- For the purpose of the DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to our data protection officer – Lisa Perrie, SkinChampion, 1 Lake Road, Douglas, IM1 5AF. E: firstname.lastname@example.org
- By using the Website you consent to this policy. We are registered with the Information Commissioner’s Office for this purpose.
Information We Collect
- We will collect information on the Website only if provided directly by you, the user and may include:
- Email Address
- Telephone Number (mobile and/or landline)
- Information related to your enquiry
Because it has been provided directly by you, the user, it has been provided with your consent. Normally, you will only be giving this information if you are completing a contact form or online questionnaire that allows The Foot Health Clinic to deal with your query and/or provide a service to you, the user
- Your payment information (e.g. credit card details) provided when you make a purchase from our website is not received by or stored by us. That information is processed securely by SAGE Pay payment processors. https://www.sagepay.co.uk/policies/security-policy
SkinChampion will not have access to that information at any time. We may share your personal data with our payment processor, but only for the purpose of completing the relevant payment transaction. SAGE Pay are banned from using your personal data, except to provide these necessary payment services to us, and they are required to maintain the confidentiality of your personal data and payment information.
- Demographic information
- IP address
- Your location
- Device information
Use of Your Information
- We may hold and process personal data that you provide to us in accordance with the DPA and GDPR.
- The information that we collect and store relating to you is primarily used to enable us to provide the service to you, and to meet our contractual commitments to you. In addition, we may use the information to notify you about any changes to our website, such as improvements or service/product changes, that may affect our service
Disclosure of your information
- We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk
- We will not disclose your information to any third party organisations for marketing, advertising or any other purposes other than the regulatory bodies mentioned in clause number 9
Controlling the use of your data
- If you have given us consent to use your data for a particular purpose, you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at the address detailed in clause 2 or email us at email@example.com at any time.
- You may choose to control the use of your personal information in the following ways:
- You have the right to request what personal information we hold for you and as per GDPR regulations we can provide this service free of charge within 30 days. For more information on subject access requests please contact us at firstname.lastname@example.org
- You have the right to erase the personal data we hold on you. For more information on this please contact us at email@example.com
- You can update your personal information and contact preferences at any time. For more information on this please contact us at firstname.lastname@example.org
- You have a right to complain if you are not satisfied with the way your data has been managed. If you need further advice you can contact the ICO on 0303 123 113.
Where we store and transfer your data
- As part of the services offered to you through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website. Currently, the information is stored by FotoFire, based in the UK who are committed to GDPR compliance https://www.digitalocean.com/security/gdpr/ . However, as is the nature of information stored “in the cloud”, changes may arise necessitating the use of servers which are based outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
- Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
- The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data whilst you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Third party links
- You might find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Changes to this policy
- We may update these policies to reflect changes to the website and customer feedback. Please regularly review these policies to be informed of how we are protecting your personal data.