Last updated: 27 November 2018
Who we are
The controller of your personal information is:
The Belgravia Trichological Group Ltd.
9 Longmoore Street
We are the UK’s leading hair clinic providing examinations, consultations and treatments at our clinics in London and through our Website. For more information about The Belgravia Centre, please see the “About Belgravia” section of our Website at https://www.belgraviacentre.com/hairclinic/. We operate with the following registrations:
General Pharmaceutical Council Pharmacy Registration Numbers: 1085321 (Central London clinic pharmacy), 1115610 (City of London clinic pharmacy)
National Pharmacy Association Membership Number: 33388
Company Registration Number: 3113870
VAT Registration Number: 667 910 796
What personal information does Belgravia collect and why?
The personal information that we may collect about you broadly falls into the following categories. We have provided descriptions to give you an idea of the nature of each type of personal information, and we may collect other specific information falling in these categories:
|Type of personal information||Description||How we collect it|
|Personal details||Name, address, email address, phone number, date of birth||When you provide it to us, for example when you visit our clinics, request an online consultation, contact the clinic, book an appointment, order products, subscribe to our mailing list, contact us via social media or apply for jobs with us.|
|Information about your hair, your treatment and images of your hair||Hair loss type, scalp condition, hair loss area, family hair loss, hair care routine, photos or images of you and your hair condition, our notes and advice, your emails, and your comments and reviews||When you provide it to us, for example when you fill out a patient information form at one of our clinics or submit an online consultation or when you attend a consultation at one of our clinics or when you provide a review in our comments book or on social media.
That we record when you attend a consultation (in person or online).
|Hair type||The type of your hair (e.g. Afro, Asian or Caucasian). This may reveal your racial or ethnic origin||When you provide it to us, for example when you fill out a patient information form at our clinic or submit an online consultation or attend a consultation at one of our clinics.
That we record when you attend a consultation (in person or online).
|Information about your lifestyle||General health, stress, cigarette intake, chemical exposure, alcohol intake, dietary habits||When you provide it to us, for example when you fill out a patient information form at our clinic or have a consultation at one of our clinics or submit an online consultation.|
|Information about your health||Blood pressure, weight, current medical conditions, current treatments, dietary deficiencies, allergies, pregnancy, cancer history, other symptoms, medications and procedures||When you provide it to us, for example when you fill out a patient information form at our clinic or have a consultation at one of our clinics or submit an online consultation.|
|Financial information||Your credit or debit card details or other payment details||When you provide it to us, for example when you pay for our products and services in our clinic or online.|
|Social Media information||Information you publish on our social media profiles, including comments and reviews||When you connect with us or provide comments on one of our social media profiles including Facebook, Instagram, Twitter or Google Reviews.|
|Technical information||Your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.
Information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors
|We collect this information automatically when you visit our Website.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.
|Your career information||Your CV. career history, references, education, relevant industry certifications and memberships (e.g NPA and GPhC)||When you provide it to us, for example when you apply for a job.|
|CCTV images||CCTV recordings||We collect this information automatically when you visit our clinics.|
Special categories of personal data
The law and other regulations treat some types of personal information as special. We will only collect and use these if the law allows us to do so:
• Data revealing racial or ethnic origin
• Health data
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, where necessary for health care purposes, where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you are a client or make use of our services, then our legal grounds for processing your personal information are summarised below:
|Legal basis for processing||Purposes of processing|
|Contract||• Providing you with our products and services
• Taking payment
• Customer helplines
• Complaints handling
|Health care||• Diagnosis of your condition (where relevant)
• Providing health care and treatment to you
• Management of our health care systems and services
|Legitimate interests||• Security of our clients and premises (e.g. CCTV images)
• Marketing of our products and services (you have the right to object)
• Recruitment purposes
• Improve your online experience via cookies
• To respond to your enquiries
|Legal obligation||• Complying with applicable laws, including in relation to prescriptions that we provide to you|
|Vital interests||• Protecting your vital interests or those of another person|
|Consent||• If you have provided us with a review and your explicit consent to use the review as a Success Story, we may use your Success Story to market our products and services (see our Success Story consent form, available at: https://www.belgraviacentre.com/success-story-consent-information/)
• Any other purpose with your consent. We will tell you at the time if we need your consent to process your personal data for a particular purpose.
Who does Belgravia share my personal information with?
We may disclose your personal information to the following categories of recipients:
• to your healthcare providers, for example if you ask us share information with your GP or surgeon;
• to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
• to any other person with your consent to the disclosure.
Cookies and similar tracking technology
How do we keep your personal information secure?
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
Where do we store your personal information?
The Belgravia Centre stores data on its own secure internal servers. We also use services hosted by third parties for the purpose of backup. These backup servers are currently located within the UK and the third parties have no access to your data other for backup and retrieval purposes.
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our third party service providers and partners, such as our payment processing provider, operate around the world. This means that when we collect your personal information we may process it in any of these countries.
However, we will endeavour to take appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.
How long do we keep your personal information?
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We respect your right to control your data. If you wish to exercise any of your data protection rights, you can do so at any time by contacting us using the contact details provided under the “Contact” heading below. Your data protection rights include:
• If you wish to access, correct, update or request deletion of your personal information, you can do so at any time.
• In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
• You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us.
• Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact the Information Commissioner’s Office.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. For more information on your individual rights, please see the website of the Information Commissioner’s Office (https://ico.org.uk/).
Making a complaint
We pride ourselves on customer service and want to exceed your expectations in everything we do. However, we know that there may be times when we do not meet our own high standards. When this happens, we want to hear about it, in order to deal with the situation as quickly as possible and put measures in place to stop it happening again.
We take complaints very seriously and we treat them as an opportunity to develop our approach. This is why we are always very grateful to hear from people who are willing to take the time to help us improve.
Our policy is:
• To provide a fair complaints procedure that is clear and easy to use for anyone wishing to make a complaint.
• To publicise the existence of our complaints procedure so that people know how to contact us to make a complaint.
• To make sure everyone in our organisation knows what to do if a complaint is received.
• To make sure all complaints are investigated fairly and in a timely way.
• To make sure that complaints are, wherever possible, resolved and that relationships are repaired.
• To learn from complaints and feedback to help us to improve what we do.
All complaint information will be handled sensitively, in line with relevant data protection requirements.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
How to contact us
The Belgravia Centre
9 Longmoore Street
Tel: 020 7730 6666 ask for our Privacy Compliance Manager
Our office hours are Monday – Friday, 9am – 5pm.
Information Commissioner’s Office
For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.
Information Commissioner’s Office
Telephone: 0303 123 1113