How information about you will be used
Who are we?
Skinviva Limited is a company providing a range of non-surgical beauty treatments and associated training and education services.
Why we process your data?
You, or your authorised third party, has provided us with your data in order to:
- provide you with information about our services, including the provision of credit (where applicable), or
- provide you with our services, or
- both of the above
The data we generally process is not publically available, however, we may obtain information from other third parties where you have consented for those third parties to share your data or where there is a legitimate interest to do so. For example, if you are making payment on credit and miss payments we may obtain your current address and contact details amongst other data from public records such as the Land Registry or to check information with Credit Reference Agencies to ensure we hold correct details for you.
What data do you hold on me?
We hold necessary information to be able to provide you with any of the services described above, ensure a complete medical history is maintained (where appropriate) and to keep you up to date with our services (where you have asked for us to do so). For example, your name, address, date of birth, medical history (where applicable) and contact details.
We will also keep a selection of photographs and/or video of your treatment (if applicable) in order to ensure the highest quality of service. We will not transfer this to any other third party without your permission, unless you agree we may use such media for our marketing purposes.
Where you have selected to purchase our services on credit we will also hold information such as payment history, default details and credit history.
We will also hold necessary data in order to pursue our legitimate interests including keeping you up to date with our services.
How will you use my personal information?
Our use of your data will be to allow us to supply our services, ensure your contractual obligation is met and to protect your vital interests. This includes (where applicable for the training school or a treatment):
- providing your treatment / operating training courses that you attend;
- checking your professional registration status (if you are training with us);
- ensuring your treatment is safe;
- making reasonable adjustments;
- providing healthcare professionals with information about treatment where this is vital to your health;
- providing credit;
- debt recovery;
- managing and/or monitoring your account;
- statistical analysis;
- fraud prevention; and
- sharing with Credit Reference Agencies or approved third party suppliers.
We will only use your personal data for marketing purposes where you have agreed with us we can do so in advance or where you have previously been a customer of ours. We will never pass your data onto a third party for marketing purposes except to Dr Tim Limited which has taken over the supply of our on line learning services.
The processing of your data is necessary for the performance of the contract you entered into with us.
Who will you share my data with?
All the personal data we hold about you will be processed within the EU or to any country that can guarantee adequate protection under the data protection legislation.
We process your data to the following organisations:
- Experian as this service provides credit check facilities, where you are making payment on a monthly payment plan.
- Pioneer Software as this firm provides computer systems we use, they do not pass your data to any other third party.
- Microsoft as this firm provides computer systems we use, they do not pass your data to any other third party.
- DropBox to store data, they do not pass your data onto any other third party.
- Box to store data, they do not pass your data onto any other third party.
- KS Services Ltd as this firm provides computer systems we use, they do not pass your data to any other third party.
- Daniel Silverman as the firm provides debt recovery services, they do not pass your data to any other third party.
- Allergan as this firm provides training content and materials that we may choose to deliver to you when you attend training with us.
- Go Cardless, as this firm provides payment plans, where you are making payments on a monthly basis.
- Talent LMS as this firm provides online software to manage the learner content, they do not pass your data to any other third party.
- Learndash as this firm provides online software to manage the learner content, they do not pass your data to any other third party.
- Other Aesthetics Mastery Programme Students who are also participating in the same programme of learning.
- GoCardless as this service provides payment facilities.
- Stripe as this service provides payment facilities.
- Worldpay as this service provides payment facilities through our computer systems.
- Level 7, as this firm provides training content and materials that we may choose to deliver to you when you attend training with us.
- Harley Academy, as this firm provides training content and materials that we may choose to deliver to you when you attend training with us.
We may disclose information outside of these groups to help prevent fraud, or if required to do so by law.
Sensitive personal data
(Before having a treatment) It would benefit you to notify us of any health condition, disability, treatment history and/or personal information relating to your private life that may impact on the services we offer. This will allow us to take reasonable steps to accommodate your needs or requirements and to ensure safe treatment.
We will require your explicit consent to process this information, unless the processing of this data is deemed to be in your ‘vital interest’. This information will be used by us to assist you and will be kept as long as it is required for this purpose.
Where we have asked you for permission to keep you up to date with our services and you have agreed we will contact you at reasonable intervals to keep you up to date. Equally we may do so where you have previously been a customer. You have the right to withdraw consent at any point and can do so by emailing: firstname.lastname@example.org or email@example.com.
How long is my data retained?
We will generally retain your data for six years after our services have finished, after which time it will be deleted or anonymised if it is no longer required for the lawful purpose for which it was obtained. However where the data is required to ensure your vital interests, an example of this is the treatment received, we will maintain this indefinitely.
What are my rights?
Under data protection legislation you have several rights regarding the use of your personal data, as follows:
- If at any point you wish to either confirm whether your personal data is being processed and/or you require access to the data we hold on you, you can request to see this information, and we will respond within a month.
- You also have the right for certain data you have provided us with to be provided to you in structured and commonly used electronic format (for example, a Microsoft Excel file), so that you can move, copy or transfer this data easily to another data controller.
- You are entitled to have data corrected if it is inaccurate or incomplete.
- Whilst you are entitled to have data deleted if it is no longer needed or there is no longer a legitimate reason for processing, or the data is question has otherwise unlawfully been processed, it is unlikely we will delete your data unless you have settled the account or it is closed
- You have the right to object to the processing of your personal data.
- You have the right to restrict the processing of your personal data under certain circumstances, including if you have contested its accuracy, or if we are reviewing an objection you have raised in relation to its processing.
How to complain about the use of your data
If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact us at firstname.lastname@example.org / email@example.com or write to us at SkinViva Ltd, St Johns Court, 19B Quay Street, Manchester, M3 3HN and we will investigate your concerns.
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office (ICO). You can find further information about the ICO and their complaints procedure here: https://ico.org.uk/concerns/.