Privacy Notice – Overview
This privacy notice describes how and why we, as data controller, obtain, store and process personal data. Personal data is information relating to you that enables us to identify you, for example, your name, email address, payment details and information about your access to this website.
We will process your personal data fairly, lawfully and transparently. This privacy notice describes the personal data we are collecting about you and how it is used. We will only collect and use your personal data for the following purposes, to:
· provide our services
· improve our services
· make our marketing more relevant to you and your interests
· meet our legal responsibilities
We may update this notice from time to time and we will notify you of any changes.
Please do not hesitate to contact us if you have questions in addition to the information provided in this notice – email@example.com
Your Rights & Our Commitment to You
You have several rights under the data privacy legislation and NKD Aesthethics LTD. is committed to you being able to freely exercise your Rights. Where possible, we have incorporated automated tools on our website that enable you to facilitate your Rights in real-time. Use the NKD Aesthethics LTD. Privacy Centre to access and manage the personal data we hold on you and manage your preferences.
Your Rights include, under certain circumstances, the right to:
Be informed:you have the right to be informed if and how your personal data is being processed.
Access, rectification or erasure: you have the right of access to personal data we hold about you in our records. You are also entitled to have your personal data corrected if it is inaccurate, or to have it erased if we do not have a legitimate reason for retaining your data.
To request data portability: for personal data which you have provided to a controller, where processing was based on your consent, or where processing is done by automated means, you have the right to obtain a digital copy of your personal data, request the transfer of your personal data to another company or request to move your data from one IT system to another in a safe and secure way.
To request restriction of processing: you have the right to restrict the processing of your personal data where you are contesting the accuracy of that information, you have objected to processing (as described below), or where the processing is unlawful. Where processing is restricted, we may need to retain sufficient information about you to ensure that the restriction is respected in future.
To object to automated decision-making including profiling: you have the right not to be the subject of any automated decision-making or profiling by us.
To withdraw consent: in cases where we are relying on your consent for the processing of your personal data, you have the right to withdraw your consent at any time. In respect of the e-marketing we conduct, an unsubscribe (withdraw consent) option is included with every e-marketing communication we send.
To object to processing: where your personal data is being processed based on the legitimate interests of a data controller or third party, you have the right to object to that processing.
To complain to the relevant supervisory authority: should you have any concerns or complaints regarding the way in which we process your data, please email us directly at firstname.lastname@example.org. You also have the right to make a complaint to the Information Commissioner’s Office (ICO) in the UK. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.
The Personal Data We Collect
Personal data means any information about an individual from which that person can be identified. It does not include anonymised data, where the identity and identifying information has been removed.
While our website is designed for a general audience, we will not knowingly collect any data from children under the age of 16 or sell products to children. If you are under the age of 16, you are not permitted to use or submit your data to the website.
Depending on the type and level of engagement you have with us, we may collect the following categories of personal data:
From the Services: We receive and store information you provide directly to us. For example, when setting up new users, we collect Personal Information, such as name and e-mail address, to provide them with the Services. The types of information we may collect directly from our customers includes: personal information (e.g. name, date of birth, sex); contact information (e.g. email address, phone number, home address); payment information (e.g. bank account details, credit card details); as well as any other contact or other information they choose to provide us or upload to our systems in connection with the Services.
We may also collect special categories of personal data (also known as sensitive data) from our customers when they use our Services through a questionnaire form prior to treatments. The types of sensitive personal data we may collect includes: medical history (e.g. current and previous history of doctor treatments and details of surgeries and/or pregnancies); skin conditions (e.g. current or previous history of skin conditions or allergies); use of medication (current or previous history of medication taken and/or creams used), as well as any other relevant health related data customers choose to provide us or upload to our systems in connection with the Services.
From our Website: We may collect any Personal Information that you choose to send to us or provide to us, for example, on our “Online Enquiry” form. If you contact us through the Website, we will keep a record of our correspondence.
Information We Automatically Collect:
When you use our Services:
· Usage information – we keep track of user activity in relation to the types of Services our customers and their users use, the configuration of their computers, and performance metrics related to their use of our Services.
· Log information – we log information about our customers and their users when you use one of our Services including Internet Protocol (“IP”) address.
· Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users’ computers.
· Customer Feedback – While using our Services, you may be asked to provide feedback (e.g. in the software directly or after receiving help from our support team). Providing this feedback is entirely optional.
When you use the Website: When you visit the Website, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website.
How We Collect Your Data
We may collect your personal data in one of the following ways:
· When you visit our website
· When booking an appointment or treatment
· When you engage with us on social media
· When you contact us with queries
· When you review our services
· When you apply for an employment vacancy with NKD Aesthethics LTD.
Data from Third parties
We may also receive personal data about you from various third parties, including:
· Technical Data from third parties, including analytics providers such as Google. Please see further information in the section entitled ‘Marketing preferences, adverts and cookies’ below
· Technical Data from affiliate networks through whom you have accessed our website
· Identity and Contact Data from social media platforms when you log in to our website using such social media platforms
· Contact, Financial and Transaction Data from providers of technical, payment and delivery services
How We Use Your Personal Data
The legal basis for processing your personal data
We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it. We will only collect personal data from you when:
· we have your consent to do so, or
· we need your personal data to perform a contract with you. For example, to provide you with our data privacy software, or
· pursuing our legitimate interests in a way that you might reasonably expect to be a part of running our business and that does not significantly impact your interests, rights and freedoms, for example, showing NKD Aesthethics LTD. advertisements to you as you browse the internet.
· we have a legal obligation to collect or disclose personal data from you (e.g. in suspected instances of fraud where we need to give personal data to An Garda Siochana or a government body).
This is why we process your personal data:
· Set up a user account, book an appointment or treatment
· Provide, operate and maintain our services
· Process and complete transactions, and send related information, including transaction confirmations and invoices
· Manage our customers’ use of our services, respond to enquiries and comments and provide customer service and support;
· Send customers technical alerts, updates, security notifications, and administrative communications
· Investigate and prevent fraudulent activities, unauthorised access to our services, and other illegal activities; and
· For any other purposes about which we notify customers and users.
· We use your Personal Information in this context based on the contract that we have in place with you or our legitimate interest for security purposes (e.g. the prevention and investigation of fraudulent activities). Personal Information will be deleted based on the terms of the contract.
How We Share Your Data
We sometimes share your personal data with our trusted categories of third parties we use to conduct our business, for example, to provide our privacy centre services to you; to handle feedback and complaints; and to help us understand your behaviour in order to customise and maximise our services, advertising, marketing, competitions and offers to you.
Our trusted categories of third parties include website hosts, cloud service providers, social media providers, professional services providers, customer survey service providers and advertising partners.
As part of our e-marketing methods and on the basis of our legitimate business interests, we use some Google services and some Facebook products in accordance with the practices explained in the Google and Facebook terms and privacy notices. In order to protect your personal data by pseudonymising it, Google and Facebook ensure that a hashing algorithm is applied automatically at the point of sharing personal data with Google and Facebook. Please consult their relevant terms and privacy notices for further information and your options. If we can help you in any way please do not hesitate to contact us at email@example.com.
As part of our fraud monitoring, detection and prevention methods and on the basis of our legitimate business interests, we use a third-party fraud monitoring, detection and prevention service provider for all website/online sales. As part of this service, we may share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name and location), together with account information, with third party organisations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction. Please note that these third parties may retain a record of the information that we provide to them for this purpose.
We may share your personal data with government bodies and law enforcement.
We may also share your personal data with our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Marketing Preferences, Adverts and Cookies
Marketing – Your Preferences
We may send you marketing communications and promotional offers:
· if you have created an account with us or subscribed to our services, and you have not opted out of receiving marketing (in accordance with your preferences, as explained below);
· by email if you have signed up for email newsletters;
We may use your personal data (as outlined in the ‘Personal Data We Collect’ section) to form a view on what we think you may like, or what may be of interest to you, and to send you details of services which may be relevant for you.
We will ask you for your preferences in relation to receiving marketing communications by email, and other communication channels.
You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us (or any third party, if applicable) at any time:
· you can unsubscribe or ‘opt-out’ by using the unsubscribe button and following the link included in the footer of any marketing email; or
· account holders may withdraw their consent by simply logging in to the NKD Aesthethics LTD. Privacy Centre and managing their preferences.
We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.
Our Use of Analytics and Targeted Advertising Tools
We use a range of analytics and targeted advertising tools to display relevant website content on our website and online advertisements on other websites and apps to you. We use these tools to deliver relevant content to you in marketing communications (where applicable), and to measure the effectiveness of the advertising provided. For example, we use tools such as Google Analytics to target and improve our marketing campaigns, marketing strategies and website content. We may also use tools provided by other third parties to perform similar tasks. If you would like any further information about the data collected by these third parties or the way in which the data is used, please contact us on firstname.lastname@example.org.
In order to opt out of targeted advertising, please manage your preferences in the NKD Aesthethics LTD. Privacy Centre.
Links to Other Websites and Third Parties
Our website may include links to and from the websites of our partner networks, advertisers and affiliates, or to social media platforms. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.
Transferring Your Data Outside the EEA
The personal data we collect from you may be transferred to, and stored at, destinations outside the European Economic Area (“EEA”) using legally-provided mechanisms to lawfully transfer data across borders. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of our services to you. We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.
If we share your personal data outside of the European Economic Area, we ensure that there is an appropriate transfer mechanism in place to protect your personal data and comply with our data protection obligations.
Please contact us if you want further information on the countries to which we may transfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA – email@example.com
Storing and Securing Your Data
Storing Your Data
We need to retain your personal data to satisfy our legal obligations, to deal with complaints and queries, in order to resolve, litigate or defend a dispute and to prevent fraud and abuse.
Having obtained your consent (or other legal basis) to contact you, we will retain your personal data for marketing and analysis purposes until you withdraw your consent. If you choose to withdraw your consent to marketing, we will delete your personal data from our systems, unless we have another legal basis to retain it, which may include performance of our contract with you.
We will not keep your personal data for longer than is necessary and when we no longer need to keep it, we will securely destroy, delete or anonymise it.
Securing Your Data
The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.
We have put in place physical, electronic and managerial security procedures in the storage and disclosure of your personal data to protect it against accidental loss, destruction or damage. Nevertheless, any data transmission over the internet or by any other means can never be fully secure, such is the character of the internet, and provision of personal data by you to us is at your own risk. We take all reasonable measures to protect your personal data by putting appropriate technical and operational security measures in place.
When we disclose your personal data to trusted third parties (for the purposes set out in this notice), we require all third parties to have appropriate technical and operational security measures in place to protect your personal data, and we work with them to ensure that your data protection and privacy rights are respected. Where your personal data is shared with a third party, it must only be used for the purposes for which it was supplied.
In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.
The California Consumer Privacy Act
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.
Consistent with California law, if you are within the scope of CCPA and choose to exercise your applicable CCPA rights, we won’t charge you diﬀerent prices or provide you a diﬀerent quality of services.
Changes to This Privacy Notice
From time to time we may change this privacy notice. If there are any significant changes, we will post updates on our website, applications or let you know by email at firstname.lastname@example.org
How to Contact Us
We welcome feedback and are happy to answer any questions you may have about your data.
You can contact us at:
Email : email@example.com
NKD Aesthethics LTD (“Company”)
Company no. 12326333, headquartered in 89-91 Wardour Street, Third Floor
London, England, W1F 0UB
This notice was most recently updated: 23rd March 2022