Who are we?

RE:NU Clinic is a family run business, founded by a mother and two of her daughters, each expert clinicians in their own right.  Exploring their combined passion for allowing clients to have choice over their appearance, we firmly believe that everyone deserves to feel beautiful, and here we make it our mission to help you look and feel like the best possible version of yourself.  We believe that everyone is unique which is why we never offer a ‘one size fits all’ treatment plan. 

 

Cookie and analytical data

RE:NU Clinic does not capture any cookie or analytical data from their website.

What personal information do we collect and why do we do it?

Unless otherwise stated, the information we process is in relation to our employees, associates and clients only. This information is provided directly to us by the data subject with their permission. We hold no other personal information.

 

Purpose this information is held, processed, used and disclosed

· To maintain client records for the purposes of communication and also records of treatment and medical records to the extent required for the most effective provision of our clinical services.

· To maintain our accounts and records to support and manage our employees and shareholders.

· To carry out obligations arising from any contracts entered into between you as the associate and us.

· In order to comply with any applicable law and regulatory requirements

· Where data is contractually required for processing, RE;NU Clinic may processes data without consent in order to fulfil contractual obligations (bank details to process salary)

 

Our legal basis for processing for the personal data

We shall ensure that processing remains lawful to the extent that:

· The data subject has given consent to process their data for specific purposes detailed above

· The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

 

Consent

Where our processing is based on consent, our controller shall be able to demonstrate that the data subject has consented to the processing of their personal and special category data.

Consent is required for us to process both personal and special category data, but it must be explicitly given. Where we are asking you for special category data we will always tell you why and how the information will be used and stored.

By consenting to this privacy policy, you are giving us permission to process your personal data specifically for the purposes identified.

You may withdraw consent at any time by contacting our Data Protection Officer and stating:

“I, [data subject name], withdraw my consent to process my personal data from RE;NU Clinic. RE:NU Clinic no longer has my consent to process my personal data for the purpose of [specify legitimate reason of processing personal data], which was previously granted”.

Once received we shall adhere to the data protection requirements and cease processing your information in line with Article 6, 1 a-f of the lawfulness of processing principle.

Where there is a contractual obligation to process personal information all data processing is carried out in accordance with the handling requirements detailed within each specific contract, with deletion and return of personal data captured as part of the contract.

 

Disclosure

RE:NU Clinic WILL NOT pass on your personal data to any third parties without first obtaining your consent.

 

Retention period

We implement a Retention, Review and Disposal (RRD) process for all our information not just personal data, with Information Asset Owners (IAO) consulted with regards to suitable retention periods for information assets.

For the purpose of process personal data, the following applies:

· Our staff/employees, and any contracted associates, data we will be retained during the term of their employment and for 7 years thereafter.

· Client personal and medical data will be retained during the term of ongoing treatment or consultancy and for 7 years thereafter.

· For information provided as part of the “leave us a message” contact/customer information, the request of name, email, phone and message are only retained to allow a response to the data subject.  This information is only retained for a maximum of 30 days and then removed from the RE:NU Clinic system.

If there is a business requirement to retain the “leave a message” information, i.e. services are requested and/or a contract agreed, then the information will be retained and agreed as part of that contract.

At the end of the agreed retention period your information will be securely and confidentially destroyed.

Where there is contractual obligation to process personal information, the retention period of this information will be in line with the contract specification. All personal information will be deleted or returned as per the requirements captured within each contract.

 

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or access in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need to know. They will only process your information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breaches and will notify you and any applicable regulator where we are legally required to do so.

 

Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

· Right of access – you have the right to request a copy of the information that we hold about you.

· Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

· Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.

· Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

· Right of portability – you have the right to have the data we hold about you transferred to another organisation.

· Right to object – you have the right to object to certain types of processing such as direct marketing.

· Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

· Right to judicial review: in the event that RE:NU Clinic refused your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the complaints clause below.

 

Complaints or concerns

If you wish to exercise your rights or raise a complaint or have any concerns with the way we have handled your personal data, you can contact us through:

RE:NU Clinic Data Protection Officer
Unit 14, Henstead Arts and Crafts Centre, 
Henstead, Suffolk, NR34 7LG

 

Email:  info@renu-clinic.com

 

In addition, if you are not satisfied with our response or any of our data protection activities, you can make a complaint to the Information Commissioners Office at:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF