Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible when creating them.
What is Personal Data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
Responsible for data processing
Responsible for data processing in accordance with the provisions of the GDPR and DPA is:
41 Derby Road, L36 9UQ, Huyton
Phone: 0151 528 2838
General information on data processing
In the course of our business and website operations, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the UK and the EEA. Where we transfer data outside the UK or EEA, we have highlighted this accordingly below.
All personal data that we obtain from you via the website will only be processed for the purposes described in more detail below. This is done within the framework of the respective legal regulations mentioned or only with your consent.
In particular, Art. 6 GDPR specifies when data processing is permitted. iSkin Clinic collects personal data if:
you have given your consent (Art. 6 para. 1 lit. a GDPR),
the data is necessary for the fulfilment of a contract / pre-contractual measures (Art. 6 para. 1 lit. b GDPR),
the data is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR) or
the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden (Art. 6 para. 1 lit. f GDPR).
iSkin Clinic processes and stores your personal data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
To provide our website, we use the services of the US based Company Wix who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.
b) Collection of access data and log files
We also collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.
c) Contacting us
If you contact us, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details (phone number and e-mail address) -if provided by you- and your message. The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your enquiry.
d) Bookings online
For our appointment bookings, we obtain your Name, E-mail, Phone Number, and additional information you provide to us as well as your payment details. The data you provide us with will also only be used for the purpose of your contact, bookings, or appointments and the services carried out. The legal basis for processing your data when booking an appointment is the preparation for a contract. The data collected in this respect will be deleted as soon as processing is no longer necessary, or you revoke your consent. However, we must also observe retention periods under tax and commercial law.
The data collected in respect of our Booking Feature is processed on our behalf by Timely.
e) When you use our services
If you have contracted us to provide a service, we process your data (if provided: Name, contact details (email address and phone number), address, and all information required in the context of the performance of the services including health data in accordance with Art. 9 GDPR, exclusively for the purpose of processing and handling the contractual relationship. This includes in particular our appropriate treatment, advice and support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations.
We ask you not to provide us with health data pursuant to Art. 9 GDPR from the outset. If health data are relevant according to Art. 9 GDPR, we process them together with your other data. Your data will not be used by us for automated decision making or profiling, nor will it be shared with third parties.
Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations.
f) Administration, financial accounting, service, and business organisation, contact management
We process data within the scope of administrative tasks as well as organisation of our business, financial accounting, service and compliance with legal obligations, such as archiving.
In doing so, we process the same data that we process in the context of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations.
We send newsletters, e-mails and other electronic notifications with promotional information via the Mail Chimp, and only with the consent of the recipients or a legal permission. Apart from that, our newsletters contain information about our products, offers and promotions. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. The legal basis is your consent as well as our legitimate interest.
i) Ordering in our Shop
We collect, process, and use the information you provide in the context of an order (contact details, such as name, delivery and billing address and e-mail address), as well as information on the type of payment method for the purpose of executing the contract. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you.
In order to process the contract and provide you with our services, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you.
j) Payment Processing
To make a purchase, you may need to provide a valid payment method (e.g., credit card). Your payment information will be collected and processed by of the US based Company payment service provider Stripe. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions.
k) Careers and Applications
If you apply for a role or job, we process the information we receive from you as part of the application process, e.g., through your letter of application, CV, references, correspondence, telephone, or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.
Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used to carry out and terminate your employment and will be deleted in accordance with the rules applicable to personnel files. If we are unable to offer you employment, we will continue to process your data for up to six months after sending the rejection in order to defend ourselves against any legal claims, in particular alleged discrimination in the application process.
The legal basis for processing data during the application process is Art. 6 para. 1 lit. b) GDPR and, if you have given your consent, for example by sending us information that is not necessary for the application process, it is the fulfillment of a contract / pre-contractual measures. The legal basis for data processing after a rejection is our legitimate interest.
As a rule, we do not require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data. Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties. Your data will be processed by us or on our behalf.
You are not obliged to provide us with personal data. However, we can only assess your suitability for the respective position under consideration if we receive information in particular about your education, work experience and skills, and we cannot include you in the application process without providing your contact details.
Duration of data storage
We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, irrespective of the processing purposes.
Transfer of personal data
We will not disclose or otherwise distribute your personal data to third parties unless this:
is necessary for the performance of our services,
you have consented to the disclosure,
or the disclosure of data is permitted by relevant legal provisions.
However, we are entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation of the service and membership organisation and support of the website, data management, the provision and performance of services for example other physiotherapists, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the DPA and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organisational measures, and additional controls by us.
In the case of delivery of goods with share your data with the necessary logistics companies and the postal service provider specified when the order was placed.
We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place at iSkin Clinic.
Your data subject rights
These rights are standardised in the DPA and the GDPR. These include:
the right to information (Art. 15 GDPR),
the right to rectification (Article 16 GDPR),
the right to erasure (Article 17 GDPR),
the right to restriction of data processing (Article 18 GDPR),
the right to data portability (Article 20 GDPR),
the right to object to data processing (Article 21 GDPR),
the right to revoke any consent you have given (Art. 7 (3) GDPR), and
the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You can however also lodge a complaint with a data protection supervisory authority. The UK`s Information Commissioner`s Office (ICO) is the for us relevant data protection supervisory authority. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
State-of-the-art internet technologies are used to ensure the security of your data. During the online enquiry process, your details are secured with SSL encryption. For secure storage of your data, the systems are protected by firewalls that prevent unauthorised access from outside. In addition, technical and organisational security measures are used to protect the personal data you have provided against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.
We are present in “social media” (currently, Instagram and Facebook) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers. We would like to point out that you use social media platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). We, as the provider of our Social Media Profile, do not collect and process any data from your use of our social media platforms and beyond this. The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users.
Analysis and Online Marketing
a) Google Analytics
We use Google Analytics from Google Inc to evaluate your use of our website, to compile reports on the activities and to provide other services related to the use of our website in order to improve the user experience. When Google Analytics is used, interactions of website visitors are primarily recorded and systematically evaluated with the help of cookies. The following data is processed through the use of Google Analytics:
3 bytes of the IP address of the called system of the website visitor (anonymized IP address),
the website called up,
the website from which the user reached the accessed page of our website (referrer),
the subpages accessed from the website,
the time spent on the website
the frequency with which the website is accessed.
Google states that it will not associate your IP address with any other data held by Google. You can prevent the storage of cookies by setting your browser accordingly. You can also prevent the collection of the data generated by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
b) Meta/Facebook Custom Audiences (Pixel/Cookies)
We use a so-called tracking pixel of Meta Platform (formerly Facebook), on our website. We use Meta/Facebook Pixel to track the success of our own Facebook advertising campaigns and to optimise the playout of Meta/Facebook advertising campaigns to interested target groups.
After clicking on a Facebook ad or visiting our website, a cookie is stored on your device using the pixel on our website. The cookie processes data about whether you arrived at our website via a Facebook ad and allows us to analyze the user’s behavior. This allows us to track the success rate of our Facebook advertising campaigns. In addition, the pixel processes data about the fact that you have visited our website and allows you to customise the ads played on Facebook to your interests.
Via the Meta/Facebook Pixel cookie, a direct connection to Facebook’s servers is established when you visit our website. The information generated by the cookie about your use of our website (including your IP address) is transmitted to Facebook in the USA.
The data collected is anonymous for us and does not allow us to draw any conclusions about the user. If you are registered with Facebook, Facebook can assign the collected information to your account. Even if you do not have a Facebook account or are not logged in when you visit our website, it is possible for Facebook to process and store your IP address and other identification data.
c) Google Remarketing (Google Ads)
As a further tracking technology, we have integrated Google Remarketing services on our website. Google Remarketing is a function of Google Ads that enables a company to display advertisements to Internet users who have previously visited the company’s website. The integration of Google Remarketing thus allows a company to create user-related advertising and consequently to display interest-relevant advertisements to the Internet user.
The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing enables us to display advertisements via the Google advertising network or to have them displayed on other Internet pages that are tailored to the individual needs and interests of Internet users.
You have the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.com/settings/ads from any of the internet browsers he or she uses and make the desired settings there.
d) Google Maps
We use the services of Google Maps provided by Google Inc to allow us to show you interactive maps directly and to enable you to use the map function conveniently. Google receives the information that you have called up the corresponding sub-page of our website and in addition, the data your location data will be transmitted. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its services. The legal basis for this processing is our legitimate interest.
Advertising and Marketing
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
Updating your information
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests. Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.
Who should I contact for more information?