Our Policies

This GDPR Policy outlines how Kensington Skin Clinic, with a registered address at 54 Knightsbridge, London, SW1X 7JN, collects, uses, shares, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) 2016/679.

1. Data Controller

Who we are: Kensington Skin Clinic
How to contact us: You can contact us by email at info@kensingtonskinclinic.co.uk or by post at 54 Knightsbridge, London, SW1X 7JN.

2. What information we collect

We may collect the following personal data:

Information you provide directly:
Name
Email address
Phone number
Mailing address
Date of birth (where necessary)
Information in contact forms
Information in website registrations
Information in online consultations
Information in customer support inquiries
Information collected automatically:
IP address
Browser type and version
Operating system
Referrer URL
Page views
Website navigation
Cookies and similar technologies (see our Cookie Policy for more details)

3. How we use your information

We use your personal data for the following purposes:

To provide and improve our services: This includes booking appointments, processing payments, providing customer support, personalizing your user experience, and delivering skincare products.
To communicate with you: This includes sending you appointment confirmations, treatment reminders, marketing communications (with your consent), and responding to your inquiries.
To analyze website usage: This helps us understand how visitors use our website and improve its functionality and user experience.
To comply with legal and regulatory obligations: This includes preventing fraud, complying with legal requests, and enforcing our terms and conditions.

4. Legal basis for processing

We rely on the following legal bases to process your personal data:

Consent: Where you have given explicit consent to the processing of your personal data for specific purposes, such as marketing communications.
Contract: When the processing is necessary for the performance of a contract with you (e.g., booking an appointment).
Legitimate interests: When the processing is necessary for our legitimate interests, such as providing and improving our services, ensuring the security of our website, and complying with legal obligations.  

5. Data sharing

We may share your personal data with the following third parties:

Payment processors: To process your payments securely.
Appointment booking systems: To manage your appointments.
Service providers: To assist us with website maintenance, customer support, and marketing activities. These service providers will be bound by contractual obligations to protect your personal data.
Legal and regulatory authorities: To comply with legal requests and enforce our terms and conditions.

6. Data security

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, and destruction. These measures include:  

Encryption: We use encryption technologies to protect your data during transmission.
Access controls: We restrict access to your personal data to authorized personnel only.
Regular security reviews: We conduct regular security reviews to identify and address potential vulnerabilities.

7. Data retention

We will retain your personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law. We may retain your data for a longer period for legal, tax, or regulatory reasons.  

8. Your rights

You have the following rights under the GDPR:

Right of access: You have the right to request access to your personal data and information about how we process it.  
Right to rectification: You have the right to request the rectification of inaccurate or incomplete personal data.  
Right to erasure (“right to be forgotten”): You have the right to request the erasure of your personal data in certain circumstances.  
Right to restriction of processing: You have the right to request the restriction of processing of your personal data in certain circumstances.  
Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.  
Right to object: You have the right to object to the processing of your personal data in certain circumstances.  
Right to withdraw consent: You have the right to withdraw your consent to the processing of your personal data at any time.  
To exercise any of these rights, please contact us using the contact information provided above.  

9. Changes to this policy

We may update this GDPR Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and, where appropriate, by other means such as email.