Who we are
Our website address is: garstangaesthetics.co.uk
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
What personal data we collect and why we collect it
We may record your details in order to track and follow-up on enquiries, in addition to scheduling appointments. This includes information such as your name, e-mail address or phone number. This is so that we can supply you with the information that you have requested about our professional services, on the basis that it is necessary for our legitimate interests in promoting and in order to provide information and a quotation for our services.
Failing to provide us with this information for marketing purposes will have no impact upon the provision of your treatment.
Information must be collected as part of your registration with the clinic. This includes information such as your name, address, date of birth, e-mail address, phone number and medical history. This is so that we can perform the contract that we have with you, for internal record keeping, billing and accounting, and to respond to any queries, complaints or requests for further information. The basis on which we do so is that it is necessary for our performance of the contract we have with you or is necessary for our legitimate interests in managing our business and improving our professional services, and to comply with our regulatory obligations.
Failing to provide us with this information will result in us being unable to provide treatment.
The information you give to us may be used for some or all of the following reasons:
- To assess and deliver treatments
- To provide you with the information, treatments, products and services that you request from us
- Internally, to inform decisions about our business operations or strategy
- To notify you about changes to our service
- To send you text notifications to remind you of any appointments booked with us
- To contact you for post-treatment follow up and care, including survey requests in order to improve our service
- If you have opted in to receive marketing communications, to contact you from time to time to market other services, treatments and products we provide and think may be of interest to you, based on your interests and preferences where you have made them known to us
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
When you use our contact us form, we collect your name, email address and phone number. You may also give consent to receiving marketing communications from Garstang Aesthetics. The data you provide is not used for marketing purposes with your permission.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
We take our obligations under the General Data Protection Regulation and our clinical confidentiality requirements very seriously.
Sensitive information relating to your medical history will be kept confidential and will only be disclosed to the individuals involved with delivering your treatment.
We may share your personal information with:
- Other members of Garstang Aesthetics staff as part of your ongoing care provisions, or for the purpose of analysing the business
- In order to provide some of our professional services, we may use the input of selected third parties, where this is necessary for the performance of our contract with you. This will require the disclosure to such third parties of your contact details, as well as further personal data about you with your consent which is relevant to the services they provide. Selected third parties such as Pathology laboratories for diagnostic purposes, Pharmacies for prescriptive purposes in order to provide your agreed treatment. Opting out of sharing your information with these providers may affect our ability to treat you. All our suppliers have entered into appropriate confidentiality obligations and/or contractual data processing clauses with us.
- There may also be circumstances where we are under a duty to disclose your personal information or share your personal information in order to comply with any legal or regulatory requirement, obligation or request. This includes the police for the prevention or investigation of a crime, or our Insurers, legal advisors or other third parties who need access to it in the context of managing, investigating or defending claims or complaints.
How long we retain your data
Garstang Aesthetics will not transfer your data outside of the European Economic Area. Backups of electronically stored data are taken regularly, with strong encryption used to protect all files.
If you contact us with an enquiry about our professional services but you do not subsequently become a patient, it is our policy to keep your personal data unless you instruct us not to.
If you are or become a patient, we will retain contract information (including personal data) indefinitely.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Contact details submitted via our contact form are deleted once a query has been answered.
What rights you have over your data
You have the right to ask us not to process your personal information, but where consent is withdrawn for the processing of personal data from your medical records, our ability to continue your treatments will be impaired.
You have the right to ask us not to process your personal information for marketing purposes. We will only contact you for marketing purposes if you have opted in to receive such communications. If you wish to stop receiving some or all marketing communications from us, you can let us know by email to firstname.lastname@example.org
Our website www.garstangaesthetics.co.uk may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
In some circumstances, you have the right to be forgotten and we will erase all data held about you. Medical records are exempt from erasure. Requests for erasure should be made in writing to email@example.com and will be assessed on a case by case basis.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review – in the event that Freight Link Solutions Ltd refuses your request under rights of access, we will provide you with a reason as to why which you have the right to legally challenge.
Accessing my personal data
The General Data Protection Regulation gives you the right to access information held about you. Any requests should be made in writing to firstname.lastname@example.org.
All records will be supplied within 1 month of receipt of the Subject Access Request.
All requests will be subject to the appropriate identification checks. Whilst there is no charge for the first copy of your record, we reserve the right to charge a small administrative fee for all subsequent copies of the same record.
Garstang Aesthetics accepts the following forms of ID when information on your personal data is requested:
Passport, driving licence, birth certificate, utility bill from last 3 months. If Garstang Aesthetics is dissatisfied with the quality, further information may be sought before personal data can be released.
Any requests should be made by email or by phone.
Personal data complaints
In the event that you wish to make a complaint about how your personal data is being processed by Garstang Aesthetics, you have the right to lodge a complaint directly with the supervisory authority and Garstang Aesthetics.
The details for each of these contacts are:
Telephone: 07870 303 678
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113