Privacy Policy

Last updated: 24 May 2018 

This Privacy Policy explains what The Retreat does with your personal data, whether we are providing you with a service or you are visiting our website or social media channels. 

This privacy policy describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. This page also informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service. 

This privacy policy applies to the personal data of our In-Clinic Clients, Website Users, Social Media Followers and Suppliers. 

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data is (“The Retreat” “us”, “we”, or “our”). 

We will not use or share your information with anyone except as described in this Privacy Policy. 

 

Who We Are 

The Retreat operates the www.theretreats.com  website and social media channels branded “The retreat” (the “Service”). The Retreat is a skin clinic based in London. We specialise in anti-aging and advanced skincare. We provide treatments and products (the “Clinical Services”) to our customers in the clinic and share knowledge on our website and social media channels.  

 

Information Collection and Use 

We use your Personal Information for providing and improving the Service and the Clinical Services. By using the Service and the Clinical Services, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at www.theretreats.com. 

We generally use any data we collected in three ways: 

Diagnosis and Provision of Clinical Services  

To help us to establish, exercise or defend legal claims  

The exact type and quantity of data required for each use will be determined on a case by case basis. 

Where it is deemed necessary, we may seek your consent for some of the activities. 

 

Client Information 

In order to provide the best possible diagnosis and service to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you. 

Depending on each individual case and applicable local laws and requirements, we may collect some or all of the information listed below to enable us to offer you skin treatments, products and advice which is relevant to you. In some jurisdictions, we are restricted from processing some of the data outlined below. In such cases, we will not process the data in those jurisdictions: 

  • Name; 
  • Age/date of birth; 
  • Sex/gender; 
  • Contact details; 
  • Diversity information including racial or ethnic origin and physical or mental health, including disability-related information; 
  • Extra information that you choose to tell us; 
  • The dates, times and frequency with which you access our Clinical Services; and 
  • Medical Conditions 
  • Skin Problem Diagnosis, Treatments and case notes for each client 
  • Prior medical and skin history 

*Please note that the above list of categories of personal data we may collect is not exhaustive. 

We hold client data on paper records.  We check the details for a client on each visit, or when a client informs us of any changes. The records are updated at least once a year. We hold the client records for 24 months, after which, the record is destroyed if the client has not visited in that 24 month period. 

 

Payment Details 

We process credit and debit cards for client payments but we do not store the card details anywhere on our or third-party systems. 

 

Supplier Information 

Usually all we require is company name and contact details of relevant individuals who have expressed an interest in the services that we provide and that the supplier has obtained appropriate consent for their details to be shared with us. 

 

Embedded content from other websites

Our Contact page contains an embedded map from Google Maps. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website. We do not store this information on our systems but if you use this facility, the activity will be logged with Google and on your device. We urge you to visit https://policies.google.com/privacy and read their privacy policy.

 

Website & Social Media Users 

We use WordPress as our website platform. We do not collect any visitor data but WordPress may collect and store such data. We urge you to visit their website www.wordpress.org and read their privacy policy. Please contact them directly if you have any concerns about your data. 

We may also rely on data that cannot be used to identify you (anonymized data) that is used by third-party services such as Google, Bing and other search engines and ranking systems that process our website. We urge you to visit their websites https://policies.google.com/privacy / https://privacy.microsoft.com/en-US/  and read their privacy policy. Please contact them directly if you have any concerns about your data. 

 

Log Data 

We do not collect browser information whenever you visit our Service (“Log Data”). This Log Data usually includes information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics. 

In addition, we do not use third party services such as Google Analytics that collect, monitor and analyse this type of information in order to increase our Service’s functionality. These third-party service providers have their own privacy policies addressing how they use such information. 

 

Service Providers 

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used. 

These third parties have access to your Supplier Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. 

 

Compliance with Laws 

We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service. 

Security 

The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation. 

We use secure electronic point-of-sale devices to process card payment. Therefore, we do not retain card information after the transaction has been completed, other than the partial information on the receipt. 

We hold client data on paper records at the clinic site, The Retreat, 1 Fromows Corner, London, W4. We dispose of these records 24 months after a client has ceased being a client for that period or until requested by the customer. These records are contained in a locked filing cabinet on secure business premises. 

 

International Transfer 

Our electronically held data may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. 

If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information to United Kingdom and process it there. 

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. 

In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of England and Wales shall have exclusive jurisdiction over the matter. 

 

Links to Other Sites 

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. 

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. 

 

Children’s Privacy 

Our Service does not address anyone under the age of 13 (“Children”). 

We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under age 13 without verification of parental consent, we take steps to remove that information from our servers. 

 

Changes to This Privacy Policy 

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. 

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. 

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website. 

 

Your Rights 

You have the right to be informed of our use of your data. We make this policy available on our website and in our clinic. Should you wish to have access to your Personal data, please contact us at mail@theretreats.com and we will arrange to show you the data in the clinic. 

You can request access to all your data at any time and to request a portable format of your data so that you may use it for other purposes.   

You can, at any time ask us to perform the following activities to correct, change, complete or delete your records. 

If we receive a request for rectification we will take reasonable steps to ensure that the data is accurate and will rectify the data if necessary. We will take into account the arguments and evidence provided by you, the data subject. 

You may at any time ask us to stop certain processes that are performed on your data.  

Unless we must perform certain processes to comply with existing laws, we will respond to each of these requests within 1 month and there will be no charge for these provisions 

 

Data Integrity 

We can only provide appropriate and relevant Clinical services and services if the data provided to us is accurate and up-to-date. We take extra steps, such as confirmation and regular updates to verify the accuracy of the data prior to a challenge by a data subject. 

 

Jurisdiction 

This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions. 

 

Contact Us 

If you have any questions about this Privacy Policy, please contact us at mail@theretreats.com