Your privacy matters to us
We are The Mayfair Skin Clinic Limited, trading as HAVA Aesthetics. We provide specialist aesthetic treatments and medical-grade skincare products. The Mayfair Skin Clinic Limited is a private limited company registered in England & Wales (08783151). Our registered address is 1 Park Road, Hampton Wick, Kingston Upon Thames, KT1 4AS. We are registered with the Information Commissioner’s Office under registration number ZB697180.
We are the data controller for the personal data we process about our clients, enquirers, and website users. This privacy notice explains how we collect, use and store your personal data, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Our privacy promise to you
Transparency
We are committed to protecting and respecting your privacy. We will always tell you what data we are collecting about you and how we use it and will never ask for more information than we need to. We will not share your data with any third parties, unless you have consented to this; they are a trusted partner working on our behalf; or the laws allow us to, and we will never sell your data.
Security
We are committed to following industry best practices to ensure your data is stored safely and securely. We will protect the information we process about you from accidental or unlawful access, disclosure, loss, damage or destruction.
Control
We will always give you control over the communications you receive from us and you can stop or tell us you no longer wish to receive these, at any time, by emailing info@havaaesthetics.com
How we obtain your personal data
Personal data means any information that can be used to identify you directly or indirectly, for example by your name, an identification number, your location data, an online identifier or any factors relating to your physical, physiological, genetic, mental, economic, cultural or social identity.
Most of the personal data we process is provided to us directly by you, for example when you:
- make an enquiry about our services through social media, our website, by telephone or email
- book or change an appointment with us
- attend an appointment
- provide us with feedback
- purchase our products, treatments or services
- sign up to receive information about our services, special offers and promotions (subscribers)
We may also collect personal information about you indirectly, for example through:
- friend referrals
- your use of our website
What information we collect and why
Enquiries
When you contact us to enquire about our products or services, we may ask for your name, email address, telephone number and the nature of your enquiry. We need to collect this information so we can respond to your enquiry and keep a record of our communications with you.
Booking an appointment
When you book an appointment with us, you will be asked to provide your name, email address, date of birth and details of the treatment or procedure you want to receive. We need this information so we can arrange the appointment for you, send you appointment reminders and verify your age.
Our EnquiryBot on our website allows you to make enquiries and book appointments at any time of day. When engaging with our EnquiryBot, as (in some circumstances) it allows you to write your responses, we ask that you limit the information you provide only to that which is necessary to your enquiry or booking.
We do not provide aesthetic treatments or procedures to children under 18 years old. Clients who are under 25 years old may be asked to verify their age when they attend the clinic by showing identification, such as their driver’s licence, birth certificate or passport. These documents will only be viewed by our clinicians for age verification purposes; we will not take a copy of or store this information.
Children under the age of 18 are not permitted on our premises without an accompanying parent or guardian. Clients who allow their children to accompany them to appointments remain responsible for their children at all times and HAVA Aesthetics assumes no responsibility for their care.
New clients will receive £50 credit towards an injectable treatment of their choice. For more information about the treatments included within this promotion please contact us at: info@havaaesthetics.com
When booking your appointment, you are asked to pay a £50 deposit, which is redeemable against your consultation or treatment fee. We do not receive or store your card payment details. All payments online and in clinic are made through our client management system, Pabau using Stripe Payments Europe Limited (SPEL). For more information on our data processors, please see ‘Who we share information with’ below.
If you need to cancel or reschedule your appointment, please contact us at your earliest convenience. Clients who notify us that they wish to cancel or reschedule their appointment more than 48 hours in advance of the scheduled appointment time will receive a full refund of their deposit.
Deposit refunds for appointments that have been cancelled or rescheduled within 48 hours of the scheduled appointment time will be made at the discretion of HAVA Aesthetics and cannot be guaranteed.
Clients who do not attend their appointment and fail to notify us in advance will not receive a refund of their deposit. Should a client wish to make a booking following a forfeited deposit, they will be required to pay a new £50 deposit to secure the new booking.
Attending an appointment
Health and medical questionnaires
Prior to your appointment, you will be required to complete a health and medical questionnaire. We need to know about your health and medical history so we can assess the suitability of your treatment or procedure, tailor it to meet your specific health and wellbeing needs and delivery it safely. Should you choose to visit us for the same treatment more than once, you will be required to complete the health and medical questionnaire at your first visit and asked to confirm that the information provided is still accurate at each subsequent visit. Treatment may be refused if it is not considered to be in your best interests to proceed. Failure to provide health and medical information may result in your treatment or procedure being cancelled, as we cannot perform these services without this information.
Our clinics
HAVA Aesthetics operate out of three different clinic venue locations; Health Village Esher 13-17 Church Street (Esher, Surrey, KT10 8QS); and 2 Harley Street (Marylebone, London, W1G 9PA). Depending on your chosen location, we may share your name and appointment time with the venue reception team. This allows them to verify that you are authorised to be in the building and inform us that you have arrived. HAVA Aesthetics is not responsible for the management of the clinic venues; you are advised to read the venue’s privacy notice if you have queries regarding their data handling practices. Please note, for safety and hygiene purposes we do not allow animals or pets within our clinics.
Consent to treatment
Before commencing any treatment or medical procedures, we will ask you to sign a form to indicate you give explicit consent for the treatment or procedure to take place. You have the right to withdraw your consent and stop your treatment or procedure at any point during your appointment, just let your clinician know.
Photographs and videos
We sometimes take photographs and videos of clients before, during and after treatments and procedures, to show them their great results and to enable us to evidence, train, evaluate and where necessary further enhance the effectiveness of our treatments and services.
We are proud of the results we achieve through our treatments and may ask for your permission to display your before and after photographs and/or videos within our promotional materials or on our social media channels. We respect your right to privacy and understand that you may not be comfortable with sharing your image publicly. Where we would like to share your before and after photographs within our promotional material or on our social media channels, we will ask for your explicit consent before using them.
After your appointment
Purchases
During your appointment you may choose to take advantage of the medical-grade skincare products we are able to prescribe and order on your behalf. Should you choose to make a purchase, we will also collect your name, payment details and postal address so we can arrange delivery of your order.
Feedback
After your visit in clinic, we will contact you by email to thank you for attending and to ask for feedback about your client experience. This information is really useful to us so we can evaluate (and hopefully celebrate!) our services and continue to improve our client experience. Your feedback may be shared with the clinician working with you for their own personal development and any specific requests you make for future treatments or procedures, may be added to your file so we can tailor your next appointment accordingly.
Aftercare instructions
Following your appointment, we will email you aftercare instructions for you to follow during the timeframe immediately after your treatment. This is to ensure that you do not engage in any activity that could impact the final result of your treatment. Providing you with a copy via email allows you to revisit the guidance at your convenience.
Client file
Your client file includes the information that we hold that relates to you. We store your name, and the contact details you have shared with us as well as a record of the communications that take place between us and you. Your client file also contains information relating to your treatment/s including the answers you provide to our health and medical questionnaires, copies of the consent you have provided to receive your treatment/s, details of the treatment given, and your before and after photographs. To provide you with a more personalised experience, we also make a note of any other information we deem relevant to your treatment or client experience.
Friend referrals
We sometimes run promotions to encourage clients to refer our services to their friends. Clients are required to provide their friend’s name so that we may recognise them when they make a booking. Clients who refer friends are eligible to receive a promotional discount on their first treatment after their friend has attended a consultation or appointment. Clients who refer multiple friends may take advantage of this promotion for each friend that they refer. Clients who are referred to us via our friend referral promotion are also entitled to receive a promotional discount on their first treatment. Only one promotional discount may be used per treatment. Contact us for further details about our promotions and exclusive offers at info@havaaesthetics.com
Using our website
When you visit our website, simple Cookies are used to help you navigate around our site and to tell us how well our website is performing. Cookies are small text files placed on the devices of visitors to websites. They are used to enhance the visitor’s experience and to allow us and other third parties to understand more about how the website is being used. For more information on how we use cookies and similar technologies, please view our Cookie Policy.
Subscribers
HAVA Aesthetics may use your email address, postal address or telephone number to send you information about our special offers, promotions, products or services. We will only send these marketing communications to you if you have consented (opted-in) to us using your contact details for these purposes. You can stop receiving these communications at any time by clicking the ‘unsubscribe’ link within the email or emailing us at info@havaaesthetics.com
Who we share information with
We respect your privacy and confidentiality and will not share your personal data with third parties, unless you have consented to this; the recipient is a trusted partner working on our behalf (a data processor); or the UK laws allow us to.
Where we use ‘data processors’ to help us manage and store our client data, we have Data Processing Agreements in place to protect any personal data they may have access to on our behalf. To find out who are data processors are, see section ‘Where we store your data’.
Our data processors only act on our instructions and are carefully selected to ensure they have robust security measures in place and comply with the UK data protection legislation when processing personal data.
There may be times when we need to disclose personal data to other data controllers, for example:
- In the event that we sell our company or its assets.
- If you provide us with your consent.
- If we are under a duty to disclose your personal data, for example in response to a court order, request from law enforcement agencies or where we consider sharing to be in your vital interests.
- To enforce or apply our terms and conditions and other agreements.
- To protect the rights, property, or safety of our company and its employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
We will never sell your personal data or share it in ways you would not reasonably expect.
Our lawful basis and data retention
Personal data
When we collect, use and retain personal data, the data protection laws require us to have a valid lawful basis for doing so. These are set out in Article 6 of the UK GDPR and relate to consent; contracts; legal obligations; vital interests; public tasks and legitimate interests. When we process more sensitive information (Special Category Data) such as health information, we are required to have additional lawful bases to handle that information. These are set out in Article 9 of the UK GDPR.
The below outlines which lawful bases we rely on when we process your personal data and Special Category Data (health data) and how long we keep your information for:
Categories of data: General enquiries: Name, email address, telephone number, nature of the enquiry
Lawful bases: Legitimate Interests (Article 6(1)(f))
Retention period: 1 Year for enquiries made that do not lead to a client consultation or treatment. Where an enquiry leads to a consultation or treatment, the enquiry information will form part of your client file and will be held for 8 years after your last treatment.
Categories of data: Appointment bookings: Name, email address, date of birth, treatment/procedure or area of concern
Lawful bases: Legitimate Interests (Article 6(1)(f))
Retention period: 8 years after your last treatment.
Categories of data: Attending an appointment: Health and medical questionnaire
Lawful bases: Contract (Article 6(1)(b)) Defence of Legal Claims (Article 9(2)(f))
Retention period: 8 years after your last treatment.
Categories of data: Photographs and video images before, during and after treatment/procedures for clinical purposes
Lawful bases: Legitimate Interests (Article 6(1)(f)) Defence of legal claims (Article 9(2)(f))
Retention period: 8 years after your last treatment.
Categories of data: Photographs and video images before, during and after treatment/procedures for promotional purposes (where client is identifiable)
Lawful bases: Consent (Article 6(1)(a)) Explicit Consent (Article 9(2)(a))
Retention period: Duration of our business operations or until consent is withdrawn.
Categories of data: After appointments: Purchase information, address and payment details
Lawful bases: Legitimate Interests (Article 6(1)(f))
Retention period: 8 years after your last treatment.
Categories of data: Feedback emails
Lawful bases: Legitimate Interests (Article 6(1)(f))
Retention period: Duration of our business operations.
Categories of data: Aftercare instructions
Lawful bases: Contract (Article 6(1)(b))
Retention period: 8 years after your last treatment.
Categories of data: Client file
Lawful bases: Legitimate Interests (Article 6(1)(f)) Defence of legal claims (Article 9(2)(f))
Retention period: 8 years after your last treatment.
Categories of data: Subscribers: Name, email address
Lawful bases: Legitimate Interests (Article 6(1)(f))
Retention period: We keep subscriber data until you unsubscribe; if the email address becomes invalid, or if we no longer believe you want to hear from us. We retain the contact details of those who have unsubscribed indefinitely, so we know not to contact them again.
Categories of data: Friend referrals: Name
Lawful bases: Legitimate Interests (Article 6(1)(f))
Retention period: See ‘Subscribers’
Categories of data: Using our website: Information including referral source, part of the webpage clicked, number of web pages visited and the length of time spent on each page. Please see our Cookie Policy for full details on how we use cookies and tracking technologies.
Lawful bases: Legitimate Interests (Article 6(1)(f))
Retention period: Please see our Cookie Policy for specific retention periods.
Where we store your data
We store your data in the UK or the European Economic Area (EEA), however some of our service providers may store personal data outside these areas. Where this is the case, we have UK International Data Transfer Agreements with these service providers, which ensures they process our data securely and in line with our data protection laws.
We work with the following service providers on a regular basis:
- Pabau (client relationship management (CRM) platform)
All information that you provide to us is securely stored within our CRM system, Pabau. For more information about Pabau please visit www.pabau.com/privacy-policy
- InDesk (remote receptionist agency)
To ensure our clients are able to reach us at a time that is most convenient to them, we use InDesk Remote Receptionists to answer client calls, make bookings on our behalf and contact you if you have requested more information. Emails from our receptionist team will be sent from havaaesthetics@indesk.net. For more information on InDesk please visit www.indesk.site/privacy-policy
During the course of our relationship with InDesk, we will likely collect the name and business contact details of the receptionists representing HAVA Aesthetics. This information will only be used for our legitimate business interests to manage our client enquiries, bookings, feedback, complaints and any other activities that InDesk staff may conduct on behalf of HAVA Aesthetics. We keep this information for the duration of our business operations.
- EnquiryBot (website chatbot)
For a personalised and efficient client experience, our website also operates EnquiryBot, an online chatbot that allows you to find out more about specific treatments, understand the treatments that best suit your concerns and book a consultation at anytime of the day. Information provided to the Enquirybot is passed to our receptionist team (managed by InDesk). For more information about our EnquiryBot please visit www.enquirybot.com/privacy-policy
- Stripe Payments Europe Limited (payment services provider)
We use Stripe Payments Europe Limited to process all payments on our behalf. For more information about SPEL, please visit Privacy Policy (stripe.com)
How we protect your data
We take our security responsibilities very seriously and have put in place robust measures to protect our data and our customers’ personal data from accidental or unlawful access, disclosure, loss, damage or destruction.
Here are some examples of how we achieve this:
- Data is held on encrypted servers in the UK. In the event that personal data is stored outside the UK or EEA, contracts (International Data Transfer Agreements) will be in place to ensure the data is secure and protected in line with the UK GDPR.
- Access to our data and systems is on a strict need to know basis and we ensure our employees and contractors are under an obligation of confidentiality.
- Employees receive mandatory data protection training and sign up to our Data Protection Policy.
- We have robust procedures in place to manage and report personal data security breaches, in the unlikely event of a breach occurring.
- Where we use companies who process personal data on our behalf, we carry out due diligence checks on these companies and have written contracts in place (Data Processing Agreements) which require them to handle personal data in line with the UK data protection laws.
- We use up to date virus and malware protection software, encryption and we back up data regularly.
Your data protection rights
You have the following rights under the data protection laws:
Right to know
You have the right to be told how your personal data is being processed. This privacy notice tells you how we handle your personal data.
Right of access
You have the right to ask us for a copy of your personal data.
Right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure
You have the right to ask us to erase your personal data in certain circumstances.
Right to restriction of processing
You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to object to processing
You have the right to object to us processing your personal data where we consider this is necessary for our legitimate interests or those of a third party.
Right to data portability
You have the right to ask that your personal data is transferred (ported) from us to another organisation or given to you. This applies to information you have given to us where we are processing your information based on your consent or for contractual purposes and the processing is automated.
Right to complain
We work to high standards when it comes to processing your personal data. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office. Further information about your data protection rights, can be found on the Information Commissioner’s Office website at www.ico.org.uk
To exercise these rights, please contact us by emailing info@havaaesthetics.com . You are not usually required to pay a fee and can expect to receive a response within one calendar month. Further information about your data protection rights can be found on the Information Commissioner’s Office website at www.ico.org.uk
Contact us
If you have any queries about this privacy notice or the services we offer, please email us at info@havaaesthetics.com addressing it to the attention of our Data Protection Officer.
Changes to this privacy notice
We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 17 October 2024.
