Website Privacy Policy Statement – GDPR08

Policy Details

Name of Policy Website Privacy and Cookies Policy
Original Creation Date Feb 2025
Signed off by: Director, Registered Manager
Next Review Date Feb 2027
Past review Dates (No dates listed)

Policy Objectives

JK Aesthetics Limited will ensure that the policy on their website is UK GDPR compliant. The objectives are:

  • To provide assurance that JK Aesthetics Limited has a Website Privacy Policy in place for users of its website that is UK GDPR compliant.
  • To establish ways of working in terms of the use, storage, retention, and security of personal data.
  • To ensure that all data subjects, including Patients, understand the ways in which their personal data is collected and processed by JK Aesthetics Limited via their website.

UK GDPR and Website Requirements

  • JK Aesthetics Limited understands that if they operate a website, they need to ensure their Website Privacy Policy complies with UK GDPR.
  • The Website Privacy Policy only needs to be uploaded to their website if personal data is collected via the website.
  • The use of cookies constitutes processing of personal data via the website.
  • This policy directs users to a webpage with a contact form or contact details but suggests considering an alternative contact method instead, such as an email address and/or phone number.

Cookies Policy

UK GDPR has changed how cookies should be incorporated into websites. JK Aesthetics Limited must explain what cookies will be set and what they will do to the users of its website.

Consent for Cookies

  • JK Aesthetics Limited must obtain consent from individuals to store or use certain cookies on devices to the UK GDPR standard.
  • Implied consent cannot be relied upon for cookies that are not strictly necessary or are used for a secondary purpose.
  • JK Aesthetics Limited will ensure that it uses a cookie banner or other appropriate consent process on its website to obtain consent, and if no consent is obtained, no cookies will be set.

Requirements for Consent

In practice, this means:

  • Users must take a clear and positive action to consent to non-essential cookies.
  • The websites and apps must tell users clearly what cookies will be set and what they do, including any third-party cookies.
  • Pre-ticked boxes or equivalents, such as sliders defaulted to “on”, cannot be used for non-essential cookies.
  • Users must have control over any non-essential cookies.
  • Non-essential cookies must not be set on landing pages before the user’s consent is gained.

Exceptions to Consent

Consent is not required for cookies that are defined as “strictly necessary” or that fall within the “communication exemption”.

  • Strictly Necessary Cookies: These are cookies that are essential to providing the service requested by the user. Those that are simply helpful or convenient, or that are essential only for the purposes of JK Aesthetics Limited, will still require consent.
  • Communication Exemption: For this to apply, the transmission of the communication over an electronic communications network must be impossible without the use of the cookie.
  • Note: Cookies used for analytical purposes or those used for marketing and advertising will always need consent as they are considered to be non-essential.

The ICO’s cookie guidance is available at: https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

Process and Definitions

Process

JK Aesthetics Limited will consider whether or not it collects personal data via its website (e.g., via enquiry forms, requests for newsletters, or services) and whether it needs a Website Privacy Policy.

Definitions

  • Special Categories of Data: A term for personal data that is sensitive and personal in nature, including but not limited to medical and health records, genetic and biometric data, and information about a person’s religious beliefs, ethnic origin and race, sexual orientation, trade union membership and political views.
  • Cookies: Small text files sent from a website and stored on a user’s computer or mobile device. They are designed to hold data specific to a particular client so that a website can identify the user.
  • Process or Processing: Doing anything with personal data, including but not limited to collecting, storing, holding, using, amending or transferring it. Processing begins at the point of collection.
  • UK GDPR: The retained EU law version of the General Data Protection Regulation (GDPR) that forms part of English law.
  • Data Protection Act 2018: A United Kingdom Act of Parliament that updates data protection laws in the UK, sitting alongside the UK GDPR.
  • Data Subject: The identified or identifiable individual about whom JK Aesthetics Limited has collected personal data.
  • Personal Data: Any information about a living person from which that person can be identified directly or indirectly, including but not limited to names, email addresses, postal addresses, job roles, photographs, CCTV, online identifiers, and special categories of data.

Cookies Website Statement

Cookies are small text files which a website may put on your computer or mobile device when you first visit. We use cookies to distinguish you from other users and to obtain information about your previous visits for system administration, such as your IP address, operating system, and browser type. This is statistical data and does not identify you.

We use the following cookies:

  • Strictly necessary cookies: Essential to enable you to move around the website and use its features, such as accessing secure areas. Disabling them may prevent access to parts of the website.
  • Functionality cookies: Used to recognize you when you return to the website and to remember changes you have made, such as text size or fonts, to personalize content.

You can change your cookie preferences by adjusting your browser settings to refuse some or all cookies. If you block all cookies (including essential cookies), your experience may be limited, and you may not be able to access all parts of the website.

Where we collect personal data as part of our use of cookies, we will do so in accordance with our Privacy Policy.

Privacy Statement

JK Aesthetics Limited (“we” / “our” / “us”) is committed to ensuring your privacy is protected and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (“Data Protection Legislation”). We are the data controller. Our Data Protection Officer can be contacted via EMAIL.

By visiting the website, you are accepting and consenting to the practices described in this Privacy Policy.

Information Held and How It Is Used

Information You Give Us

You may give us information by completing enquiry forms or requesting marketing information. This may include your name, email address, address/location, and phone number. This information is retained while corresponding with you or providing services, in line with record management guidance.

Information We Collect About You

When you visit the website, we may collect:

  • Technical information: IP address, login information, browser type and version, time zone setting, operating system and platform, etc.
  • Information about your visit: Full URLs, clickstream, products viewed, page response times, website errors, length of visits, page interaction information, and any phone number used to call our helpline.

This information is also retained in line with record management guidance.

Use Made of the Information

We may use the information to:

  • Fulfil our obligations under any contract and provide requested information or services.
  • Send you newsletters and marketing information if you have consented.
  • Notify you of products and services that may interest you, or permit third parties to do so if you have provided the appropriate consent.
  • Monitor website usage and provide statistics to third parties for improving the website and services.

We process personal information for the following legitimate business purposes:

  • To enhance, modify, personalise, or otherwise improve the website, its services, or communications.
  • To identify and prevent fraud.
  • To enhance the security of the network and information systems.
  • To better understand how people interact with the clinic website(s).
  • To administer the website and carry out data analysis, troubleshooting, and testing.
  • To determine the effectiveness of promotional campaigns and advertising.

If we obtain consent, we may provide your details to third parties so they can contact you directly.

Withdrawing Consent and Unsubscribing

  • If processing is based on your consent, you have the right to withdraw your consent at any time by contacting us via EMAIL.
  • To have your information removed from our database or stop marketing contact, click the “Unsubscribe” option in any email or contact us via EMAIL.
  • We will not share, sell, or distribute your information (other than as set out in this policy) without your prior consent, unless required by law.

Disclosure of Your Information

We may share your personal information with:

  • Any member of our group (subsidiaries, ultimate holding company and its subsidiaries).
  • Business partners, suppliers, and sub-contractors for the performance of any contract.
  • Third parties who may wish to contact you about services or products, provided we receive your consent.
  • Advertisers, advertising networks, analytics, and search engine providers.

We may also need to disclose your information where we:

  • Sell any or all of our business or assets, or buy another business or assets (disclosing to the prospective buyer or seller).
  • Are under a legal duty to comply with any legal obligation or to enforce our terms and conditions.
  • Need to disclose it to protect our rights, property, or safety, including the exchange of information for fraud protection and credit risk reduction.

Your Rights in Respect of your Data

If any information changes, please let us know via EMAIL.

You have the right to:

  • Access or rectify the information we hold about you, or request that such information be transmitted directly to another data controller. Requests will be processed within one month and free of charge. Contact us via EMAIL.
  • Request that your information be deleted, or if you wish to restrict or object to the processing of your information. Contact us via EMAIL.

If you have any complaints, you have the right to complain to the relevant supervisory authority in your jurisdiction. In the UK, this is the Information Commissioner’s Office (ICO). Contact details for the ICO can be found at https://ico.org.uk/.