Ferndale Pharmaceuticals Ltd who also trade as AesthetiCare and may from time to time trade under different names, is a limited company incorporated in England and Wales with company number 04720051 and having its registered office at Unit 740, Street 2, Thorp Arch Estate, Wetherby, England LS23 7FX (“Ferndale/ “AesthetiCare” / “we” / “our” / “us”), is committed to ensuring that your privacy is protected. We will continue to comply with the provisions of the Data Protection Act 1998 (“DPA”) until midnight at the start of 25 May 2018, after which we will comply with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) unless and until the GDPR is no longer directly applicable in the UK, together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to the GDPR and the DPA (together “Data Protection Legislation”). Ferndale is the data controller of data you pass to us pursuant to this policy.
Our Data Protection Officer can be contacted using the following email address firstname.lastname@example.org or alternatively writing to our registered office address set out above and marking it for the attention of the Data Protection Officer.
What information do we hold and how will we use it?
1.1 We may collect and process the following data about you:
1.1.1 Information you give us: You may give us information about you by filling in forms on the Website or by corresponding with us by phone, email or by purchasing products from us or signing up for services and the provision of useful information that we may from time to time provide.The information you give us may include your name, email address, address / location and phone number. You may provide demographic data about you and / or information about your lifestyle and leisure interests. You may give us financial and/or credit card information, please note that wedo not store credit card cvc details nor do we share financial details with third parties. We will retain this information for up to 6 years.
1.1.2 Information we collect about you: We may automatically collect the following information from you when you visit the Website:
18.104.22.168 technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform; and
22.214.171.124 information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from the Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer services number.
We will retain this information for up to 6 years.
1.1.3 Information we receive from other sources: We work closely with third parties to help provide a high level of service to you (including, for example business partners payment and delivery services, advertising networks, analytics providers, search information providers). Where these third parties provide personal information such as those mentioned in 1.1.1 we will retain this information for up to 6 years.
Use made of the information
3.1 Provided that we have obtained your consent to the extent we are required to under the Data Protection Legislation, we may use the information you give to us to and that we collect from you to:
3.1.1 to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
3.1.2 to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
3.1.3 to provide you with information about goods or services we feel may interest you. We will only contact you with information about goods and services similar to those which were the subject of a previous sale and / or negotiations of a sale to you and / or that you have indicated interest in;
3.1.4 to notify you about changes to our service;
3.1.5 ensure that content from the Website is presented in the most effective manner for you and your computer;
3.1.6 to administer the Website and for internal operations, including troubleshooting, data analysis, testing and research purposes;
3.1.7 to improve the Website to ensure that content is presented in the most effective manner for you and for your computer;
3.1.8 to allow you to participate in interactive features of the Website, when you choose to do so; and
3.1.9 as part of our efforts to keep our site safe and secure.
3.2 We collect and process much of your personal information on the grounds of legitimate interests, which include some or all of the following:
• where the processing enables us to enhance, modify, personalise or otherwise improve the Website, our services and communications for the benefit of our customers;
• to identify and prevent fraud;
• to enhance the security of our network and information systems;
• to better understand how people interact with our websites;
• administer the Website and carry out data analysis, troubleshooting and testing; and
• to determine the effectiveness of promotional campaigns and advertising.
3.3 If we require your personal data for fulfilment of a contract with you, we may be unable to fulfil the contract without your personal data.
3.4 If we are unable to rely on legitimate interests or any other ground set out in the GDPR to process your personal data, we will obtain consent from you to the processing.
3.5 You have the right to withdraw your consent to the processing of your personal data at any time. If you would like to withdraw your consent, or prefer not to receive any of the above-mentioned information (or if you only want to receive certain information) from us please let us know by contacting us via the following webpage http://hello.aestheticare.co.uk/gdpr or sending us an email at email@example.com. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit. Withdrawal of your consent won’t affect any processing we have carried out in respect of your personal data prior to you withdrawing consent.
3.6 If you wish to have your information removed from our database or if you do not want us to contact you for marketing purposes, please let us know by clicking the “Unsubscribe” option in any email we send to you and providing the details requested or by contacting us via the following webpage http://hello.aestheticare.co.uk/gdpr and we will take steps to ensure that this information is deleted as soon as reasonably practicable.
3.7 We will not share, sell or distribute any of the information you provide to us (other than as set out in this policy) without your prior consent, unless required to do so by law.
3.8 We may combine information we receive from other sources with information you give to us and information we collect about you. We may use the combined information for the purposes set out above (depending on the types of information we receive).
Third Party Sites
4.1 The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to such websites.
How safe is your information?
5.1 Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
5.2 Protecting your security and privacy is extremely important to us and we make every effort to secure your information and maintain your confidentiality in accordance with the terms of the Data Protection Legislation. The Website is protected by various levels of security technology, which are designed to protect your information from any unauthorised or unlawful access, processing, accidental loss, destruction and damage.
5.3 Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; and transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Disclosure of your information
6.1 We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
6.2 We may share your information with selected third parties including:
6.2.1 business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
6.2.3 advertisers and advertising networks that require the data to select and serve relevant adverts to you and analytics and search engine providers that assist us in the improvement and optimisation of the Website.
6.3 Please note that we may need to disclose your personal information where we:
6.3.1 sell or buy any business or assets of Ferndale or part or all of Ferndale in which case we may disclose your personal data to the prospective buyer or seller;
6.3.2 are under a legal duty to comply with any legal obligation or in order to enforce or apply our terms and conditions; or
6.3.3 need to disclose it to protect the rights, property or safety of Ferndale, our customers or others, including the exchange for information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction.
Your rights in respect of your data
7.1 There are a number of rights available to you under GDPR:
7.1.1 Access to your information
You can ask us to confirm that we process your personal data and provide access to and copies of the information we hold about you by contacting us via the following webpage http://hello.aestheticare.co.uk/gdpr. We will process your request to access your information and provide this information to you free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge if you request more than one copy of the same information.
We will provide the information you request as soon as possible and in any event within one month of receiving your request, unless there are extenuating circumstances. If we need more information to comply with your request, we’ll let you know.
7.1.2 Rectification of your data
If you believe personal data we hold about you is inaccurate or incomplete, or any of the information you provide to us changes, please let us know as soon as possible so that we can make the necessary changes to the information we hold for you on our database.
We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate for us to do so in which case we’ll let you know why. We’ll also let you know if we need more time to comply with your request.
7.1.3 Right to be forgotten
In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:
• where we no longer need your personal data for the purpose for which we collected it;
• where we have collected your personal data on the grounds of consent and you withdraw that consent;
• where you object to the processing and we don’t have any overriding legitimate interests to continuing processing the data;
• where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR);
• where the personal data has to be deleted to comply with a legal obligation; and
• where the personal data we process relates to the offer of online services to a child.
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.
7.1.4 Right to restrict / object to processing
In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:
• if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
• if you have objected to us processing the data (see below) – we’ll cease processing it until we have determined whether our legitimate interests override your objection;
• if the processing is unlawful; or
• if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.
You are entitled to object to us processing your personal data:
• if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
• for direct marketing purposes (including profiling); and/or
• for the purposes of scientific or historical research and statistics.
In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
7.1.5 Data Portability
You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies:
• to personal data you provide to us;
• where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
• where we carry out the processing by automated means.
We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.
7.2 If you have any complaints about our use of your personal data, please contact us. You are also entitled to report any concerns which you may have to supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office. You can call the ICO on 0303 123 1113 or get in touch via other means as set out on the ICO website at https://ico.org.uk/concerns/.