PRIVACY AND COOKIES POLICY
Last updated June 2022.
We are ABA Creators Ltd, a limited company registered in England and Wales under company number 13246680, and whose registered office is at 54 Broadfields Avenue, Edgware, HA8 8SW (“we” or “us”).
This privacy and cookies policy (“policy”) explains what personal data we collect about you, why we collect it and what your rights are in respect of this personal data. This policy applies whether you visit our website, available at www.aestheticcurators.com or use the directory services our website provides (together referred to as our “services”).
We respect your right to privacy and so we will only process personal information about you in line with applicable data protection laws. We comply with the retained EU law version of the General Data Protection Regulation (2016/679) and the Data Protection Act 2018 (the “data protection legislation”). If any of these laws are replaced or superseded, we will also comply with those. We are the controller of your personal data.
If you have any questions about this policy, including any requests to exercise your legal rights, please contact the data protection contact using the details above.
We are registered with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk), and our registration number is ZB216412. If you have any concerns about data protection, we would appreciate if you contacted us first so we can discuss these with you before you approach the ICO. Please do contact us by email at firstname.lastname@example.org.
What information do we collect?
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
- Usage Data includes information about how you use our website, products, and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Aggregated Data such as statistical or demographic data for any purpose, is not considered personal data in law as this data will not directly or indirectly reveal your identity. We may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.
As the purpose of our website is to connect you with medical professionals, it is necessary that we collect personal data related to your health, medical conditions and genetic data, and we may also collect personal data relating to race or ethnicity. These are considered Special Categories of Personal Data. We do not collect any other Special Categories of Personal Data, such as your, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or biometric data).
We also do not collect any information about criminal convictions and offences. In gathering your information, you may also choose to provide any other personal data or information, which could fall under Special Categories of Personal Data.
|Purpose/Activity||Type of data||Lawful basis|
|To respond to your enquiry and to enable us to provide you the services our website provides||Identity Data Contact Data Special Categories of Personal Data (health data and clinical data)||You provide this information to us so that we can respond to your enquiry. We may use your name and email address to send you information about your matter or issue raised and we may also provide you with updates on changes to this policy or security information. The lawful basis for collection of this information is it is needed to perform our contract with you (i.e., to respond to your enquiry), it is in our legitimate interest and you have consented (i.e., by contacting us).|
|To enable you to sign up to our newsletter/ email marketing||Identity Data Contact Data Marketing and Communications||The lawful basis for this is you have provided your consent and it is in our legitimate interest to present relevant content, products, and services to you. You can withdraw your consent at any time by contacting us at [email@example.com].|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences and to make suggestions and recommendations to you about goods or services that may be of interest to you||Identity Contact Technical Usage Profile Marketing and Communications||The purpose is to enable direct marketing. The lawful basis is it is necessary for our legitimate interest to present relevant content, products, and services to you, to define types of customers for our products and services, to keep our website updated and relevant, and to develop our business and to inform our marketing strategy).|
You may receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you orby contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
These are the types of cookies we use:
- ‘Session cookies’ allow us to track your actions during a single browsing session, but they do not remain on your device afterwards; and
- ‘Persistent cookies’ remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on our website.
Session and Persistent cookies can be either first or third party cookies. A first-party cookie is set by the website being visited; a third-party cookie is set by a different website. Both types of cookies may be used by us or our business partners.
The third-party cookies we use are:
- Google Analytics – this is a web analytics service provided by Google, Inc. The cookies used by Google Analytics help us to analyse how users use our website and to count the number of people who use it. Google Analytics stores your IP address anonymously. Google does not associate your IP address with any personally identifiable information;
- Facebook Ads (the Facebook pixel) – these cookies collect information about how visitors use our website. This data is collected anonymously and is used to help improve our website’s functionality;
- Google Ad Words – these cookies collect information about how visitors use our website. This data is collected anonymously, to help make our marketing communications more relevant, and is used to improve our website’s functionality; and
- Microsoft Ads – these cookies collect information about how visitors use our website. This data is collected anonymously, to help make our marketing communications more relevant, and is used to improve our website’s functionality;
- Spring Ads –these cookies collect information about how visitors use our website. This data is collected anonymously, to help make our marketing communications more relevant, and is used to improve our website’s functionality;
- Tag Manager – these cookies collect information about how visitors use our website. This data is collected anonymously, to help make our marketing communications more relevant, and is used to improve our website’s functionality; and
- HotJar – these cookies collect information about how visitors use our website. This data is collected anonymously, to help make our marketing communications more relevant, and is used to improve our website’s functionality.
All of our cookies are categorised by the role they fulfil on our website:
- Strictly Necessary: these are essential to enable you to move around our website and use features such as secure services. Without these cookies such services could not be provided
- Functionality: allow our website to remember your choices and to personalise certain features. These cookies may be anonymised and cannot track your browsing activity on other websites; and
- Performance: collect information as to how users use our website. These cookies do not collect information that identifies a visitor. The information collected is aggregated and used to improve our website.
- None of the cookies employed are classified as Behavioural Targeting.
We will always ask for your consent to use non-essential cookies. You are free to withhold consent to this, but it means that we might not be able to provide the full website experience to you, including some elements of video advertising. If at any time you wish to disable our cookies, you can do so through the settings on your browser, or whenever the pop-up appears on our website (each time you access our website).
We may process your data for compliance with a regulatory requirement or legal obligation to which we are subject to. Your data will only be processed if processing the data to comply with such obligation is a reasonable and appropriate way of achieving compliance.
We also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
Storing your personal data
We may transfer your personal data outside of the UK where we engage third parties to provide services on our behalf, such as to receive services or deal with payment. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented, such as only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure data collected through our website or services.
Specifically, we use Google Drive to host all personal data collected. Google’s cloud services employ industry standard security including encryption in transmit and at rest and ISO/IEC27001/27017/27018/27701, SOC 1/2/3, PCI DSS, and FedRAMP certifications. For more information, please refer to: https://cloud.google.com/security/. It is important to note that personal data is encrypted between your device and any external host storage we use.
Retaining your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. The appropriate retention period will vary depending on the type of personal data collected.
Disclosing your personal data
First and foremost, for you to receive the services our website provides it is essential that we disclose the personal data we collect from you to the medical professional you choose to contact. Those medical professionals will need this information so that they can respond to your enquiry. The personal data we will share with the medical professional includes your Identity Data, Contact Data and Special Categories of Personal Data (namely, any information you provide to us relating to any health or medical conditions). The medical professionals shall be bound by confidentiality and data protection obligations.
We may disclose your information in the following cases:
- If we want to sell our business, or our company, we can disclose it to the potential buyer
- We can disclose it to other businesses in our group, as defined in the UK Companies Act 2006
- We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety, or rights
- We can exchange information with others to protect against fraud or credit risks.
We might contract with third parties/subcontractors to supply our services to you on our behalf. These include cloud services used to send emails and technology providers that assist in providing our services to you. The lawful basis is that it is necessary for our legitimate interest to present relevant content, products, and services to our target audience.
If any of your personal data is shared with a third party, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described in this policy.
When you provide us with personal data, you have certain legal rights, and these include:
- To request access to, deletion or correction of, your personal data held by us at no cost to you;
- To request that your personal data be transferred to another person (data portability);
- To be informed of what data processing is taking place;
- To restrict processing;
- To object to processing of your personal data; and
- To complain to a supervisory authority.
We regularly review our data retention obligations to ensure we are not retaining data for longer than we are legally obliged to.
If you wish to access, rectify, erase, or transfer your personal data, please contact us at firstname.lastname@example.org.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights), but we can charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we can refuse to comply in these circumstances.
We may need you to provide evidence of your identity as a security measure and we may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month, but it could take longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third party links
This policy only relates to our services. We might have links on/within our services to other websites, and these websites will have their own terms and conditions and privacy policies. You should check those privacy policies before providing your personal data to those websites.
Changes to this policy
We can update this policy from time to time as laws change or as our services change. If we make material changes to this policy, and we need your consent to those changes, we will contact you by email to do so.