Privacy Policy

Cheshire Lasers values your privacy and want to be clear about the data we collect, how we use it and your rights to control that information. This policy reflects the high standards established by the General Data Protection Regulation (GDPR), a set of laws passed in the European Union. It applies to information collected by us or provided by you, during your appointment, via email, our website, or in any other way, including over the phone.
We are committed to protecting the privacy of our patients/clients. This privacy policy is intended to inform you on how we gather, define and use your data.
All your personal data will be held and used in accordance with GDPR and national laws implementing GDPR and any legislation that replaces it in whole or in part relating to the protection of personal data.

Information Collection
We do not collect personally identifiable information about you except when you provide it to us directly or through a third party. For example, if you subscribe to our MailChimp newsletter, complete a Jotform online survey, leave a review on reviews.co.uk, book a treatment with us, or consent to have a treatment with us or make a purchase.

The Information we Record via our Website
When you visit our websites (via a computer, mobile or hand-held device), you may provide us with personal information, including your name, address, contact details and financial data (via Pay Pal of Fresha).
This information is gathered when you register or book an appointment online using the Daysmart appointment System, email the Clinic, make a purchase from the online shop or, sign up for our newsletter (via Mail Chimp), complete a Jotform online survey or leave a review on reviews.co.uk.

Our websites use the Google Analytics cookie. The Google Analytics cookie allows us to see information on user website activity including, but not limited to page views, referral and average time spent on the website. The information is depersonalised and is displayed as numbers, meaning it will not be tracked back to individuals, which helps to protect your privacy. Using Google Analytics we can see what content is popular on our website, and strive to ensure you have the best user experience possible.
Our websites may contain links to or from other websites. Please be aware that we are not responsible for the privacy practices of other websites. This privacy policy applies only to the information we collect on this Site. We encourage you to read the privacy policies of other websites you link to from our site or otherwise visit.

The information we Record via Emails
When you correspond with the Cheshire Lasers by email, we may need to retain the content of your email and any photographs supplied together with our replies, as they form part of your medical records.

The Information We Record During Your Consultations & Treatment Appointments
When you visit the Cheshire Lasers Clinic you provide personal information including your name, address, date of birth, contact details and medical history.
During your consultation medical notes are taken, which may include any allergies, operations and medication. We also record treatment data which may include details of treatments or procedures you have had.
Depending on the treatment, photography and prescriptions may sometimes be required. This will form part of your treatment/medical records.
During your visit you may be asked to read and sign consent and after care forms which form part of your treatment/medical records. During your treatment we will record treatment settings, outcomes and may take photographs which form part of your treatment / medical records.

How We Use Your Information
Your personal details and medical records are for legitimate purposes and ensure we are able to :

  • Provide the best possible care
  • Provide Beauty, Medical and Aesthetic treatments safety
  • Identify any contraindications you may have for specific treatments
  • Diagnose medical concerns, provide treatment plans and write prescriptions
  • Maintain an accurate appointment diary for all our specialist
  • Confirm your appointment by text, email or phone
  • To answer your questions by email or phone
  • Keep you up to date on news and treatments offered by the Clinic
  • To contact you for post-treatment follow up and care, including survey requests in order to improve our service

You have a responsibility to inform us if any of your details such as name, address, contact numbers change, so our records are accurate and up to date for you. Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email.

Marketing
We use MailChimp as our marketing automation platform. By agreeing to this, you acknowledge that the information you provide will be transferred to MailChimp for processing in accordance with their Privacy Policy. You have the right to ask us not to process your personal data for marketing purposes and can opt-out from marketing at any time. This can be done by unsubscribing to one of their emails or we can unsubscribe for you. This will not affect our use of your data to contact you to remind you about your appointments.

Taking Payments
We take card payments using our Fresha Appointment System, Fresha Card machine, World Pay credit card machine in the clinic and Pay Pal for online product payments. These third parties have access to your Transaction Data and have their own GDPR-compliant policies.

Appointment System
We use Day Smart, formerly known as Appointment Plus, for our associate’s appointment diary; this enables you to book appointments online with most of our associate specialists, and it also sends automatic appointment confirmations and reminders. We store your contact details, such as Name, address, email and phone numbers here in order to identify you and send you confirmations and reminders in case we need to inform you of anything related to your appointment. Please view here for more information on Appointment Plus and its data policy.

Fresha System
For our aestheticians, we use the Fresha appointment system; this system is also used to take our payments. We store your contact details, such as Name, address, email and phone numbers here to identify you and send you confirmations and reminders if we need to inform you of anything related to your appointment. This system will also ask you to enter your card details to reserve your appointment and ask you to confirm you accept our 48-hour cancellation policy. Our staff can no see add or remove your card details.

You can remove your card details from the Fresha system at any time. Simply click on this link log in to the system to access your details and click on the three dots next to your card details and click remove card.  To enter your card details you must have set up an account as Cheshire Lasers can not add the details for you.

You can also edit or remove other details on the system using the same link.

If you have forgotten your password, please enter the email you used to set up the account and click forgot password. Alternatively, you may have used Facebook or Google to set up the account.

 

Treatments requiring prescriptions
At Cheshire Lasers, some treatments require a prescription by a doctor or prescribing health practitioner. These prescriptions will need to be sent to a pharmacy to provide your agreed treatment. Opting out of sharing your information with these providers may affect our ability to treat you. All our suppliers have entered into appropriate confidentiality obligations and/or contractual data processing clauses with us.

How We Maintain Confidentiality of your Records
Every staff member has a legal obligation to keep information about you confidential.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business and need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Depending on the service you use your records are locked away or stored electronically in a GDPR compliant software system. All digital data is secure and is highly protected from unauthorised persons and is also protected from deletion or malicious hacking.

How We Share Your Information
We will only share your information if you have given us written permission to make/cancel appointments with a family member/employee.
We do not sell our database to third parties.
We never share any information with third parties unless there is a genuine need for it, or we receive their request in writing and we have your written consent.

Disclosure of Personally Identifiable Information

  • Fraud Protection and Compliance with Law
    We may need to disclose your personal information or share your personal information in order to comply with any legal or regulatory requirement, obligation or request. This includes the police for the prevention or investigation of a crime, HMRC, or our Insurers, legal advisors or other third parties who need access to it in the context of managing, investigating or defending claims or complaints.
  • Service Providers
    We may retain other companies and individuals to perform functions consistent with our Privacy Policy on our behalf. Examples include customer support specialists, webhosting companies, credit card processing companies, fulfilment companies (e.g., companies that fill product orders or coordinate mailings), data analysis firms and email service providers. Such third parties may be provided with access to personally identifiable information needed to perform their functions, but may not use such information for any other purpose. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

How long do we hold your information?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
As a medical clinic, we are required to hold medical records for ten years from your last treatment.
Job applications and unsuccessful interview candidates – 6 months
Employee Records – Indefinitely
Marketing Enquiries and Emails – 6 months

Your Rights
You can withdraw your consent at any time by contacting us via email or letter. We will no longer contact you, although medical records must be retained for ten years. Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
You have the right to request a copy of your medical records and this request must be put in writing and signed by the patient. We are required to respond to you within 30 days.
You have the right to have information updated or corrected if you feel it is inaccurate, incomplete or out of date. This request must put in writing and signed by the patient.

Changing our Privacy Policy
Our privacy policy will be reviewed regularly and updated as needed or as required by law.
The revised policy will be displayed on our website and a notification displayed in our waiting room. Where necessary, you may be asked to sign the consent form again.

Objections & Complaints
Our Data Protection Officer ensures the Clinic keeps your information secure and confidential.
If you have concerns about the way your information is managed please contact the clinic on 01606 841255 or email cheshirelasers@aol.com
If you are still unhappy, you can then complain to the Information Commissioners Office (ICO) at www.ico.gov.uk or telephone 0303 123 1113.

Data Breaches
Cheshire Lasers Clinic has a data breach policy, and in the unlikely event of a breach occurring, a further investigation will be held. Lessons learnt will be added to the policy, and the relevant supervising bodies will be notified if required.

Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page.

This privacy policy was last updated on 9 January 2024.