• Home
  • Privacy Policy

PRIVACY POLICY

Wigmore Medical Ltd ("We") are committed to protecting and respecting your privacy.

1. IMPORTANT INFORMATION AND WHO WE ARE.

This policy (together with our Terms of Website Use, Cookies Policy, Conditions of Sale, and any other documents referred to within) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data. By visiting www.wigmoremedical.com (our site) you are accepting and consenting to the practices described in this policy.

For the purpose of the General Data Protection Regulations (GDPR), the data controller is Wigmore Medical Ltd of 23 Wigmore Street, London W1U 1PL.

Wigmore Medical has appointed a Data Protection Officer (DPO) who can be contacted at:

DPO@Wigmoremedical.com
Data Protection Officer
Wigmore Medical
23 Wigmore Street
London W1U 1PL

We know that you value your privacy and the security of personal information held about you. We are committed to handling your Personal Data and personal sensitive data in line with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.

  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

  • Relevant to the purposes we have told you about and limited only to those purposes.

  • Accurate and kept up to date.

  • Kept only as long as necessary for the purposes we have told you about.

  • Kept securely.

This website is not intended for children and we do not knowingly collect data relating to children.

Personal Data means information that can directly or indirectly identify you ("Personal Data"). This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as an IP address.

Information about health, such as prescriptions, is a special category of Personal Data that requires additional safeguarding measures.

We use different methods to collect data from and about you, including through:

Direct interactions: You may give us your Personal Data by speaking to us in person on-site or off-site; filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • apply for or buy our products or services;

  • create an account on our website;

  • subscribe to our service or publications;

  • request marketing to be sent to you; or

  • give us some feedback.

Automated technologies or interactions: As you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, and other similar technologies. Please see our Cookies Policy for further details.

Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:

  • Technical data from analytics providers such as Google based outside the EU (please see our Cookies Policy);

  • Contact and financial data from providers of technical, payment and delivery services such as our bank based inside the EU.

  • Contact data from publicly availably sources such as Companies House based inside the EU.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

To see what personal data we collect, for what purpose, how we use it, retain it and secure it, please see the different categories below.

1. Prescriptions dispensed in the pharmacy

In order to provide the highest quality healthcare service, we need to keep records about your health and the care we have provided or plan to provide to you.

Information recorded

As part of providing a professional, safe and efficient service, there is certain information that we record. This includes details of drugs and appliances dispensed against NHS and private prescriptions as well as significant advice given, and referrals made to other health professionals and any other relevant information. Such information may include:

  • basic details about you, such as name, address, date of birth, next of kin;

  • records of medicines you have been prescribed by your doctor or another qualified prescriber, and which have been supplied by this pharmacy;

  • details of medicines purchased from the pharmacy without a prescription such as over the counter medicines "OTC");

  • other details and notes about your health and medical treatment;

  • information relevant to your continued care from other people who care for you and know you well, such as other health professionals (prescribers' name, address and registration number) and relatives;

  • signatures for the collection of Controlled Drugs; and

  • any other services we provide to you, for example, a flu vaccination.

Processing Information

We process your personal data, which includes information from your prescriptions and any other pharmacy and health care services we provide to you (including flu vaccinations) for the purposes of:

Your care -providing pharmacy services and care to you and, as appropriate, sharing your information with your GP or prescriber, and others in the wider NHS or prescriber clinic;

Our payments - sharing your information with the NHS Business Services Authority, others in the wider NHS, and sometimes Local Authorities, and only limited information to those external to the NHS who negotiate and check the accuracy of our payments and any exemptions; and,

Management - sharing only limited information with our accounts team regarding prescriptions which are placed on Wigmore Medical accounts; with the NHS Business Services Authority and others in the wider NHS, and sometimes Local Authorities; as well as those external to the NHS who ensure we maintain appropriate professional and service standards and that your declarations and ours are accurate such as the GPhC for compliance and enforcement purposes.

Our Suppliers - we may on occasion have to submit redacted prescriptions to our suppliers to access restricted supply medications. Information supplied will only include the prescriber details and the medication; no patient details.

We hold your Personal Data on a secure PMR system for as long as advised by the NHS. We hold repeat prescriptions securely on the premises until they are fulfilled. Paper copies of private prescriptions are securely archived for two years, as recommended by the Royal Pharmaceutical Society, before being securely destroyed. Destruction records are retained.

Sometimes prescriptions will be sent directly from your GP to the pharmacy under the NHS Electronic Prescription Service (EPS). EPS is reliable, secure and confidential. Your electronic prescription will be seen by the same people in GP practices, pharmacies, and NHS prescription payment and fraud agencies that see your paper prescription now.

We process your personal data in the performance of a task in the public interest for the provision of healthcare and treatment, and to comply with our legal obligations. A pharmacist is responsible for the confidentiality of your information.

Your Rights

You have the right to confidentiality under the General Data Protection Regulation and the common law duty of confidence.

All of our staff contracts of employment contain a requirement to keep patient information confidential. All staff that deal with Personal Data with regards to prescriptions, OTC medicines or work in the pharmacy are also trained in and must comply with the NHS Code of Practice on Confidential Information. In addition, pharmacists have a requirement under their professional standards to keep records about you confidential, secure and accurate.

Our guiding principle is that we process your records in strict confidence.

You have the right to ask for a copy of all pharmacy records about you (generally in paper or electronic form).

Generally, there will be no charge for a printed copy of the information we hold about you. We are required to respond to your request within one month. You will need to give adequate information in order for pharmacy staff to identify you (for example, full name, address and date of birth). You will be required to provide ID, for example a passport, full driving licence or credit/debit card before any information is released to you.

If you think any information we hold on you is inaccurate or incorrect, please let us know.

You may object to us holding your information. If you have any further queries about this policy, or wish to find out more about your rights, please contact the Data Protection Officer at DPO@Wigmoremedical.com

You may lodge a complaint with the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

2. Retail orders placed in the pharmacy or over the telephone

What information is collected?

When you place an order for products in the pharmacy in person or over the telephone, or apply for a VAT refund for products purchased in the pharmacy we may collect the following Personal Data from you:

Name, title, postal address, email address, home telephone, mobile number, payment information (i.e. bank or credit card details), order history, age/date of birth, information on the handling of your request (including information relating to prescription or pharmacy medicines and other medicine beauty products that you order), and other Personal Data you voluntarily provide to us.

What is the purpose of the processing?

We process this Personal Data to provide you with our products or services and take payment for such products or services that you have requested from us.

Where and for how long is the data stored?

We store your Personal Data securely on site or securely archived off-site in the UK as long as we are required to keep the information by law, normally up to six years.

Who may the information be shared with?

We may share this information with our employees to provide a safe and secure services, as well as our merchant payment services provider, HMRC and delivery provider such as a courier or Royal Mail.

What is the legal basis for processing the Personal Data?

We need this information to process your order or any other service you request from us (performance of a contract). If we need information about you that is considered sensitive (e.g. information on your health for medication) we will inform you in a transparent manner about our legal obligations to process such personal data. Your data is not used for any further purpose including marketing.

3. CCTV

Please see our CCTV policy

1. Ownership

Wigmore Medical Ltd (hereafter 'Wigmore Medical') operates a CCTV surveillance system ("the system") in the public areas of its premises at 23 Wigmore Street, London W1U 1PL, and in the basement of the premises, with images being monitored and recorded centrally. The system is owned and managed by Wigmore Medical. The responsible manager is the Contracts Manager.

2. Compliance

Images obtained from the system which include recognisable individuals constitute personal data and are covered by the Data Protection Act 2018. This Policy should therefore be read in conjunction with Wigmore Medical's Privacy Policy. Wigmore Medical is the registered data controller under the terms of the Act. This policy has been drawn up in accordance with the advisory guidance contained within the Information Commissioner's CCTV Code of Practice and the Home Office Surveillance Camera Code of Practice.

3. Purpose

Wigmore Medical's registered purpose for processing personal data through use of the system is crime prevention and/or staff monitoring, under our legitimate interests. This is further defined as: CCTV is used for maintaining public safety, the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, court or tribunal, security organisations and persons making an enquiry.

The operators of the system recognise the effect of such systems on the individual and the right to privacy. Full details of Wigmore Medical's data protection registration are available on the Information Commissioner's Office website.

4. Description

The system is intended to produce images as clear as possible and appropriate for the purposes stated. The system is operated to provide when required, information and images of evidential value.

Cameras are located at strategic points throughout the public area of Wigmore Medical and signage is prominently placed at strategic points on the estate to inform staff, visitors and members of the public that a CCTV installation is in use.

5. Operation

Images captured by the system are recorded continuously and may be monitored by Wigmore Medical. Images displayed on monitors are not visible from public areas. All staff with view of the monitors are made aware of the sensitivity of watching the live feed. The Contracts Manager is the only member of staff that is able to review the recordings and give access to the recordings to any third party. The Contracts Manager is aware of the sensitivity of such images and recordings.

6. Information retention

The images captured by the CCTV system will be retained for a maximum of 10 days, except where the image identifies an issue and is retained specifically in the context of an investigation / prosecution of that issue. No more images and information shall be stored than is required for the stated purpose. Images will be deleted once their purpose has been discharged or in the event of a prosecution, as long as is lawfully required, which may be up to six years.

7. Access

Access to recorded images (as opposed to the live feed) is restricted to those who need to have access in accordance with this policy, the SOPs and any governing legislation.

Disclosure of recorded material will only be made to third parties in accordance with the purposes of the system and in compliance with the Data Protection Act. Anyone who believes that they have been filmed by the system can request a copy of the recording, subject to any restrictions covered by the Data Protection Act ("Subject access request"). Provided always that such an image/recording exists i.e. has not been deleted and provided also that an exemption/prohibition does not apply to the release. Where the image/recording identifies another individual, those images may only be released where they can be redacted/anonymised so that the other person is not identified or identifiable. Procedures are in place to ensure all such access requests are dealt with effectively and within the law. Access requests should be addressed to Contracts Manager Wigmore Medical, 23 Wigmore Street, London W1U 1PL. Wigmore Medical will respond within one month.

A person should provide all the necessary information to assist Wigmore Medical in locating the CCTV recorded data, such as the date, time and location of the recording. If the image is of such poor quality as not to clearly identify an individual, that image may not be considered to be personal data and may not be handed over by Wigmore Medical.

8. Feedback

Members of the public should address any concerns or complaints over use of the Wigmore Medical's CCTV system to DPO@Wigmoremedical.com

9. Annual review

This policy was approved by the management board of Wigmore Medical on 25 May 2018. It will be reviewed annually to ensure that the purpose still applies.

4. Visitors

What information is collected?

When visitors come to our premises for meetings, inspections, project work, building and electrical work etc, we may collect the following Personal Data: name and company.

What is the purpose of the processing?

We process this Personal Data to know who is on-site and to check timings and attendance in relation to project works.

Where and for how long is the data stored?

The Personal Data is kept as a hardcopy in the Visitors Book at three separate locations on the premises. The data is kept securely on-site and retained as long as lawfully required.

Who may the information be shared with?

We may share this information with our employees and, in the case of project works, the managing agents for the building.

What is the legal basis for processing the Personal Data?

We process this information under our legitimate interest in knowing who is on-site to ensure the privacy, safety and security of our premises, our staff, and you. Also, to confirm attendance for work projects to confirm the performance of a contract.

5. Account holders

Medical and aesthetic professionals are able to set-up a Wigmore Medical account which allows them to order medicines, medical devices and skincare products on a wholesale or prescription basis. Wigmore Medical may offer credit terms to its account holders.

Doctors, dentists, nurses, pharmacists, business owners and beauticians are able to open accounts on-line at Wigmoremedical.com or off-line via an application form. A trained, registered prescriber must be set-up on your account to order any prescription-only medicine and certain skincare products.

What information is collected?

When you apply for a Wigmore Medical account (on-line or off-line), we may collect the following Personal Data from you: name, title, professional registration number, postal address for deliveries, invoice address, email address, business telephone number, mobile number, prescriber name, prescriber title, prescriber professional registration number, bank reference, trade reference, signature, photographic identification, date of birth, gender.

When you use your account to place an order, we may collect the following further Personal Data from you: prescriptions for your patients (including their name, address, date of birth, health information), payment information (i.e. bank, debit/credit card, cheque details), and a further delivery address. We may also collect further information in the event of a dispute, return, refund or complaint.

You must ensure that the information you provide is accurate and complete. Failure to provide accurate information may lead to your account being closed.

With regard to each of your visits to our site we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

What is the purpose of the processing?

We process this Personal Data to provide you with an account at Wigmore Medical, including an account identifier, so that you can place orders for our products.

We process this further Personal Data to provide you with your orders, dispense medication for your patients, take payment for your orders, and deal with any queries or returns or complaints.

Where and for how long is the data stored?

On-line applications are kept on a secure European-based server and cloud. Off-line applications are kept securely on-site. After two years, off-line applications are moved to a secure archive off-site. Access to such information is limited to those members of staff that need to access them. All applications are kept as long as the account remains in use, and up to seven years after the last transaction.

You are responsible for updating your key contact information on your account. Such updates may only be accepted in writing.

Orders and prescriptions sent through the My Wigmore Portal at wigmoremedical.com are kept encrypted on a secure EU-based server and cloud. Access to such orders/prescriptions are limited to those members of staff that need to access them. Wigmore Medical advocates the use of the My Wigmore Portal for placing orders.

Prescriptions received via email will be hosted on our secure email server and cloud based in the EU. Wigmore Medical advocates that account holders consider sending prescriptions on encrypted emails as a further security measure.

Prescription data is entered into a secure PMR system for as long as advised by the NHS. Paper copies of private prescriptions are securely archived for two years, as recommended by the Royal Pharmaceutical Society before being securely destroyed. Destruction records are retained.

All of our staff contracts of employment contain a requirement to keep patient information confidential. All staff that deal with Personal Data with regards to prescriptions are also trained in and must comply with the NHS Code of Practice on Confidential Information. In addition, pharmacists have a requirement under their professional standards to keep records about you confidential, secure and accurate.

Order and payment details, as well as complaints and credit notes are kept on our secure accounts EU-based server and cloud system for as long as is legally required, normally up to seven years as per HMRC guidelines. Debit or credit card details are not retained at any point, except for the merchant receipt.

Marketing

If you opt-in (on-line or off-line) to receive on-line marketing and offers we will add your name and email address to our marketing database which is managed by MailChimp, which maintains equivalency to EU data protection under the Shield certification. Please review their data policy here https://mailchimp.com/legal/terms/. You can change your marketing preferences at any time and will always be offered the opportunity to unsubscribe. We process your name and email address on this basis under your positive consent to do so.

Under EU direct marketing laws we may also send you on-line marketing if you have previously placed an order with us. You can change your marketing preferences at any time and will always be offered the opportunity to unsubscribe.

We may from time to time sent direct print marketing to you, under our legitimate interests.

We will still contact you regarding your account or orders even if you have opted out of receiving marketing from us.

Who may the information be shared with?

We may share Personal Data that we receive from account holders including information used to set-up their account with the following third parties:

Our group companies -we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. Where our group members are not based in the EEA we will ensure that any transferred data is treated in a manner commensurate with EU data protection laws.

Our service providers -This includes external third-party service providers, such as accountants, auditors, experts, lawyers, credit reference agencies, and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.

All our on-line service providers are based in the EU or have equivalency to EU data protection under the Shield certification. Our website has implemented Google Analytics Demographics and Interest Reporting. Any demographic reports produced using this data will be used to determine a better understand of our website traffic. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. In addition, you can use the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics. Please also see our Cookies policy for further information.

Government or other public authorities -including, but not limited to, HMRC, law enforcement or other agencies to which we are required to disclose Personal Data by law, or by a warrant, subpoena or court order.

Professional regulators -This includes the MHRA, GPhC, Royal Pharmaceutical Society, GMC, GDC, and NMC, who ensure we maintain appropriate professional and service standards and that your declarations and ours are accurate for compliance and enforcement purposes.

Our Suppliers - we may share Personal Data limited to your account name, account number and partial account address, and details of your purchases with a restricted list of our suppliers to fulfil our and our suppliers' legitimate interests. These legitimate interests include ensuring product safety and fulfilling reporting requirements with regards to faulty products and recalls. Our suppliers have a legitimate interest in wanting to help build and develop your business.

We will always process this information under contract and you may write to us to opt-out. If you would like any further information on how we share data with our suppliers, please contact the Data Protection Officer at DPO@wigmoremedical.com.

For further detail regarding Galderma's use of Personal Data, please see here

Galderma UK HCP Privacy Notice

This Privacy Notice sets out how Galderma (U.K.) Ltd (a company registered in England under number 715401 with registered office at Meridien House, 69-71 Clarendon Rd, Watford WD17 1DS) ("Galderma" or "we" or "us") will use and store your personal data when you purchase Galderma products from Galderma's distributor. By purchasing products from Galderma's distributor, you acknowledge that your personal data may be processed in accordance with the distributor's privacy policies and this Privacy Notice.

The distributor will collect and process your personal data as set out in their privacy policy.

The distributor also shares some information they collect about you (i.e. products you purchase (but not price paid), your name, and address details) with Galderma.

Galderma uses this information:

1. for fraud prevention and stock traceability (including for adverse reaction and product recall) purposes; and

2. to (i) better understand customer trends and (ii) provide you with further information about relevant Galderma products, services (e.g. training) and offers.

The processing for the first purpose is necessary for Galderma to comply with a legal obligation to which Galderma is subject and is necessary to protect your or your patients' vital interests. The processing for the second purpose is for the legitimate interest of Galderma informing and improving the products and services it provides to you, including to contact you with details of further products and services.

In addition, Galderma may combine the information you give to Galderma with information obtained from other sources and information Galderma may gather about you for the purpose of creating a customer profile, including for marketing purposes. For example, Galderma may combine the information they have about the training needs and requests that you have expressed an interest in, or other products that you purchase. Such processing is necessary for the legitimate interest of informing and improving the service Galderma provide to you.

In addition, Galderma may combine the information you give to Galderma with information obtained from other sources and information Galderma may gather about you for the purpose of creating a customer profile, including for marketing purposes. For example, Galderma may combine the information they have about the training needs and requests that you have expressed an interest in, or other products that you purchase. Such processing is necessary for the legitimate interest of informing and improving the service Galderma provide to you.

We believe that helping you with Galderma products and services is in your interests, but if you object to your data being shared with or used by Galderma for the latter (further information) purposes, please contact dataprotection.UK@galderma.com.

Galderma may share the above information with others in Galderma's group, and Galderma's auditors, accountants, lawyers and other professional advisers for the purpose of auditing the business or obtaining legal or other professional advice. Galderma may use a third party to analyse data on Galderma's behalf. Galderma may also share your personal data with other third parties in the context of the negotiations for a sale or restructuring of the business. Third party recipients of that information are required to take appropriate security measures to protect it in line with Galderma's policies. Galderma does not allow third party service providers to use that information for their own other purposes. Galderma only permits them to process that information for specified purposes and in accordance with Galderma's instructions.

Galderma keeps the personal data for as long as is necessary for providing you with the product or service you requested, and for legitimate business purposes, such as to analyse your interests and to offer you related products and services, or to comply with Galderma's legal obligations (including stock traceability purposes). To determine the appropriate retention period, Galderma consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, the purposes for which it is processed and whether those purposes can be achieved through other means, and the applicable legal requirements. Where a minimum retention period is required by law, Galderma complies with that minimum period plus up to 12 months to allow time to anonymise or delete it. If you would like to know which periods apply to your specific information, please contact Galderma UK at dataprotection.UK@galderma.com.

Galderma may anonymise personal information so that it can no longer be associated with you, in which case Galderma may use such information without further notice to you. Galderma does not transfer your personal data outside of the UK or EEA during the course of its business, except that Galderma may transfer your personal data to its group companies in Switzerland. If Galderma does transfer your personal data outside the UK or EEA, Galderma will ensure there are appropriate safeguards in place. For the transfers to Switzerland, Switzerland is deemed to have adequate protection in line with UK and EEA laws.

You have the right to object to any use by Galderma of your personal data, unless there are compelling legitimate grounds which override your interests, or Galderma is acting pursuant to a legal obligation. You also have the right to restrict the processing of your personal data (in limited circumstances), access, amend, erase or receive a copy of your personal data in a portable form to the extent permitted by law.

You have the right to contact a data protection authority if you have unresolved complaints. The UK regulator, the Information Commissioner's Office, can be found at: ico.org.uk. for more information, please contactdataprotection.UK@galderma.com; Tel: 01923208950.

Third parties -In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If Wigmore Medical or substantially all of its assets are acquired by a third party, Personal Data held by it about its customers will be one of the transferred assets.

What is the legal basis for processing the Personal Data?

We may process your Personal Data on the following bases:

  • To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;

  • Process prescriptions in the performance of a task in the public interest for the provision of healthcare and treatment and to comply with our legal obligations. A pharmacist is responsible for the confidentiality of your information;

  • Fulfil our legal and regulatory obligations such as preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies or the regulators; ensuring the health, safety and protection of our staff.

  • Exercise tasks under our legitimate interests such as to:

    • enforce our terms and conditions, notably conditions of returns, refunds and payments;

    • handing customer contacts, queries and complaints or disputes;

    • to protect our operations or those of any of our group companies;

    • to protect our rights, privacy, safety of property, and that of our group companies, you or others;

    • to allow us to pursue available remedies or limit our damages;

    • ensure the security and integrity of our services and ensuring our websites operate effectively;

    • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

    • to improve our website to ensure that content is presented in the most effective manner for you and for your computer;

    • where we extend credit to you for the products we may pass your Personal Data to credit reference agencies and they may keep a record of any search that they do. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

  • Your consent in relation to marketing; to deliver relevant on-line advertising to you; to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

In addition to wigmoremedical.com, we run the following websites:

Gloskinbeautyuk.com

Blog.gloskinbeautyuk.com

Wigmorelabs.com

Zo-skinhealth.com

Colorescienceuk.com

Please see the individual Privacy Policies and Cookies Policies for each website for further information about what data is collected and how it is used.

What information is collected?

When you book onto a training course or an Event day run or hosted by Wigmore Medical we may collect the following Personal Data from you:

  • Name, title, postal address, email address, home telephone, mobile number, payment information (i.e. bank or credit card details), order history, professional registration and qualification, training history, information on the handling of your request and any other Personal Data you voluntarily provide to us.

When you volunteer to be a model on a training course at our premises or off-site we may collect the following Personal Data from you:

  • Name, title, postal address, email address, home telephone, mobile number, treatment history, health data, complaints, reactions, age / date of birth, information on the handling of your request and any other Personal Data you voluntarily provide to us.

What is the purpose of the processing?

We process this Personal Data to book you onto a course or event day, ensure that you have the necessary qualifications and experience to join the course, and take payment if required. Also, we keep a record of attendees and can issue a certificate of completion or CPD points.

We process this Personal Data if you volunteer to be a model on the course, to ensure that you are a suitable candidate for the procedure, your have not had a reaction to previous treatments, or had treatments too close together. We keep a database of contact details for volunteers so that we can contact you about future courses.

Where and for how long is the data stored?

The information is kept by the training department on an EU-based secure server for as long as lawfully required. Hard copy consent forms for any treatment are kept securely on-site for as long as lawfully required.

Event day information is kept by the marketing department on an on an EU-based secure server for as long as lawfully required.

Who may the information be shared with?

The Personal Data may be shared with the trainer or company which is running the training course. In the case of a reaction to a treatment, we may also have to share some Personal Data with the manufacturer of the product and the MHRA.

What is the legal basis for processing the Personal Data?

We may process your Personal Data in order to provide the training course or access to an event to you as requested (performance of a contract), and under our legitimate interests to know who is on-site, and ensure the security of our premises, staff and yourself, as well as to improve our training courses.

We may process your Personal Data as a volunteer model under consent. You are required to fill in a consent form for each and every procedure. We may also process your Personal Data under our vital interests to protect the health and safety of attendees including models, and under legal obligations in the event of an adverse reaction to a product.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our site may, from time to time, contain links to and from the websites of our partner networks, our social media pages, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We do not sell, share or rent any information collected to third parties except for those detailed in this privacy policy.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see Cookies Policy.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Communication, engagement and actions taken through external social media platforms that this website and the Company participate are done on the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Under the General Data Protection Regulations you have the following rights:

  • Obtain from us confirmation as to whether or not we process Personal Data from you and, where that is the case, access to your Personal Data;

  • Rectification of inaccurate Personal Data;

  • Erasure of Personal Data;

  • Objection to the processing of Personal Data;

  • Restriction of processing of Personal Data; and

  • Portability of Personal Data - to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.

In some instances, for example in relation to processing medical records, our legal obligations or public duties may override your rights under data protection laws.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You can learn more about these rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. If you have any further queries about this policy, or wish to find out more about your rights, please contact the Data Protection Officer at DPO@wigmoremedical.com. Should you choose to exercise any of these rights, a record will be maintained by Wigmore Medical.

Where your consent is the legal basis for the processing of your Personal Data, you can withdraw your consent for marketing communications by logging into your account or using the unsubscribe link in any of our marketing communications or by sending us an email to DPO@wigmoremedical.com. Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal.

If you think that the processing of Personal Data by us violates data protection laws, you can lodge a complaint with the Information Commissioner in the UK (www.ico.org.uk) or the data protection commissioner in the republic of ireland (www.dataprotection.ie).

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:

Email: DPO@Wigmoremedical.com

Address:  Wigmore Medical, 23 Wigmore Street, London W1U 1PL

Thank you for visiting our site. This Privacy Policy was updated on 6 August 2018.