The Clinic by Dr. Mayoni respects your privacy and is committed to protecting your personal data. This privacy notice tells you how we look after information you may provide to us about yourself in your dealings with us, both online and offline.
1. Purpose of this notice
This privacy notice explains our approach to any information about yourself that you might supply to us (or that might be collected from you) in your interactions with The Clinic by Dr. Mayoni which contains personal data and sets out your rights in respect of our processing of your personal data.
Please also note that this privacy notice only applies to the use of personal data collected by The Clinic by Dr. Mayoni during your communications with us. It also applies to any communications with our carefully selected service providers that we rely on to carry out
some of our activity, but it does not apply to personal data collected during your communications with third parties.
2. Who are we and what do we do
The Clinic by Dr Mayoni, a beauty and aesthetics practice (for more information about us click here )
The Managing Director of The Clinic by Dr. Mayoni is the data controller responsible for your personal data.
References to (“ we” “ us” or “ our”) in this privacy notice are references to The Clinic by Dr Mayoni.
Dr Mayoni LTD is the trading name of The Clinic by Dr Mayoni, which is an English company.
Our company registration number is 10332053.
Our registered office is at 43 Honor Oak Park, London, SE23 1DZ.
Our VAT registration number is 248970267.
3. How to contact us
If you have any questions about this privacy notice or want to exercise your rights (see Section 13: How to access your information and your other rights), please contact us by:
- please contact us via our contact form [click here]; or
- writing to us at Clinic Manager, The Clinic by Dr Mayoni, 43 Honor Oak Park, London, SE23 1DZ
4. When do we collect personal data?
We collect personal data about you in many different circumstances, most of which involve direct interaction between you and us, but some of which do not. We collect personal data about you:
- When you create an online account with us to use our resources.
- When you engage with us, or about us, and on social media or make any purchases from us
- When you contact us by any means with queries, complaints etc, or you apply for a job with us
- When you ask us to send you information or resources
- When you enter an event or workshop
- When you choose to complete any surveys
- When you participate in any of our marketing and advertising activity or agree to provide any service to us
- When you comment on or review our information
- Any individual may access personal data related to them, including opinions. So if your comment or review includes information about a member of our staff that you dealt with, it may be passed on to them if requested
- When you fill in any forms. For example, if you take part in any treatments, marketing activity or we ask you for permission to feature your image or testimonials in our publicity materials
- When you’ve given a third-party permission to share with us the information they hold about you
- When you have given your consent to share information or where the information is made public as a matter of law
- If you visit our offices which have CCTV systems operated for the security of both our clients, visitors and staff. These systems may record your image during your visit
5. What sort of personal data do we collect?
Personal information may be collected from you in the following ways:
Information you voluntarily provide to us:
We collect and maintain personal data that you voluntarily submit to us during your use of our services, such as treatments or purchases, your use of our website and your other interactions with us (e.g. when registering to receive information from us, signing up as a client, during the course of correspondence and conversations with us, as part of any user support interactions, or if you participate in any marketing activity, communicate with us via social media or apply for a job with us).
In particular, in order to sign up and create an account on our website or to participate in our services (e.g. having a treatment, purchasing a product/voucher) werequest the following personal information from you:
- Date of Birth
- Email address
- Phone number
- A medical consultation form to be filled out
Other than the information which is definitely required to set up your account and participate in treatments with us, you have the flexibility to provide us with as little or as much of this requested information as you like. However, the more information you provide, the more you will get out of your interactions with us.
If you contact us, we may collect additional personal data from you such as your opinion on competitors treatments and activities, social media and services we provide.
Information we collect through your use of our website:
- IP address of device(s) used
- browser type
- operating system and device type
- approximate location (e.g. London)
- access times and dates; and
- referring website addresses
We also collect personal data regarding your use of and activity on our website.
This personal data allows us to deliver more helpful information, services and tools.
Your image may be recorded on CCTV if you visit The Clinic by Dr Mayoni.
Information we collect from third parties:
We may also combine personal data that we collect through your interactions with us with personal data that: a) you have provided to third parties and in respect of which you have given the third-party permission to share with us; and/or b) we have obtained from a public record.
6. What legal grounds do we have for using your personal data?
We will only use your personal data where the law allows us to. Under data protection law, there are various grounds (also referred to as lawful basis or legal basis) on which we can rely when processing your personal data. In some contexts more than one ground applies.
We have summarised these grounds as Contract, Legal Obligation, Legitimate Interests and Consent and outline what those terms mean in the following table:
|Term||Ground for processing||Explanation|
|Contract||Processing is necessary for performance of a contract with you or to take steps at your request to enter a contract.||This covers carrying out our contractual duties and exercising our contractual rights.|
|Legal Obligation||Processing is necessary to comply with our legal obligations||Ensuring we perform our legal and regulatory obligations. For example, health and safety obligations and avoiding unlawful discrimination.|
|Legitimate Interests||Processing is necessary for our or a third party’s legitimate interests.||We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.|
|Consent||You have given specific consent to processing your data.||Generally we rely on consent as a legal basis for processing your personal data only to send you information about The Clinic by Dr Mayoni via email or text message which you have not specifically asked us for. You have the right to withdraw consent to us sending you this information at any time by contacting us (see How to contact us?).|
7. How and why do we use your personal data?
We have set out below a description of the ways we use your personal data, and which of the lawful grounds for processing we rely on to do so.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose / Activity||Ground for Processing|
|To register you as a new client or user of The Clinic by Dr. Mayoni||Legitimate interests|
|To respond to job applications||Legitimate interests|
|To participate in our activity (e.g. as a case study, a trial subject or as a tester) or provide services to us to support the positive holistic approach to health and beauty that we believe in||Consent Legitimate interests Contract|
|To respond to your communications with us e.g. a general enquiry||Legitimate interests|
|To manage our relationship with you which will include (a) notifying you about changes to our terms or privacy notice (b) asking you to leave a review or take a survey||Legal obligation Legitimate interests|
|To enable you to take part in the services we offer and provide, events and workshops, competitions, competition or complete a survey||Legitimate interests Contract|
|To administer and protect our business and our staff and run the services we provide, including our daily business activities and our website||Legitimate interests Legal obligation|
|To deliver relevant content and other information to you and measure or understand the effectiveness of the information we send to you||Legitimate interests Consent|
|To use data analytics to improve our website, information, resources and user relationships and experiences||Legitimate interests|
|To make suggestions and recommendations to you about information that may be of interest to you e.g. with new treatments or updates on treatments that you've had with us before or shown interest via a consultation. If you'd be interested in being a case study to support our positive holistic approach to health and beauty||Legitimate interests|
|We use CCTV in our premises for security and crime prevention||Legitimate interests Legal obligation|
Communications from us
We strive to provide you with choices regarding certain personal data uses, particularly around communications that we may send to you that you have not specifically asked for.
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which information may be relevant for you.
You will receive communications from us about treatments you have booked and/or purchases, newsletters and/or treatmet updates you have requested at The Clinic by Dr Mayoni and via our workshop activity if you have requested information from us when you provided us with your details when you registered on those activities and, in each case, you have not opted out of receiving those communications.
Third party marketing
We will never share your personal data with any company for marketing purposes.
You can ask us to stop sending you communications about our activities at any time by contacting us at any time.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please click here to contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal ground which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. Third party links and services
Our website may contain links to third party websites and services. Please remember that when you use a link to go from our website to another website or you request a service from a third party, this privacy notice no longer applies.
Your browsing and interaction on any other website, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies.
We do not monitor, control, or endorse the privacy practices of any third parties.
We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices.
This privacy notice applies solely to personal data collected by us through our website and does not apply to these third party websites and third party service providers.
10. Transfers outside the EEA
The remit of our business is within Great Britain, and so there is generally no need for us to transfer your personal data outside the EEA. However, a small number of our external third party providers (such as HealthXchange Pharmacy, the pharmacy that we use to provide some clients, on request, for the purchase of products) are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based outside the EEA, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and countries outside the EEA.
If you want more information on the specific mechanism used by us when transferring your personal data out of the EEA, please click here to contact us .
11. How long do we keep your personal information for?
We will only keep your personal data for as long as is necessary for our purposes. In considering how long to keep personal data, we will take into account its relevance to our business and our legal and regulatory obligations.
The Clinic by Dr Mayoni will keep records for 1 year after your last interaction with us (e.g. your last treatment, purchase of product or voucher, job application, social media interactions) except where there may be a legal obligation to keep your records for longer. Contact us (see Section 3: How to contact us) if you would like to see a copy of our retention policy, which contains more information.
12. Confidentiality and security of your personal information
We are committed to keeping the personal information you provide us secure and we will take reasonable precautions to protect your personal information from loss, misuse or alteration.
We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification; and
- unlawful destruction or accidental loss.
All our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of the personal data of all users of our website and anyone else we may hold personal data about.
13. How to access your information and your other rights
You have the following rights in relation to the personal information we hold about you:
Your right of access.
If you ask us, we’ll confirm whether we’re processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification.
If the personal data we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If we’ve shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
Your right to erasure.
You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or you withdraw your consent (where applicable). If we’ve shared your personal data with others, we’ll let them know about the erasure where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
Your right to restrict processing.
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or object to us processing it. It won’t stop us from storing your personal data though. We’ll tell you before we lift any restriction. If we’ve shared your personal data with others, we’ll let them know about the restriction where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
Your right to data portability.
You have the right, in certain circumstances, to obtain personal data you’ve provided us with (in a structured, commonly used and machine-readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.
Your right to object.
You can ask us to stop processing your personal data, and we will do so, if we’re:
- relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
- processing your personal data for direct marketing; or
- processing your personal data for research unless such processing is necessary for the performance of a task carried out in the public interest.
Your rights in relation to automated decision-making and profiling.
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, and it produces a legal effect or similarly significantly affects you unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent.
If we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time (click here to contact us).
Your right to lodge a complaint with the supervisory authority.
If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal data, you can report it to the UK Information Commissioner’s Office (ICO). The Clinic by Dr. Mayoni is registered with the UK ICO, and our data protection registration number is ZA226603. You can find details on how to contact the ICO at their website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.
14. Changes to this privacy notice
We may make changes to this privacy notice from time to time and you should tell us if your information changes.
To ensure that you are always aware of how we use your personal data we will update this privacy notice from time to time to reflect any changes to our use of your personal data. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We may notify you by email of any significant changes. However, we encourage you to review this privacy notice periodically so that you are aware of how we use your personal data.
15. Changes to your information
It is important that the personal data we hold about you is accurate and current. Please contact us to tell us of your personal data changes during your relationship with us.
This policy was last updated by CF on 24/05/18 v1.0.1