This is the website of FACE. We are an advanced aesthetic skin clinic based in Castlebar, Co Mayo.
The purpose of this policy is to inform you of the personal data relating to you that we collect and use in connection with this website and to help you to understand how this data is used including any disclosures to third parties.
By using this website, you signify your express acceptance of this document. We are not responsible for the content or privacy practices of other websites.
This policy relates to personal data collected when you visit, book an appointment, purchase a product or gift voucher, or sign up to and top up your savings club account. For information about other relevant data protection policies and how we process personal data when you visit our clinic, please get in touch by emailing us at [email protected]. You can also send your request in writing to our Data Protection Manager at FACE, 5 Upper Chapel Street, Castlebar, County Mayo, Ireland.
FACE ‘we’ are the Data Controller for personal data we collect and use about you in connection with your visit to this website.
We take our responsibilities under applicable data protection law, including the EU General Data Protection Regulation (GDPR) 2016/679, the Data Protection Acts 1988- 2018 and ePrivacy Regulations S.I. 336/2011, very seriously. Any personal data which you volunteer to FACE will be treated strictly in accordance with such laws. We are committed to protecting the privacy of all who make contact with us through this website and take our responsibility regarding the security of our customers data very seriously.
Where data is submitted it will be used for the stated purpose and any reasonably incidental purposes only. We will be clear and transparent about the data we are collecting and what we do with that data. We do not sell or distribute your personal data to third parties for purposes of allowing them to market products and services to you.
Communicating via the internet and sending data to you by other means necessarily involves your personal data passing through or being handled by third parties.
Collection & Use of Personal Data
We may collect data which you volunteer for example by visiting this website, booking an appointment with us, buying a gift voucher or product, signing up to or topping up your savings plan. Such personal data can include name, telephone, email, delivery address, payment details, amount paid, summary balance, query/complaint and booking details, username & password
Sensitive Data & Consent
In general, we will only ask health data (which we refer to as sensitive, or special category data) when you come in for your consultation to highlight potential treatments or products that may have a negative effect on your health. Protecting your personal data is very important to us and we will only use this data for the purpose stated. We will always ask for your consent when we process such sensitive data. If after you provide your consent, you change your mind, you can withdraw your consent at any time by contacting us at [email protected].
Children’s Personal Data
We do not expect to collect children’s data. If we unknowingly collect the data of persons under the age of 16 without their parents or guardian’s consent, we will delete it as soon as possible.
Data you provide to us
You have an opportunity to send us data via this website, such as through the “contact us” page. You may also choose to provide us with your personal data (e.g., name, e-mail, and personal message) in an e-mail message to the address listed on our site. We use these details solely for the purpose for which you provided them (e.g., responding to your query, handling complaints).
Setting up an Account
If you decide to register for an account, we will require your name, email address, phone number and a password to sign up for this service. This will allow you to book appointments and set up a savings plan with us in the future. Our system will store your username. Your password will be unique to you.
Booking an Appointment
To book an appointment through our website you must log into your account using your username or email address and password. You will need to choose a treatment, phone review, date and time for your appointment.
We will send you service based messages to confirm and remind you of your booking.
Buying a product or gift voucher
If you decide to make a purchase through our website this will be facilitated through the Stripe payment system. We will require your payment data, name and delivery details. We use this data to fulfil your order and you will receive confirmation of your order to the details you provide. We do not store your credit / debit card details.
Topping up your savings plan
If you decide to top up your savings plan this will be facilitated through the Stripe payment system. We will require your payment data and name. We use this data to top up your account and you will receive confirmation of your request and amount added to your plan. We do not store your credit / debit card details.
Statistics (Data) we collect
For general web-browsing certain statistical data is available to us via our internet service provider. This data may include the IP and logical address of the server you are using, the top-level domain name from which you access the internet (for example .ie, .com, etc.), the type of browser you are using, the date and time you access our site and the internet address linking to our site. We may also use temporary “session” cookies which enable a visitor’s web browser to remember which pages on this website have already been visited. This data may be used to help us to improve, administer and diagnose problems with our server and website.
Marketing & Promotion
We may use your data to contact you with special offers where you have given us permission to do so. You can withdraw your consent at any time by emailing us or by using the unsubscribe link on the marketing email.
Depending on the specific circumstance, the lawful bases on which we process your personal data are:
Consent: We will only process your data for marketing purposes with your consent. (e.g., where you have given us permission to contact you). For processing activities for which we rely on consent as a lawful basis, you have the right to withdraw that consent at any time.
Legitimate Interest: we will process personal data for the legitimate interests pursued by us. (e.g., where we communicate with you by post about events that may be relevant to you). For processing activities for which we rely on legitimate interest, you have the right to opt out at any time.
Legal Obligation: we will process personal data where it is necessary for compliance with our legal obligations (e.g., All or some of this data listed above may be used by us to comply with our legal obligations under tax, insurance and accounting)
Contract: where processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (e.g., where you purchase a product gift voucher or top your savings account).
Certain types of sensitive personal data are subject to additional protection under the GDPR. Where we process special category of data, we will always have an Article 9 lawful bases under GDPR for doing so.
- For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
- For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.
You have the right to request
- A copy of data we hold about you (Right of Access)
- That any error in data we hold about you is corrected (Right of Rectification)
- That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it (Right of Erasure)
- That we refrain from processing data for a specific purpose (Right to Restrict processing)
- A copy of the data in a structured, commonly used and machine-readable form to enable you to reuse your personal data for your own purposes across different services (Right of Data Portability)
- You have the right to complain to the Irish Data Protection Commission (www.dataprotection.ie ) and to seek compensation through the courts
We will accede to any such valid requests within 30 calendar days of the receipt of a valid request in writing.
Please send all requests to the Data Protection Manager. You can email us at [email protected] or send your request in writing to our Data Protection Manager at FACE, 5 Upper Chapel Street, Castlebar, County Mayo, Ireland.
We reserve the right to request you to provide additional data in order to enable us to identify your personal data and/or to verify your identity.
Sharing Your Data
We do not share your data with third parties other than as set out in this policy. We may share your data in the following circumstances:
- Software Companies, where we engage with an organisation to purchase software to run on our systems so as to improve the way we do business and in turn improve the customer experience. (e.g., online booking software; Phorest).
- Delivery company, so as to deliver the product your ordered online.
- Payment processors such as Stripe to enable us to process payments securely.
- Marketing companies so to help us run our business and get in touch with you and to process your enquiry via our website.
- Business [Transfer]: Where some or all of our company and/or its assets may potentially be or have been acquired, we may need to transfer your personal data to the new or prospective owners.
In circumstances where you have given us consent, we will share your data with a third party where you have allowed us to do so.
Where we store personal data
We generally store personal data on servers located inside the European Economic Area. However, in certain cases it may be necessary for us to transfer certain data to servers located outside of the EU. It is important to be aware that the privacy protections in certain jurisdictions may not be equivalent to those in Europe. We only transfer your data outside the EEA where it is permitted by law and ensuring that it is subject to appropriate protections such as an adequacy agreement, a standard contractual clause or a derogation (i.e., explicit consent) under specific circumstances.
We will retain your personal data for as long as we need it for the purposes described above, or to comply with our obligations under applicable law and, if required, to deal with any claim or dispute that might arise between you and us. We will not hold your personal data for any longer than is necessary.
Security & Confidentiality
We take our responsibilities in terms of security & confidentiality seriously, employing the most appropriate physical and technical measures. We review our related policies regularly. Our staff also receive regular training in data protection
Governing Law and Jurisdiction
This statement and all issues regarding this website are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.
Changes to this policy