Y&R Services Limited trading as The Lux Clinic is committed to protecting your privacy. Y&R Services Limited is registered with the information commissioner’s Office under Registration Number: ZA109951. Registered in England and Wales under Registration Number: 09479385. Registered address: 2 Phoenix Court, Batley, West Yorkshire, WF17 6RH.
This Privacy Notice explains our policy in relation to:
- what information we collect about you;
- how we use your information;
- who we share your information with;
- where and how long we will keep your data;
- how we keep your information safe;
- your rights regarding the personal information you provide to us;
- who you can contact if you have questions or complaints about how we process your personal data.
Y&R Services Limited isthe data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Please read this Privacy Notice carefully so that you understand your rights in relation to personal data, and how we collect, use and process your personal data.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com.
Data we collect about you
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process the following categories of personal data about you:
- Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful basis for this processing is legitimate interests to reply to communications sent to us to keep records and to establish, pursue or defend legal claims.
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful basis for this processing is legitimate interests to expand our business. We may also use such data to send other marketing communications to you. Our lawful basis for this processing is either explicit consent or legitimate interests to expand our business.
- Customer Data that includes data relating to any services we are undertaking. This will include your name, title, transactional data, date of birth, billing address, email address, phone number, and contact details. We process this data to supply the services you have appointed us to undertake and to keep records of such transactions. Our lawful basis for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
- Sensitive Data we need to collect the following sensitive data about you in order to provide you with safe treatments:
- Medical Data may include your medical history, medication, allergies and operations.
- Treatment data may include any details of treatments or procedures that have been carried out.
We require your explicit consent for processing sensitive data, so when you submit your details, we will ask you for your consent when filling out the consultation forms at the clinic premises.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel the product or service, we will notify you at the time.
How we collect your data
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if:
- If you have asked for information from us about our services; and
- You have agreed to receive marketing communications and in each case you have not opted out of receiving such communications. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you are able to still opt out of receiving marketing communications from us at any time.
Our lawful basis of processing your personal data to send you marketing communications is either your explicit consent or legitimate interests to expand our business.
Who do we share your personal data with
We may have to share your personal data with the parties set out below:
- Service providers who provide IT system for administration purposes.
- Professional advisers including lawyers, accountants, bankers, and insurers for consultancy, insurance and banking purposes.
- We will share your information with law enforcement agencies, Government bodies or other organisations if legally required to do so or if we have a good faith belief that such use is reasonably necessary to: .
- Comply with a legal obligation, process or request;
- Detect, prevent, investigate or otherwise address security, fraud or technical issues; or
- Protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purpose of fraud protection).
Where do we store your personal data
The information that we collect from you will be transferred to and stored at/processed in the UK/EEA. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Notice.
We will only transfer your information outside of the UK/EEA where we have adequate measures in place to provide appropriate safeguards such as Model Clauses (Standard Contractual Clauses (SCCs)) and other appropriate safeguards such as (Code of Conduct and Certification).
Keeping your information safe
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through this website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
How long do we keep your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the retention time, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
Your rights regarding the personal information you provide to us
You have certain rights in relation to the personal information we hold about you. This includes the right to request access, correction, erasure, restriction, transfer, to object to processing, and to portability of data
To find out further information about these rights please click the following link:
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you wish to make a complaint about how we collect and process your personal data, please contact us using the contact details below and we will endeavour to deal with your request. This does not interfere with your right to raise a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
Changes to our Privacy Notice
Any changes we make to our Privacy Notice in the future will be updated on this page. Please check back frequently to see any updates or changes. Any changes will become effective when we post the revised Privacy Notice on our website. It is your responsibility to ensure you are aware of the latest version of our Privacy Notice.
Third party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Technical information we collect about you
When you visit our website, we collect technical information about your computer, such as your internet protocol address (which is a number that can uniquely identify a specific computer on the internet), time zone setting, your login information, browser type and version, browser plug-in types and versions, operating systems and platforms.
If you have any questions, comments or requests regarding any aspect of this Notice, please do not hesitate to contact us as soon as possible at:
By post: 2 Phoenix Court, Batley, West Yorkshire, WF17 6RH
By email: email@example.com