We appreciate your interest in our Privacy Policy. At Avalon Skin Clinic, we prioritize the safeguarding of your Personal Data.   

We commit to utilizing your personal data solely in compliance with relevant data protection regulations, including the Data Protection Act of 2018 (the “DPA”) and the General Data Protection Regulation (“GDPR”), and exclusively as outlined in this Privacy Policy.   

We acknowledge that the terminology used may appear technical; however, we have endeavoured to present the key points in a straightforward and comprehensible manner.   

What constitutes Personal Data?   

Personal data refers to any information that pertains to the personal or material circumstances of an identified or identifiable individual. This encompasses details such as your name, date of birth, email address, postal address, and telephone number, as well as online identifiers like your IP address. Conversely, general information that cannot be used to identify you does not qualify as personal data, such as the total number of users visiting a website.   

Data Processing Responsibility   

The entity responsible for data processing in accordance with the GDPR and DPA is:   

Avalon Skin clinic  

178 A High Street 

Rochester  Kent 

ME1 1EX 

  Web: www.avalonskinclinic@gmail.com  

E-Mail: avalonskinclinic@gmail.com 

Phone: 01634 786440 

Instagram 

Facebook  

General Overview of Data Processing   

In the course of our business activities and website management, we engage in data processing. This may involve sharing information with third parties and, when applicable, transferring data to so-called third countries outside the UK and the EEA. Instances of data transfer beyond the UK or EEA are specifically noted below. 

Data Processing   

All personal information collected from you through our website will be processed solely for the purposes outlined in greater detail below. This processing occurs in accordance with the relevant legal regulations mentioned or solely with your consent. 

Specifically, Article 6 of the GDPR delineates the conditions under which data processing is permissible. Avalon Skin Clinic gathers personal data when: 

you provide your consent (Article 6, paragraph 1, letter a of the GDPR),   

the data is essential for fulfilling a contract or pre-contractual obligations (Article 6, paragraph 1, letter b of the GDPR),   

the data is required to comply with a legal obligation (Article 6, paragraph 1, letter c of the GDPR), or   

the data is necessary to safeguard the legitimate interests of our organization, provided that your interests do not take precedence (Article 6, paragraph 1, letter f of the GDPR).   

Avalon Skin Clinic processes and retains your personal data only for the duration necessary to fulfill the specific processing purpose or for the duration of any applicable legal retention period (particularly those related to commercial and tax law). Once the purpose has been fulfilled or the retention period has lapsed, the relevant data is systematically deleted. 

  1. a) Hosting   

To facilitate our website, we engage the services of Ionos, a company based in the United States, which processes the data outlined below, as well as any additional data necessary for the operation of our website on our behalf. The legal foundation for this data processing is our legitimate interest in delivering our website. 

b) Collection of Access Data and Log Files   

We gather data regarding each access to our website. This access data encompasses the name of the accessed website, the file, the date and time of access, the volume of data transferred, confirmation of successful access, the type and version of the browser used, the user’s operating system, the referrer URL (the page visited prior), the IP address, and the requesting provider.   

Log file information is retained for security purposes (such as investigating abuse or fraud) for a maximum of seven days before being deleted. Data that is necessary for evidentiary reasons will be retained until the relevant incident is fully resolved. The legal basis for this data processing is our legitimate interest in maintaining an engaging website. 

 c) Contacting Us   

When you reach out to us, we process the following information to address and manage your inquiry: your name, contact details (phone number and email address, if provided), and your message. The legal basis for processing this data is our obligation to fulfill the contract and/or our pre-contractual obligations, as well as our legitimate interest in addressing your inquiry. 

d) Online Bookings   

For appointment bookings, we collect your name, email address, phone number, and any additional information you provide, including your payment details. The information you share will solely be utilized for the purposes of communication, bookings, or appointments, and the services rendered. The legal basis for processing your data during the booking process is the preparation for a contract. The data collected in this context will be deleted once it is no longer necessary for processing, or if you withdraw your consent.

e) Use of Our Services   

  1. When you engage our services, we collect and process your data, which may include your name, contact information (email address and phone number), address, and any other information necessary for the execution of the services, including health data as defined under Article 9 of the GDPR. This processing is conducted solely for the purpose of managing and fulfilling our contractual obligations. Specifically, this encompasses our provision of appropriate treatment, advice, support, communication with you, invoicing, and compliance with our accounting and tax responsibilities. 
    1. We kindly request that you refrain from providing us with health data as outlined in Article 9 of the GDPR unless it is essential. Should such health data be relevant, we will process it alongside your other information. Your data will not be utilized for automated decision-making or profiling, nor will it be disclosed to third parties. 
    1. Thus, the processing of your data is grounded in our commitment to fulfilling our contractual obligations and adhering to our legal responsibilities. 

    f) Administration, Financial Accounting, Service, and Business Organization, Contact Management   

    We handle data as part of our administrative functions, business organization, financial accounting, and compliance with legal requirements, including data archiving. 

    In this regard, we utilize the same data that we collect while providing our contractual services. The rationale for this processing is to support our administrative functions, financial accounting, and data archiving, which are essential for maintaining our business operations, executing our responsibilities, and delivering our services. The retention and deletion of data related to contractual services and communications align with the information provided in these processing activities. 

    In this context, we may share or transmit data to tax authorities, consultants such as tax advisors or auditors, as well as other fee offices and payment service providers. Consequently, the processing of data is based on our obligation to fulfill our contractual commitments. 

    g) Cookie Usage   

    Our website utilizes cookies, which are small text files stored on your device (such as a PC, smartphone, or tablet) by your browser. For more details, please consult our Cookie Policy. The legal foundation for employing cookies is based on your consent and our legitimate interests. 

    h) Ordering from Our Shop   

    We gather, process, and utilize the information you provide during the ordering process, including contact details (such as your name, delivery and billing addresses, and email address) and payment method information, to fulfill the contract. We retain this information for the duration necessary to process and manage your order. After this period, your data will be deleted unless you choose to activate your customer account within 14 days of placing your order. Any data that must be retained due to legal, statutory, or contractual obligations will be blocked to prevent its use for other purposes. The processing of this data is essential for fulfilling our contractual obligations to you. 

    To facilitate the contract and deliver our services, we will use your contact information to send you confirmations of registration, customer service updates, order confirmations, contract documents, or payment processing details. We are required to provide these documents to meet our legal obligations for effectively concluding a contract with you. Thus, processing your data is necessary to comply with these legal information requirements.  

    1. j) Payment Processing   

    To complete a purchase, it may be necessary for you to provide a valid payment method, such as a credit card. Your payment details will be collected and processed by Stripe, a payment service provider based in the United States. We do not directly collect or retain credit or debit card numbers during the standard transaction processing. 

    1. k) Careers and Applications   

    When you submit an application for a position, we will process the information you provide as part of that application, which may include your cover letter, resume, references, and any verbal or written communications. We particularly value your contact information, educational background, qualifications, work experience, and skills. 

    Initially, your data will be processed exclusively for the purpose of managing the application process. If your application is successful, your information will be incorporated into your personnel file and utilized for employment-related purposes, including the management and termination of your employment, in accordance with applicable personnel file regulations. If we are unable to offer you a position, we will retain your data for up to six months following the rejection to protect ourselves against potential legal claims, particularly those related to alleged discrimination during the application process. 

    The legal basis for processing data during the application phase is Article 6, paragraph 1, letter b) of the GDPR. If you provide information that is not essential for the application process, and you have given your consent, this will be considered as fulfilling a contract or pre-contractual measures. After a rejection, the legal basis for data processing is our legitimate interest. Generally, we do not require any special categories of personal data as defined by Article 9 of the GDPR for the application process, and we request that you refrain from providing such information. If any relevant special category data is submitted, it will be processed alongside your other information. Your data will not be utilized for automated decision-making. 

    Duration of Data Retention   

    We retain personal data solely for the duration necessary to fulfill the purposes for which it was collected or until any consent you have provided is withdrawn. In compliance with legal retention requirements, certain data may be stored for a period of up to 10 years, regardless of the reasons for processing. 

    Transfer of Personal Data   

    We will not share or distribute your personal data to third parties unless one of the following conditions is met:   

    • It is essential for the execution of our services,   

    • You have granted permission for the disclosure,   

    • The disclosure is allowed under applicable legal regulations.   

    Nonetheless, we reserve the right to delegate the processing of your personal data, either fully or partially, to external service providers acting as processors in accordance with the Data Processing Agreement (DPA) and the General Data Protection Regulation (GDPR). These external service providers assist us in various areas, including the technical management of our services, membership organization, website support, data management, service provision (such as collaboration with other physiotherapists), marketing, and the execution of reporting obligations.   

    The service providers we engage will process your data strictly according to our directives, and we remain accountable for the protection of your data in compliance with the DPA and GDPR. We ensure that our selected service providers adhere to rigorous contractual stipulations, technical and organizational measures, and undergo additional oversight from us.   

    In instances where goods are delivered, we will share your data with the necessary logistics companies and postal service providers specified at the time of your order.  

    We may also share Personal Data with third parties when legally required, such as in response to a court order, or when necessary to assist with criminal or legal investigations, whether domestic or international, or to serve our legitimate interests. 

    Automated Decision-Making   

    At Avalon Skin Clinic, we do not engage in automated decision-making, including profiling, as outlined in Articles 22 (1) and (4) of the GDPR. 

    Your Rights as a Data Subject   

    The rights you possess are defined in the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). These rights include: 

    • the right to access information (Article 15 GDPR),   

    • the right to correct inaccuracies (Article 16 GDPR),   

    • the right to delete data (Article 17 GDPR),   

    • the right to limit data processing (Article 18 GDPR),   

    • the right to transfer data (Article 20 GDPR),   

    • the right to object to data processing (Article 21 GDPR),   

    • the right to withdraw any consent previously given (Article 7 (3) GDPR), and   

    • the right to file a complaint with the appropriate supervisory authority (Article 77 GDPR). 

    We invite you to reach out to us at any time with inquiries or suggestions regarding data protection and to exercise your rights as a data subject. 

    Should you have any concerns about our collection or use of your personal data, we encourage you to contact us. Alternatively, you may file a complaint with a data protection supervisory authority. The relevant authority for us in the UK is the Information Commissioner’s Office (ICO), located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK (www.ico.org.uk). However, we would appreciate the opportunity to address your concerns before you approach the ICO. 

    Security   

    We employ advanced internet technologies to safeguard your data. During the online inquiry process, your information is protected using SSL encryption. Additionally, our systems are secured with firewalls to prevent unauthorized external access. We also implement various technical and organizational security measures to protect the personal data you provide.  

    Social Media   

    1. We maintain a presence on social media platforms, specifically Instagram and Facebook, to engage with our customers, interested parties, and registered users, as well as to inform them about our offerings. It is important to note that your use of these social media platforms and their features is at your own risk, particularly concerning interactive functions such as commenting, sharing, and rating. As the provider of our social media profile, we do not collect or process any data resulting from your interactions on these platforms. The processing of personal data from users is grounded in our legitimate interests in delivering effective information and facilitating communication. 
    1. Analysis and Online Marketing   
    1. With your consent upon your initial visit to our website, as well as based on our legitimate interests, we utilize various tools for analytics and marketing services. For more information, please refer to our cookie policy. 
    1. 1. a) Google Analytics   
    1. We employ Google Analytics, a service provided by Google Inc., to assess your usage of our website, generate reports on user activity, and offer additional services related to website usage aimed at enhancing the user experience. Google Analytics primarily records and systematically analyzes visitor interactions through the use of cookies.  

    The following data is processed by Google Analytics: 

    • Anonymized 3-byte IP address of the website visitor’s device,  

    • The specific webpage accessed,   

    • The referring website that led the user to our page,   

    • The subpages visited within our website,   

    • The duration of time spent on the website,   

    • The frequency of visits to the website.   

    1. Google asserts that it will not link your IP address with any other data in its possession. You have the option to prevent cookie storage by adjusting your browser settings. Additionally, you can stop the collection of data generated by Google and the processing of that data.c)  

    Google Remarketing (Google Ads) 

    As a further tracking technology, we have integrated Google Remarketing services on our website. Google Remarketing is a function of Google Ads that enables a company to display advertisements to Internet users who have previously visited the company’s website. The integration of Google Remarketing thus allows a company to create user-related advertising and consequently to display interest-relevant advertisements to the Internet user. 

     

    The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing enables us to display advertisements via the Google advertising network or to have them displayed on other Internet pages that are tailored to the individual needs and interests of Internet users. 

     

    You have the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.com/settings/ads from any of the internet browsers he or she uses and make the desired settings there. 

     

    1. d) Google Maps 

    We use the services of Google Maps provided by Google Inc to allow us to show you interactive maps directly and to enable you to use the map function conveniently. Google receives the information that you have called up the corresponding sub-page of our website and in addition, the data your location data will be transmitted. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its services. The legal basis for this processing is our legitimate interest. 

     

    Advertising and Marketing 

    Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to. 

     

    You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us. 

     

    Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.  

     

    Updating your information  

    If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.  

     For your protection and the protection for all our users, we may ask you to provide proof of identity before we can answer the above requests. Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore. 

      Changes and updates to the privacy policy 

    We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification. 

    Concerns and Contact 

    If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us. 

    Who should I contact for more information? 

    If you have any questions or comments about our Privacy Policy or wish to exercise your rights or withdraw your consent, please contact us using the following contact details: 

      Avalon Skin Clinic  

    178 a high street 

    Rochester  

    Kent 

     

    Web: www.avalonskinclinic@gmail.com  

    Instagram 

    Facebook  

    This Privacy Policy was last updated on Wednesday, 12 March 2025