Privacy Policy
We take your privacy very seriously and treat all your personal information as confidential.
About Sarah Chapman and this Privacy Statement
Sarah Chapman Limited is a company incorporated and registered in England and Wales with company number 05351360 and Sarah Chapman Skinesis Clinic Limited is a company incorporated and registered in England and Wales with company number 06123148 both having their registered office at 2nd Floor, 59 Markham Street, Chelsea, London, United Kingdom, SW3 3NR (referred to in this Statement as “Sarah Chapman”, "we, "us" and "our"). We are a “data controller” for the purposes of the Data Protection Act 1998 and the EU General Data Protection Regulations (GDPR) (i.e. we are responsible for, and control the processing of, your personal information), and we are registered with the ICO in the United Kingdom. A copy of our Certificate of Registration with the ICO is kept at our aforementioned address and is available for public inspection during reasonable business hours.
Controller, Data Subject, Processor and processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processing, processed, and processes shall be construed accordingly) and international organisations shall have the respective meanings given to them in the GDPR;
Sarah Chapman takes the privacy and security of your personal data very seriously. We only capture information from you that we need to deliver our services effectively and to keep in contact with you on the basis necessary to fulfil our obligation or as agreed between us. We will only use your personal data for any purpose that is necessary to fulfil our commitments to you, or comply with regulation or to fulfil an activity that you have consented to participate in.
At Sarah Chapman we identify two types of customer when visiting our Website or Clinic in regards to the use, storage and deletion of personal Data. These are:
◦ An Account Holder: Someone who has registered for an Account and/or has attended our Clinic and chosen to provide or save basic information about themselves to facilitate an enhanced customer experience based on our knowledge of you
◦ A Guest User: Someone who purchases products or registers for communications but does not create an Account.
If you would like to understand what personal information is collected on our Website when purchasing products or registering for an account or email newsletter, or, when shopping in our stores (including how it is captured and subsequently used to ensure a great service for you), please read below:
At Sarah Chapman we believe it is important to share with you why we capture some data about you and the circumstances when we might be required to share it with third parties to deliver our services and comply with regulations.
Once we have your data, if at any time you wish to change your communication preferences please email privacy@sarahchapman.com. If you require information on any of your rights in regards to the use of your Personal Data please see the section ‘Your Rights’ towards the end of this document.
We will at all times seek to comply with the requirements of the UK Data Protection Act, 1998 (the "Act") and the EU General Data Protection Regulation (GDPR) in respect of all data that we collect from you. We also commit to adhering to any applicable laws and regulations to ensure that your personal information given to us is kept appropriately secure and is processed lawfully.
By visiting and using the www.sarahchapman.com website (“Website”) or by visiting another Sarah Chapman clinic or retail location (“Clinic”) for the purchase or sampling of products or for interacting with our content and/or clinic services, you are acknowledging the practices in relation to the use and disclosure of your personal information, where captured, described in this Privacy Policy and our Terms and Conditions.
If you are considered to be a minor in your country of residence, please obtain your parent's or guardian's consent before providing us with any personal information.
-
DATA COLLECTION AND HOW WE USE IT
When you create an account with us (whether online or in-store), place an order, interact with our digital content on your computer or mobile device, sign up to email newsletters, book and or attend a clinic session, call customer care, or send us an enquiry, we will collect certain personal information from you necessary to perform our services. Please select from the different sections of this Privacy Statement to learn more about what personal information we collect and what we use it for.
1. Personal details, ‘My Account’ management
2. Marketing communication & preferences
3. Personalised experience
4. Information about your device
5. Location information
6. How we will use your personal information
7. Communication preferences
8. Contact with Sarah Chapman Customer Care1. Personal details, ‘My Account’ management
We will collect personal data from you and you can view this in the ‘My Account’ section. This may include your name, postal address, billing address, phone numbers, e-mail address, payment information.
We may also obtain information about you as a result of authentication or identity checks (for example in connection with our standard fraud checks when you make a purchase on our Website). We use this information to identify you as a customer, to process your order, to enable us to deliver products and services, to process payments, to update our records, and to generally manage your account with us.
To fulfil our services to you we may also use third party services as Data Processors to provide elements of our overall service such as couriers for delivery of parcels and payment service providers for taking and approving payment.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Website such as ‘My Account’, you must keep this password confidential. Please never share your password with anyone. No one from Sarah Chapman will ever ask you to disclose it.
If you have an online customer account, you can amend or update your personal information by logging into the ‘My Account’ section on our Website and amending your details as appropriate. This can include your contact and delivery information.
If you have created a customer account in-store, you can amend or update your information by visiting a store and speaking to one of our sales associates, or by contacting our Customer Care Team at privacy@sarahchapman.com.
2. Marketing communication & preferences
Sarah Chapman complies with the e-Privacy Directive 2002. We would like to send you information by email or post about products, services, competitions, sales and special offers which may be of interest to you. There are several ways you can consent to our marketing: you can give consent in our retail stores by ticking the boxes on our registration forms or by contacting our Customer Services team by email at privacy@sarahchapman.com.
If you have consented to marketing communication, by opting in, we will send you marketing messages until you specify otherwise by contacting our Customer Care team by email at privacy@sarahchapman.com.
You can opt out at any time and from specific methods of marketing. Please see the ‘How do I unsubscribe from communication?’ section below. Alternatively, you can email privacy@sarahchapman.com.
3. Personalised experience
In order to offer you a personalised and relevant experience on our Websites, Clinic, and sales portals, we may collect information about the products you purchase, where you purchased the products from (online, telephone, social media), other information related to your purchases, and personal information and history related to a treatment or consultation you booked at our Clinic.
The personal data we use may include:
Your name, address and contact details, including email address and home and mobile telephone numbers. If you provide these details, we may use them to contact you unless you ask us not to. This could include emails, text or voicemail messages;
Date of birth and gender;
Your previous and current medical health records whether provided by Sarah Chapman or other third parties;
The terms and conditions of your contract with us for the provision of clinic and related services;
We will take a swipe of your debit or credit card. We will let you know if we intend to take a payment from this card before we do so;
Information about your marital status, next of kin, dependants nominated and/or emergency contacts;
Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
Information received in response to any surveys, complaints claims;
Equal opportunity monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief; and
Information about how you use our website or Clinic services.
This data may also include visual images, personal appearance and behavior e.g. where CCTV is used as part of our building security measures.
Sarah Chapman may collect this information in a variety of ways. For example, data might be collected through Registration and Consent forms; obtained from your identity documents such as your driving licence; from pre-admission forms, online web forms completed by you at the start of your treatment; from correspondence with you; through our registration process or through interviews, consultations, meetings or other assessments.
In some cases, the organisation may collect personal data about you from third parties, such as insurer providers, referral agencies, sponsors, checks permitted by law.
You can opt out of a personalised experience at any time by emailing privacy@sarahchapman.com.
4. Information about your device
We may also collect information on how you access our digital content and services and the type of device and internet browser you are using. This includes information relating to your device type, your IP address and your visit source (i.e. a website from which you visited our Website). This information helps us ensure we are able to provide effective technical services to enable you to access the right content from where you are located in a format appropriate to the device you are using and to troubleshoot any issues you may have if you report them to us.
For information about cookies and other technologies which are used on our Website, please see our Cookie Policy.
5. Location information
We are using your active location information (i.e. that relating to your mobile phone physical location or the IP address from which you access our Website) to ensure you are directed to the relevant Website for the country you are residing in to ensure the right currency and options are presented to you.
6. How we use your personal information
We will use your personal information only with the intent to deliver the services you request (such as to fulfil an order or undertake a Clinic session) and to understand you better and enhance your experience with Sarah Chapman. By analysing and monitoring your personal data we can be more relevant with our marketing and communication.
We will process your personal data under Article 6 (1)b; Article 9 (2)h of the General Data Protection Regulations:
To support the provision of your care within our Clinic;
To decide how best to provide treatment to you;
As necessary to support our contract with you and to allow us to receive full payment for those services;
To take steps at your request during the course of your treatment;
To keep your records up to date;
We will process your personal data under Article 6 (1) f of the General Data Protection Regulations:
As necessary for our own legitimate interests or those of other persons and organisations;
For good governance, accounting, and managing and auditing our clinical and business operations both internally and by third parties;
For surveys of customer experience and quality of care;
To monitor emails, calls, other communications, and activities on Sarah Chapman networks and systems;
For market research, other surveys and analysis and developing statistics for improving clinical performance; and
As necessary to comply with a legal obligation:
When you exercise your rights under data protection law and make requests;
For compliance with legal and regulatory requirements and related disclosures;
For establishment and defence of legal rights;
For activities relating to the prevention, detection and investigation of crime;
To verify your identity, make credit fraud prevention and anti-money laundering checks; and
To investigate complaints, legal claims and data protection or clinical incidents.
Based on your consent:
With your next of kin or other nominated contact;
If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures;
With third parties including pharmaceutical companies and academic institutions and other research bodies for scientific research;
When we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
You are free at any time to change your mind and withdraw your consent. We will advise you if the consequence of doing so is that we cannot continue to provide full Clinic services to you.
You can opt out at any time and from specific methods of marketing. Please see the ‘How do I unsubscribe from communication?’ section below. Alternatively, you can email privacy@sarahchapman.com.
7. Communication preferences
If you have consented to receiving promotional information or updates from Sarah Chapman, we will contact you with information about our products, events, promotions and services by post or by e-mail. Occasionally we may get in touch to request feedback on our services and products, in order to improve your experience.
You can opt out at any time and from specific methods of marketing. Please see the ‘How do I unsubscribe from communication?’ section below. Alternatively, you can email privacy@sarahchapman.com.
8. Communication with Sarah Chapman Limited
If you wish to discuss any privacy issue with us please email privacy@sarahchapman.com. Where available, please note that our Customer Care team may record details from any telephone call, in order to enable us to better service our customers, and that calls may be recorded. If you contact us via our Website using our live chat service (where available) we will store the conversations for 13 months in order to ensure a high level of customer service in terms of understanding any issues you may have faced with ordering from our Website.
-
HOW DO I UNSUBSCRIBE FROM COMMUNICATION?
You can opt out of marketing communication such as email newsletters and catalogues at any time. You can do that either as indicated in the particular communication, e.g. by using the unsubscribe link which is included on all email updates.
If you choose to opt out of marketing emails, this can take up to one week for the change to flow through our systems. Even if you have opted out of emails we will continue to send you transactional emails about your purchases or requesting feedback on products purchased. You can also unsubscribe from product and store review emails by clicking on the unsubscribe link within these emails.
Please remember, if you do ‘opt out' of receiving this information you are more likely to miss out on offers and rewards.
If you no longer wish to receive catalogues you can unsubscribe by contacting Customer Care by email privacy@sarahchapman.com. This will take 8 weeks to flow through the system.
Please see ‘Your Rights’ section below. Alternatively, you can email privacy@sarahchapman.com.
-
YOUR PERSONAL INFORMATION AND RETENTION
We will only keep your information as long as you have an account with us and for 5 years after your last purchase or otherwise as required for our business operations records or by law. If you are a guest user, we will only keep your information for 24 months after your order has been fulfilled or otherwise as required for our business operations records or by law. This information will be kept secure at all times and only used for the legitimate purpose for which we require it or that you have consented to. After the stated period of time expires, we will anonymise all of your personal data, however some order information will be stored as an unknown customer.
Where information is entered but not completed, such as in adding items to your shopping basket but not completing checkout, we will delete this data after 30 days for a Guest User and 60 days for an Account Holder.
-
COOKIES AND HOW WE USE THEM
We use cookies, local storage and other similar technologies which may place codes on or access information from and/or about your device to elevate your user experience and the quality of our Website and service. This includes remembering what you have added to your basket, your wish list and what you have browsed. We will also recognise you when you visit our Website and where you have visited from.
-
OTHER PEOPLE WHO MIGHT USE YOUR INFORMATION
In certain circumstances we may share your information between Sarah Chapman Limited and Sarah Chapman Skinesis Clinic Limited and with carefully selected partners or service providers who perform functions as a Data Processor on our behalf such as creating an account, fulfilling orders, processing payments, fraud risk management, and carrying out promotional services or data management. We may also share aggregated or anonymised information that does not directly identify you. At times where we disclose your information we will take all reasonable steps, including confirming our third parties are GDPR compliant, to ensure your data remains secure.
Service Partners who are Data Processors
We may share information about you with companies we have chosen to handle our order dispatch service, any delivery company that we may use from time to time and with other companies that provide support services to us, including website hosting companies. We may also share your information with other companies who assist Sarah Chapman in promoting our products and services in order to provide you with enhanced customer services and/or share information about Sarah Chapman products and services with you. In addition, we may also share certain limited information with companies who assist Sarah Chapman with other services, for example, in analysing our customer data in order to better understand, profile and monitor customer patterns so we can consistently improve our products and services and understand what may be of interest to you and other customers. In each case, we will only provide these companies with the information which they need to carry out their services. They will not be permitted to use the information for other purposes and will be bound by the same duty of care regarding data privacy. They will only be allowed to use your information in the way in which we instruct them and as permitted by the Data Protection Act or the GDPR.
Financial institutions and payment processing partners
Payments on our Website are made through our payment solutions providers. You will be providing credit or debit card information direct to our providers who process payment details in a secure manner.
Legal disclosures
In certain circumstances we may disclose personal information relating to you to third parties in order to conform to any requirements of law, to comply with any legal process, for the purposes of obtaining legal advice, for the purposes of credit risk reduction, to prevent and detect fraud and/or to protect and defend the rights and property of Sarah Chapman.
Business or process change partners
In the event that we or a part of our business undergo re-organisation or are sold to a third party, any personal information we hold about you may be transferred and/or disclosed to that re-organised entity or third party.
Overseas transfers of data
The personal information that you provide through our Website is processed within the European Economic Area (EEA), and our servers are based in the United Kingdom We may transfer information that we collect from you to other companies who assist Sarah Chapman in promoting its products and services and to selected service providers/Data Processors who perform functions on our behalf, based in countries outside of the EEA or your country of residence and this information may be stored and processed in such countries. We comply with the GDPR principles for processing outside of the EEA. Whether the personal information you provide to us is processed by us or our affiliated companies or services providers within the EEA or outside of it, we will take steps to ensure that your personal information will be afforded the same level of protection required of us under and in accordance with this Privacy Statement and applicable data protection laws and in accordance with current legally recognised data transfer mechanisms.
-
THIRD PARTY LINKS
Our Website may from time to time contain links to other websites not controlled by us. You will know when the link is taking you to another website as a new window will pop up. Whilst we try to ensure all third-party links are to websites which are GDPR compliant, we cannot guarantee this is always the case. If you click on any of the links to such websites from our Website, you should review that website’s privacy statements or policies and terms and conditions carefully as your use of those websites may be subject to them.
-
SECURITY STATEMENT
Although we use secure technology to protect your personal data when we have received it, we cannot guarantee the security of your data whilst being submitted to us and any transmission is at your own risk. We use industry security features to prevent unauthorised access wherever possible. Personal information provided to Sarah Chapman via our Website and online credit card transactions is transmitted through a secure server using Secure Socket Layering (SSL), encryption technology. When the letters "http" in the URL change to "https," the "s" indicates you are in a secure area employing SSL; also, your browser may give you a pop-up message that you are about to enter a secure area or display a padlock image.
Our Website uses this encryption technology to protect your information during data transport. SSL encrypts ordering information such as your name, address and credit card number. Our Customer Care team and stores also operate over a private, secure network. Please note that e-mail and correspondence via our live chat service is not encrypted and is not considered to be a secure means of transmitting personal data and credit card information.
Sarah Chapman shall at all times maintain appropriate physical, electronic, managerial and organisational measures to safeguard and secure Personal Data against accidental, unauthorised or unlawful loss, unauthorised modification, disclosure or access that is determined to be appropriate to the risk. All our employees and data processors who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our services.
Personal Data stored about you is held securely with appropriate measures in place to reduce the risk of a malicious attempt to access or misuse your data. We will delete your data when we have no further legitimate use for it in line with our storage policy.
-
YOUR RIGHTS
You have the following rights in respect of the information we hold about you:
The right to request a copy of your information which we hold. If you would like a copy of some or all of it please:
◦ Email privacy@sarahchapman.com
◦ Let us know what information you want
◦ We may ask you for personal information to verify your identity
The right to correct any mistakes in your information. If you would like us to do this please:
◦ Email privacy@sarahchapman.com
◦ Let us have information to identify you (e.g. email address)
◦ Let us know what information is incorrect and what it should be replaced with
In certain circumstances, the right to delete your information. If you would like us to do this please email privacy@sarahchapman.com.
In certain circumstances, the right to restrict the processing of your information. If you would like us to do this or would like more information please email privacy@sarahchapman.com.
In specific circumstances, the right to object to certain types of processing. If you would like us to do this or you would like more information please email privacy@sarahchapman.com.
The right to change your preferences and communication at any time. If you would like us to do this or would like more information please email privacy@sarahchapman.com.
It may take up to eight weeks to ensure your request to invoke any of your rights is fully actioned. Sarah Chapman reserves the right to charge a reasonable administration fee to cover the cost of fulfilling a request to exercise any of these rights. Any fee applicable to the performance of an action will be advised to you at the point of making a request. -
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. The amended Privacy Policy will be posted on our Website. Please check this page regularly for changes to this Privacy Policy.
-
CONTACTING SARAH CHAPMAN
If you have any questions about the way in which your information is being collected or used which are not answered by this Privacy Policy and/or any complaints please contact us by email: privacy@sarahchapman.com.
If you prefer you can also write to us via snail mail at: Data Controller, Sarah Chapman Limited, 2nd Floor, 59 Markham Street, Chelsea, London, United Kingdom, SW3 3NR
You can pick up a hardcopy of this Privacy Notice from reception at our Clinic.