GDPR POLICY

1. Introduction to GDPR Compliance

Welcome to Ninskilondon.com, your trusted beauty clinic. We are committed to safeguarding your privacy and ensuring your personal data is protected. This section outlines our compliance with the General Data Protection Regulation (GDPR) and explains how we collect, use, store, and protect your data.

2. Data Controller Information

Ninski London is the Data Controller responsible for your personal data. Our contact details are:

  • Name: Ninski London
  • Address: [Insert Address]
  • Email: [Insert Contact Email]
  • Phone: [Insert Contact Number]

If you have any questions about this privacy policy or our data practices, please contact us using the details above.

3. Data Collection and Usage

We collect and process your personal data only when it is necessary for:

  • Providing Services: To deliver and enhance the services you request from us, including beauty treatments, consultations, and product recommendations.
  • Communications: To respond to your inquiries, schedule appointments, and send you service-related communications.
  • Marketing and Promotions: To keep you informed about our services, offers, promotions, and events. You may opt-out at any time.
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce agreements.

4. Types of Personal Data Collected

We may collect the following types of personal data:

  • Contact Information: Name, email address, phone number, and postal address.
  • Health Information: Details of medical history, allergies, or any other information necessary for safe delivery of beauty treatments.
  • Payment Information: Credit or debit card details, billing address, and transaction history.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing Preferences: Your preferences in receiving marketing from us and your communication preferences.

5. Lawful Basis for Processing

We will only process your personal data if we have a lawful basis to do so, which may include:

  • Consent: When you have given explicit consent for a specific purpose.
  • Contractual Necessity: To fulfill a contract we have with you.
  • Legal Obligation: To comply with legal requirements.
  • Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, except where overridden by your fundamental rights and interests.

6. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You can request the correction of any incomplete or inaccurate data.
  • Right to Erasure: You can request the deletion of your personal data, subject to certain conditions.
  • Right to Restrict Processing: You can ask us to limit the processing of your data under certain circumstances.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format, or have it transferred to another organization.
  • Right to Object: You can object to the processing of your personal data where we rely on legitimate interests or direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw consent at any time where we are relying on consent to process your data.

7. Data Security and Storage

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption: Using encryption technology to protect personal data transmitted online.
  • Access Control: Limiting access to your personal data to authorized employees and contractors who need it to provide our services.
  • Data Minimization: Retaining your personal data only for as long as necessary to fulfill the purposes for which it was collected.
  • Regular Audits: Conducting regular reviews and audits of our data protection practices to ensure compliance with GDPR.

8. Third-Party Data Sharing

We may share your personal data with third parties in the following circumstances:

  • Service Providers: With service providers who assist us in operating our website, conducting our business, or serving you (e.g., payment processors, email service providers).
  • Compliance and Legal Obligations: When required by law or to protect our rights, privacy, safety, or property.
  • Business Transfers: In connection with a merger, sale, or acquisition of all or part of our business.

9. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA) to provide you with our services. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection by ensuring that at least one of the following safeguards is implemented:

  • Adequacy Decision: Transfers are made to countries deemed to provide an adequate level of protection for personal data.
  • Standard Contractual Clauses: We use specific contracts approved by the European Commission that give personal data the same protection it has in Europe.
  • Consent: Where you have given explicit consent to the proposed transfer, after being informed of any potential risks.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze traffic, and provide personalized content and advertisements. By using our website, you consent to the use of cookies in accordance with this policy.

Types of Cookies Used:

  • Essential Cookies: Necessary for the operation of our website, such as those enabling you to log into secure areas.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
  • Functionality Cookies: Enable us to remember your choices (like your username, language, or region) and provide enhanced features.
  • Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed. We use this information to make our website and the advertising displayed on it more relevant to your interests.

Managing Cookies: You can manage your cookie preferences by adjusting your browser settings to refuse some or all cookies or to alert you when cookies are being sent. However, please note that disabling cookies may affect your ability to access certain parts of our website or use its full functionality.

11. Data Retention Policy

We will retain your personal data only as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Retention Periods:

  • Contact and Health Information: Retained for the duration of your relationship with us and for up to [X years] thereafter.
  • Payment Information: Retained as required for auditing and tax purposes.
  • Marketing Data: Retained until you unsubscribe or withdraw your consent.
  • Website Usage Data: Retained for [X months/years] for analysis purposes.

We may also retain your personal data for longer periods if necessary to comply with our legal obligations or protect our legitimate interests.

12. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

13. Children’s Privacy

Our website is not intended for children under the age of 16, and we do not knowingly collect personal data from children. If you are under 16, please do not provide any personal information through our website. If we learn that we have collected personal data from a child under 16 without verification of parental consent, we will delete that information as quickly as possible.

14. Data Breach Notification

In the unlikely event of a data breach, we have put procedures in place to deal with any suspected personal data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so, including:

  • Nature of the Breach: A description of the nature of the personal data breach, including the categories and approximate number of individuals and data records concerned.
  • Contact Details: Contact information for further information.
  • Possible Consequences: A description of the likely consequences of the personal data breach.
  • Mitigation Measures: A description of the measures taken or proposed to address the breach and mitigate any possible adverse effects.

15. Consent and Changes to This Privacy Policy

By using our website, you consent to the collection and use of your personal data as described in this Privacy Policy. We reserve the right to update or change our Privacy Policy at any time, and you should check this Privacy Policy periodically.

If we make significant changes to this policy, we will notify you via email or through a prominent notice on our website. Your continued use of the website after any modifications to the Privacy Policy will constitute your acknowledgment of the changes and your consent to abide by and be bound by the modified policy.

16. Third-Party Websites

Our website may contain links to third-party websites that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the Privacy Policy of every site you visit.

17. Social Media Features

Our website may include social media features, such as the Facebook Like button or interactive mini-programs. These features may collect your IP address, the page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or directly on our website. Your interactions with these features are governed by the privacy policy of the company providing them.

18. Exercising Your Rights

If you wish to exercise any of your rights under GDPR or have any concerns or complaints regarding how we handle your personal data, please contact us at:

  • Email: [Insert Contact Email]
  • Postal Address: [Insert Address]

We will respond to your request as soon as possible and, in any event, within one month of receiving your request. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

19. Detailed Explanation of Data Collected for Specific Purposes

We aim to provide transparency regarding the specific purposes for which we collect different types of personal data. Below, we provide a detailed explanation of the types of data collected and the corresponding purposes:

a) Contact Information:

  • Types Collected: Name, email address, phone number, postal address.
  • Purpose:
    • To identify and communicate with you regarding appointments, consultations, and follow-up care.
    • To deliver products or services you have requested or purchased.
    • To send administrative information, such as changes to our terms, conditions, and policies.
    • To provide you with marketing communications (subject to your consent).

b) Health Information:

  • Types Collected: Medical history, allergies, skincare concerns, or any other details relevant to the beauty treatments provided.
  • Purpose:
    • To ensure that any treatments provided are safe, effective, and suitable for your individual needs.
    • To maintain records required for the provision of services, follow-up consultations, and customer care.
    • To comply with health and safety regulations and professional standards.

c) Payment Information:

  • Types Collected: Credit or debit card details, billing address, transaction history.
  • Purpose:
    • To process payments for services rendered and manage any refunds or chargebacks.
    • To prevent fraud by verifying your identity and ensuring the security of our financial transactions.
    • To comply with legal, regulatory, and auditing requirements related to financial transactions.

d) Website Usage Data:

  • Types Collected: IP address, browser type, operating system, pages visited, time spent on the site, referring URLs.
  • Purpose:
    • To analyze and monitor the usage of our website and improve its functionality.
    • To understand user behavior and preferences to provide more relevant content and a better user experience.
    • To detect, prevent, and address technical issues or unauthorized activities on our site.

e) Marketing Preferences:

  • Types Collected: Your preferences regarding the receipt of marketing communications.
  • Purpose:
    • To provide you with information about services, products, offers, and events that may interest you.
    • To manage and respect your marketing preferences, ensuring that you receive only the communications you have agreed to receive.

f) Social Media Interaction Data:

  • Types Collected: Publicly available social media information (e.g., comments, shares, likes) and user interactions with our social media pages.
  • Purpose:
    • To engage with our customers and build a community around our brand.
    • To respond to inquiries or feedback made via social media platforms.
    • To analyze trends and customer sentiments to improve our products and services.

20. Legal Compliance and Cooperation with Regulatory Authorities

We may be required to disclose your personal data to regulatory authorities, law enforcement agencies, or other third parties in the following situations:

  • Legal Obligations: Where we are legally required to disclose your data in response to a court order, subpoena, or other legal processes.
  • Fraud Prevention: To cooperate with regulatory bodies and law enforcement agencies to prevent fraud, protect our rights, or ensure the safety of our customers.
  • Regulatory Investigations: To comply with regulatory obligations, including those related to professional standards, data protection, and consumer protection laws.

21. Security Measures and Practices

We take the security of your personal data seriously and have implemented a variety of security measures, including:

  • Data Encryption: All data transmitted between your browser and our servers is encrypted using Secure Socket Layer (SSL) technology.
  • Access Controls: We have strict access controls to ensure that only authorized personnel can access your data.
  • Regular Security Audits: Our systems are regularly audited by security professionals to identify and address vulnerabilities.
  • Data Anonymization: Whenever possible, we anonymize or pseudonymize data to minimize the risk of exposure in the event of a data breach.
  • Employee Training: All employees undergo regular training to understand their responsibilities under GDPR and other privacy laws.

22. How We Protect Your Personal Data

We maintain physical, electronic, and procedural safeguards to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include:

  • Secure Data Storage: Personal data is stored on secure servers that comply with industry standards for data protection.
  • Regular Backups: Regular backups are performed to ensure data integrity and availability.
  • Incident Response Plan: We have an incident response plan in place to deal with any data breaches or security incidents promptly and effectively.
  • Two-Factor Authentication (2FA): Access to sensitive systems is protected by two-factor authentication to prevent unauthorized access.

23. Data Transfers Outside the EEA

We may transfer your personal data outside the European Economic Area (EEA) to third-party service providers in countries that may not have equivalent data protection laws to those in the EEA. When we do so, we ensure:

  • Adequate Protections: Data transfers are made to countries deemed by the European Commission to have an adequate level of data protection.
  • Contractual Agreements: We use Standard Contractual Clauses (SCCs) approved by the European Commission, which require the same level of data protection as in the EEA.
  • Explicit Consent: In specific situations where data transfer is necessary, we will seek your explicit consent after informing you of any potential risks.

24. Complaints and Dispute Resolution

If you have any concerns or complaints regarding our processing of your personal data, please contact us using the details provided above. We will endeavor to resolve any complaints promptly and amicably. If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country.

  • UK Supervisory Authority: The Information Commissioner’s Office (ICO)
  • Contact Details:

25. How to Update Your Information

You have the right to ensure that the personal data we hold about you is accurate and up-to-date. If any of your information changes, or if you believe that any information we hold is inaccurate or incomplete, please contact us using the details below. We will promptly correct or update any information found to be incorrect.

26. Consent to This Policy

By using our website and services, you consent to the collection and use of your personal data as described in this GDPR policy. If you do not agree with the terms of this policy, please do not use our website or services. You may withdraw your consent at any time; however, doing so may affect your ability to access certain features of our website or use certain services.

27. Changes to Our GDPR Policy

We may update this GDPR policy from time to time to reflect changes in our practices, legal requirements, or for any other reason. We will notify you of any significant changes by posting the new policy on our website and indicating the date of the latest revision. We encourage you to review this page periodically for the latest information on our privacy practices.

  • Last Updated: August 30, 2024
  • Effective Date: August 30, 2024

Your continued use of our website and services following any changes to this GDPR policy will signify your acceptance of those changes.

28. Contact Us

If you have any questions about this GDPR policy, your rights, or how we handle your personal data, please contact us:

  • Email: [Insert Contact Email]
  • Postal Address: [Insert Address]
  • Phone: [Insert Contact Number]

We are committed to resolving any issues or concerns you may have regarding the use of your personal data.

29. Acknowledgment of Privacy Policy

By using our website, you acknowledge that you have read, understood, and agree to be bound by this GDPR policy. You confirm that you understand your rights concerning your personal data and that you have the right to withdraw your consent at any time.

30. Your Privacy Matters to Us

At Ninski London, we value your trust and prioritize your privacy. We are committed to maintaining the highest standards of privacy protection and ensuring that your data is handled securely and responsibly.

Thank you for taking the time to read our GDPR policy. We are here to help, and we appreciate your trust in us as your beauty clinic of choice.

Need Help?