Privacy Policy
PRIVACY NOTICE
Last updated: August 2024
What does this notice cover?
This notice describes how Laser Clinics UK Management Ltd, UK Skin & Laser Clinics Ltd, LCUK Holco Limited and affiliated companies within the Laser Clinics network (“LCUK”, “we”, “us” or “our”) processes your personal information when you visit our website laserclinics.co.uk (the “Website”) or any of our corporate or franchised clinics in the UK, which can be found here (“Clinics”). It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Your data protection rights” section.
We may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
If you have any questions, please contact us using the details in the “Contact us” section.
What personal information do we collect?
When we refer to “personal information” in this notice, we mean information that relates to you. We collect and process your personal information when you interact with us online via our Website, in Clinic or by email via our marketing campaigns and/or through social media. This includes:
- Identity and contact information: including your name, your age, your postal address, email address and phone number;
- Account data: including username and password;
- Transaction information: including bank and payment card information where used to make a purchase;
- Device information: including information related to the browser or device you use to access our Website, such as your IP address. We typically collect this information through the use of cookies and similar technologies – please see our Cookies Notice for more information;
- Your marketing preferences: including any consents you have given us;
- Treatment details: including the nature and scheduling of your treatments, your medical history as it relates to treatments and information relating to any adverse events;
- Photographs: before and after treatment photographs;
- The content of your communications or any other personal data you provide to us directly.
Certain of this personal information may constitute ‘special categories of data’ which are more sensitive, namely health information provided by you and collected by us as part of your treatment file, details of telehealth consultations, certain treatment details and photographs, and any allergies you may have.
Sometimes we received personal information about you from third party sources – primarily this will be other members of the Laser Clinics group such as franchised Clinics via our use of shared systems. But it may also be third parties running promotions, in which case they will generally obtain your consent to share your personal information with us.
How do we use this information, and what is the legal basis for this use?
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where you have given us your consent.
- Where we need to comply with a legal obligation.
We process this personal data for the following purposes:
Purpose |
Type of data |
Legal bases |
To create an account and register you as a new customer |
Identity and contact information, Account data |
Performance of a contract |
To provide you with our services and products |
Identity and contact information, Account data, Transaction information, Treatment information |
Performance of a contract Legitimate interests (e.g. to recover debts due to us) |
To create a record of your treatments and preferences which can be accessed by your treating team across our Clinics |
Identity and contact information, Transaction information, Treatment information, Photographs, Your marketing preferences |
Legitimate interests (to keep records and to honour your preferences and choices) |
To manage our relationship with you, including to notify you about changes to our terms and asking you to provide feedback, leave a review or take a survey |
Identity and contact information, Account data |
Performance of a contract To comply with a legal obligation For our legitimate interests (including to keep records) |
To administer and protect our business and this Website |
Identity and contact information, Account data, Device information |
For our legitimate interests (including running our business, network security, to prevent fraud) To comply with a legal obligation |
To deliver relevant Website content and advertisements to you and measure the effectiveness of the advertising we serve to you |
Identity and contact information, Transaction information, Device information, Your marketing preferences |
For our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our Website, products, services, marketing and customer experience, including recording statistical data for our internal marketing analysis |
Transaction information, Device information |
For our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To provide you with marketing relating to our products and services |
Identity and contact information, Device information, Your marketing preferences |
For our legitimate interests and where required by law, on the basis of your consent. |
To comply with legal and regulatory requirements such as adverse event reporting |
Identity and contact information, Your marketing preferences, Treatment information, Transaction information, Photographs |
Where required by law |
Sharing your personal information
We will share your personal information with our group of companies for the purposes set out in this notice, including Laser Clinics Australia and its related entities, whose privacy policy can be found at Privacy Policy | Laser Clinics Australia.
Your personal information may also be shared with third party service providers, who will process it on our behalf for the purposes identified above. We use third party providers of marketing, market research (including by using other available data to gain greater insights about our clients) CRM, payments, IT, website hosting and, maintenance, and identity checking services.
Personal information may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
International transfers
We generally store your personal information within the UK and European Economic Area (“EEA”). Where we need to share your personal information with other members of the LC group, such data may be transferred to Australia on the basis of ‘standard contractual clauses’ approved by the UK Government. We also may use third party suppliers who are based outside of the UK and EEA, including in the US, in countries that may provide a lower standard of protection for personal information. Where your personal information is transferred to a country which does not offer a similar level of protection, we will take steps to ensure your personal information is adequately protected (e.g. by way of entering into contracts that have been approved by the relevant UK or EU authorities or relying on a supplier’s ‘Binding Corporate Rules’ or by relying on such other data transfer mechanisms as available under applicable data protection laws). A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.
How long we keep your personal information
We will store your personal information for as long as it is required for us to fulfil the purposes for which we have collected it, as described in this notice, and for such further period that is necessary to comply with our legal and regulatory obligations, to exercise our legal rights and to protect our company from legal claims.
Where we process your personal information in connection with entering into or performing a contract, we generally keep the data for 6 years from your last interaction with us in accordance with legal limitation periods in the UK.
We will delete or anonymise any data that we no longer need for the purposes set out in this Notice.
Your data protection rights
You have the right to ask us for a copy of your personal information; to correct, delete or restrict (stop any active) processing of your personal information; and to obtain the personal information you provide to us in a structured, machine-readable format. In addition, you can object to the processing of your personal information in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
Where you have given us your consent, you also have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority. In the UK, this will be the Information Commissioner’s Office. You can make any complaints initially to us via the contact details below.
To exercise any of these rights you can get in touch with us using the details set out in the “Contact us” section below.
Updates to this notice
We may update this notice at any time to reflect changes in the way we use personal information. We will provide you with a new notice when we make any substantial updates where reasonably possible. We may also notify you in other ways from time to time about the processing of your personal information.
Contact us
The controllers of your personal information described in this notice will be Laser Clinics UK Management Ltd, UK Skin & Laser Clinics Ltd, LCUK Holco Limited. Our franchisees may also act as controllers of your personal information, but you can direct any questions, or exercise your rights, using the single point of contact identified below.
If you have questions in relation to this notice or on how we use your personal information, please contact us at: privacy@laserclinics.co.uk.