost us precious time and money, therefore if we receive less than 48 hours’ notice of cancellation, the deposit paid towards the treatment will be lost. However, please contact our clinic owner directly if you feel you have 'exceptional' circumstances you wish to discuss.
Any future appointments may require full payment prior to booking if more than 1 late cancellation is recieved .
We appreciate your understanding.
We use your personal data for many reasons, from understanding how our users engage with us to inform our marketing and advertising. Ultimately, this allows us to tailor the appropriate treatments to suit your individual needs.
These are the main reasons why we collect and use data about our users:
To show you treatments that may be relevant to you and to improve your experience on our site
To provide the services in the future you may be interested in
To carry out marketing analysis and send you communications when we have your permission, or when permitted by law
To enable us to show advertising on our sites.
We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics:
Information about your rights and our obligations
Clarity about our dealings with you and transparency about how we collect and use your personal data
Commitments on how we protect your personal data
Commitments on how we will facilitate your rights and respond to your questions.
We will continue to examine how we can provide more clarity to our users about our use of data.
Personal data is any information about you by which you can be identified. This can include information such as:
your name, date of birth, email address, postal address, phone number, mobile number;
debit card details;
information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based); and
information relating to your personal circumstances and how you use our sites, apps and services.
Who we are and how to contact us
The data controller for our sites and apps is Amanda Tuckwell, Aluminate Skin Clinic, The Hollies, Station road, Weston Rhyn, Oswestry. Shropshire. SY10 7SX. This means that we are responsible for deciding how and why we hold and use your personal data. If you want to contact us, you can find our contact details in the “How to contact us” section below.
What personal data we collect and how we use it
We collect personal data when you sign up for our services and when you browse our sites or use our apps. This information is used to provide our journalism and other services, display advertising and analyse how visitors use our sites or apps.
The personal data we collect when you register for our newsletter include;
your email address;
some limited data from your social media profile.
your IP address - a numerical code to identify your device and which can provide information about the country, region or city where you are based;
your browsing history of the content you have visited on our sites, including information on how you were referred to our sites via another website; and
details of your devices, for example, the unique device ID, unique advertising ID and browsers used to access our content.
Some of our services, such as Professional Networks, may give you the option of providing more information about your preferences, so that we can tailor your experience. Signing up for membership or a subscription may also mean you need to provide other details such as your address details:
We will not collect special categories of data - such as information about your race, political opinions, religion, health or sexual orientation - unless you have chosen to provide that information to us.
Using your social media details to sign up with Aluminateclinic.com
When you sign into our sites or apps using your Facebook login details, you give permission to Facebook to share with us your email address and certain aspects of your Facebook profile if you have made these public on your Facebook profile. This only includes your first and last name, age range, link to your Facebook profile and profile picture. We do not have access to updates on your Facebook profile. If you use your Google login details, you give Google permission to share the information that you have made public in your Google profile. This only includes your first and last name, your email address and whether your email address has been validated, your age range, a link to your Google profile.
Posting comments on our sites
When you post information on a discussion board or comment publicly on one of our sites, the information you post and your username are publicly accessible. This information can be viewed online and collected by other people. We are not responsible for the way these other people use this information. When contributing to a discussion, we strongly recommend you avoid sharing any personal details, and especially information that can be used to identify you directly such as your name, age, address and name of employer. We are not responsible for the privacy of any identifiable information that you post in our online community or other public pages of the site.
Using our apps
The Aluminate / Consentz patient app uses information you have shared with us. A list of the activity you have recently viewed is cached in the local storage on your mobile device. You can delete this reading history in the settings of the app. Information on what you have viewed in the app and information on bugs and crashes is also sent to consentz. You can choose to receive notifications on your mobile device via the app. You can manage these notifications in the settings of the app.
How we collect personal data
We collect personal data when you:
become a supporter or registering for an account/newsletter via aluminateclinic.com;
pay for a subscription or purchase any other products/services;
attend our events;
enter our competitions and surveys;
sign up to our editorial emails;
post in our online community;
sign up for marketing communications;
use mobile devices to access our content;
access our sites, through cookies and other similar technology; and
when you contact us via email, social media, our apps or similar technologies or when you mention us on social media.
Why we use your personal data
We use personal data collected through our sites and apps for a number of purposes, including the following:
To provide the services you sign up for, such as sending out emails/text. We also use the personal data for related internal administrative purposes - such as our accounting and records - and to make you aware of any changes to our services.
To send marketing communications when we have your permission, or when permitted by law.
To personalise our services (for example, so you can sign in), remembering your settings, displaying personalised advertising as well as measuring how effective our online adverts are, recognising you when you sign in on different devices and tailoring our marketing communications based on what you like.
To carry out marketing analysis, for example we look at what you have viewed on our sites and apps and what products and services you have bought (including what you have looked at and what products or services you have bought on our other platforms, to better understand what your interests and preferences are, and to improve our marketing by making it more relevant to your interests and preferences. You can opt out from having your personal data used for marketing analysis by going into your emails and opt out of “Emails and marketing”.
To improve our marketing communications, we use a similar technology to cookies to confirm whether you have opened a marketing email or clicked on a link in the email.
For statistical purposes such as analysing the performance of our sites and apps and to understand how visitors use them.
To respond to your queries and to resolve complaints.
To comply with applicable laws and regulations.
Access permissions that we ask from users of the Aluminate Consentz patient app
When you use the Aluminate Consentz Patient app, we ask for the following permissions to access particular functions of your mobile device:
For the Android version, we ask for permission to access your contact details/profile on your mobile device, so that we can add or find your personal client account on your phone. We also ask for permission to access the storage on your mobile device, so that you can store content and read when offline.
For the iOS version, we ask for permission to save pictures to your photo library, so that you can save pictures that you find in our articles on your mobile device.
Legal grounds for using your personal data
We will only use your personal data where we have a legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:
Consent: For example, where you have provided your consent to receive marketing emails from us. You can withdraw your consent at any time. In the case of marketing emails you can withdraw your consent by clicking on the “unsubscribe” link at the bottom of the email or through your email preferences in the “emails and marketing” tab, when signed into your aluminate Consentz patient account.
Our legitimate interests: Where it is necessary for us to understand our readers, promote our services and operate our sites and apps efficiently for the creation, publication and distribution of news, media and related journalistic content both online and in print form, globally. For example, we will rely on our legitimate interest when we analyse what content has been viewed on our sites and apps, so that we can understand how they are used. It is also in our legitimate interest to carry out marketing analysis to determine what products and services may be relevant to the interests of our readers. You can opt out from having your personal data used for marketing analysis in your account in the “emails and marketing” tab.
Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have purchased a subscription from us and we need to use your contact details and payment information in order to process your order and deliver your subscription.
Compliance with law: In some cases, we may have a legal obligation to use or keep your personal data.
Updating your personal data and your profile page on our sites
When you register for an account with theguardian.com, you have access to a profile page. Under “edit profile” you can review what information is public when you comment on our articles, or if people look up your profile. You can also update your information or provide extra information if you want.
You may also update your marketing preferences in the “Emails and marketing” tab in your account.
Personal data that we receive about you from other organisations
Adding to or combining the personal data you provide to us
When you sign up to our services, we may add to the personal data you give us by combining it with information shared with us by other trusted organisations. This includes, for example, information about the region that you are located in, so that we can show you the prices for subscriptions or other products in your local currency. We may also add information to improve the accuracy of your delivery address when we send out mail. We may also obtain information from partners whose offers we include in some of our marketing communications and we use this information to ensure that we do not send you irrelevant marketing.
We also use information on the content you have viewed on our sites and apps and your interaction with the content to add you to groups with similar interests and preferences, so that we can make our online advertising more relevant. Sometimes we use data about your interests or demographics that third parties have collected from you online to add to these groups.
Information shared by event partners
When you register or book a ticket for a Aluminate event organised by an event partner, your registration data may be shared with us by the event partner.
Using children’s personal data
We do not aim any of our products or services directly at children under the age of 18 and we do not knowingly collect personal data about children under 18. Some of our services may have a higher age restriction and this will be shown at the point of registration.
Security of your personal data
We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing and against accidental loss, damage or destruction. You are responsible for choosing a secure password when we ask you to set up a password to access parts of our sites or apps. You should keep this password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk.
Who we share your personal data with
We hold your data on our systems in the UK
If you are going to one of our events hosted by an event partner, we may share your personal data with that partner for event administration purposes only.
Sometimes we may receive a letter, email or another form of communication from you that we consider to be significant. We may decide to share this with
We do not share your personal data with other people or organisations that are not directly linked to us except under the following circumstances:
We may share your data with other organisations that provide services on our behalf such as dealing with online payments and other forms of payment processing, ie credit card transactions and preventing fraud.
We may also share your data with our advertising partners, as set out in the section about Online Advertising below.
We may reveal your personal data to any law enforcement agency, court, regulator, government authority or other organisation if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else.
Any organisations which access your data in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your data and keep to all data privacy laws that apply. We may also independently audit these service providers to make sure that they meet our standards.
We will not share your personal data with anyone else for their own marketing purposes unless we have your permission to do this.
Some of our webpages use social plug-ins from other organisations (such as the “Facebook Recommend” function, Twitter’s retweet function, Google+ function). These other organisations may receive and use personal data about your visit to our sites or apps. If you browse our site or view content on our apps, information they collect may be connected to your account on their site. For more information on how these organisations use personal data, please read their privacy policies.
How long we keep your personal data
How we may contact you
From time to time we may send you service emails, for example, telling you your subscription is coming to an end or thanking you when you contribute or place an order with us.
Marketing communications and editorial newsletters
If we have your permission, we may send you materials we think may interest you, such as new Aluminate Clinic offers and updates. Depending on your marketing preferences, this may be by email, phone, SMS or post.
We offer a range of editorial newsletters. You can manage your subscription to these emails through your profile page when you are signed into your Aluminate / Consentz account.
You can decide not to receive these emails at any time and will be able to “unsubscribe” directly by clicking a link in the email or through your email preferences in the tab “Emails and marketing” when you are signed into your Aluminate / Consentz account.
Sometimes we may contact you for market research purposes, for example about a survey. You can opt out from being contacted in this way by signing into your Aluminate / Consentz account and going to the tab “Emails and marketing”.
Responding to your queries or complaints
If you have raised a query or a complaint with us, we may contact you to answer your query or to resolve your complaint.
Cookies and similar technology
When you visit our sites or when you use our apps, we may collect personal data from you automatically using cookies or similar technology. A cookie is a small file that can be placed on your device that allows us to recognise and remember you.
Advertising on our sites that is based on cookies and similar technology
We use personalised online advertising on our sites. This allows us to deliver more relevant advertising to people who visit aluminateclinic.com. It works by showing you adverts that are based on your browsing patterns and the way you have interacted with our sites and apps. It then shows you adverts which we believe may interest you.
When you browse our sites or use our apps, some of the cookies and similar technology we place on your device are advertising cookies, so we can understand what sort of pages you are interested in. We can then display advertising on your browser based on these interests. For instance, if you have been reading a lot of food and drink articles, we may show you more advertisements for food and drink.
We do not collect or use information such as your name, email address, postal address or phone number for personalised online advertising.
We may also share online data collected through cookies and similar technology with our advertising partners. This means that when you are on another website, you may be shown advertising based on your browsing patterns on aluminateclinic.com. We may also show you advertising on theguardian.com website based on your browsing patterns on other sites that we have obtained from our advertising partners.
Online retargeting is another form of online advertising that allows us and some of our advertising partners to show you advertising based on your browsing patterns and interactions with a site away from our sites.
For example, if you have visited the website of an online clothes shop, you may start seeing adverts from that same shopping site displaying special offers or showing you the products, you were browsing. This allows companies to advertise to you if you leave their website without making a purchase.
Advertising that we place on our site or on other sites
We also use personalised online advertising to promote our own products and services. This means that you may see advertising for our products and services on our sites and when you are on other, third party websites, including social media platforms.
Your rights with regard to the personal data that we hold about you
You can contact us with regard to the following rights in relation to your personal data:
If you would like to have a copy of the personal data we hold on you or if you think that we hold incorrect personal data about you, please write to the Data Protection Officer at Aluminate Clinic at The Hollies, Station road, Weston Rhyn, Oswestry. Shropshire. SY10 7SX or email email@example.com. We will deal with requests for copies of your personal data or for correction of your personal data within one month. If your request is complicated or if you have made a large number of requests, it may take us longer. We will let you know if we need longer than one month to respond. You will not have to pay a fee to obtain a copy of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Where you have provided us with consent to use your personal data, you can withdraw this at any time.
Where applicable, you may also have a right to receive a machine-readable copy of your personal data.
You also have the right to ask us to delete your personal data or restrict how it is used. There may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request. Where applicable, you have the right to object to processing of your personal data for certain purposes.
If you do not want us to use your personal data for marketing analysis, you can change your settings in the “Emails and marketing” tab of your Guardian account.
If you want to make any of these requests, please contact firstname.lastname@example.org
We may need to request specific information from you to help us confirm your identity.
November 2004: cookie information moved to separate page; Data Protection Commissioner changed to Information Commissioner; legal information under the Data Protection Act added.
May 2008: principles updated to provide more detail on protections and limits on data usage and confirmation about the use of data processors; contact details updated.
August 2009: contact details updated, useful links updated, some headings added, and a new section headed “advertising and affiliate links” added.
July 2011: Principles updated to include further information on marketing preferences, contact details, further information provided about online behavioural advertising, cookies, and the ‘Who we share data with’ section has been updated.
September 2011: Websites covered expanded to include aluminateclinic.com, information on use of children’s data added.
February 2012: Additional provision included in ‘How we use your information’ to address certain data that we may collect, especially in the context of certain Apps and geographical location data.
April 2012: Information on logging onto our sites using social networking log-ins as a means of authentication.
February 2013: Applicability of policy to other websites and applications added.
May 2013: Information on mobile device advertising added.
July 2015: Amendment for the personalisation of newsletters based on browsing history on aluminateclinic.com
January 2016: Policy amended to include information on profiling and how to opt-out of profiling data being shared with Aluminate News & Media.
December 2016: Information on Google Analytics added, removal of children’s books information and replaced with Young Critics’ information.
May 2017: updated information on the use of anonymous information for online advertising
February 2018: updated information on marketing preferences and use of children’s data
May 2018: updated to reflect changes resulting from the General Data Protection Regulation.