Privacy Policy

How we collect, use, and protect your personal information

1. Introduction

Refine SMP ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or use our services.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Personal Information

We collect the following personal information:

  • Name, email address, phone number, date of birth
  • Account credentials (securely hashed passwords)
  • Treatment preferences and medical history (medications, allergies, medical conditions)
  • Consultation photos uploaded by you
  • Communication records and consultation notes
  • Emergency contact information (when provided)
  • Profile updates and edit history

Technical Information

Our website and customer portal automatically collect:

  • IP address, browser type and version
  • Device information and operating system
  • Pages visited and time spent on our website
  • Login times and session information
  • Form interactions and completion rates

Cookies and Tracking

We use cookies for:

  • Essential Cookies: Authentication, security, form submissions
  • Analytics Cookies: Google Analytics (with your consent)
  • Marketing Cookies: Google Ads, Facebook Pixel (with your consent)

Manage Cookie Preferences

3. How We Use Your Information

We use your personal information for the following purposes:

  • Treatment Services: To provide SMP and laser treatments, consultations, and aftercare
  • Communication: To respond to inquiries, book appointments, and provide updates
  • Marketing: To send relevant offers and information (with your consent)
  • Legal Compliance: To meet regulatory requirements and maintain treatment records
  • Website Improvement: To enhance user experience and website functionality

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: For marketing communications and photography
  • Contract: To provide treatments and services you've requested
  • Legal Obligation: To maintain medical records and comply with regulations
  • Legitimate Interest: To improve our services and website functionality

5. Data Sharing and Third Parties

Primary Data Processors

  • Google Firebase: Secure cloud hosting, database, authentication, and file storage
  • Google Analytics: Website usage analytics (with your consent)
  • Google Ads/Facebook: Marketing analytics and advertising (with your consent)

Other Data Sharing

  • Medical Professionals: If referrals or consultations are required
  • Payment Processors: For secure payment processing (when implemented)
  • Legal Authorities: If required by law or to protect our rights
  • Emergency Contacts: In medical emergency situations

Data Protection Measures

  • All data processors are GDPR compliant with signed Data Processing Agreements
  • Data is encrypted in transit and at rest
  • Access controls and authentication required for all data access
  • We never sell your personal data to third parties

6. Data Retention and Automatic Cleanup

Retention Periods

  • Active Accounts: Data retained while account is active
  • Treatment Records: 7 years after last treatment (regulatory requirement)
  • Consultation Photos: 7 years or until deleted by customer
  • Marketing Data: Until consent withdrawn or account deleted
  • Analytics Data: 26 months maximum (Google Analytics)
  • Deleted Accounts: 30 days for recovery, then permanently deleted

Automatic Data Cleanup

  • Inactive accounts (no login for 3+ years) are automatically reviewed for deletion
  • Deleted consultations are permanently removed after 30 days
  • Session data and temporary files are automatically cleaned up
  • Marketing consent expires after 2 years and requires renewal

6a. Data Breach Notification

Our Commitment

In the unlikely event of a data breach affecting your personal data:

  • Immediate Response: We will contain and assess the breach within 24 hours
  • Authority Notification: ICO will be notified within 72 hours if required
  • Customer Notification: You will be notified within 72 hours if high risk to your rights
  • Remedial Action: We will take immediate steps to prevent further unauthorized access

What We Will Tell You

  • Nature of the breach and data involved
  • Likely consequences and potential risks
  • Measures taken to address the breach
  • Recommendations for protecting yourself

Breach Contact: If you suspect a data breach, contact us immediately at security@refine-smp.co.uk

7. Your Rights Under GDPR

Under UK GDPR, you have the following rights, which you can exercise through our Customer Portal:

Self-Service Rights (Customer Portal)

  • Access: View all your personal data in your profile and consultation history
  • Rectification: Edit your profile information, phone number, and date of birth
  • Data Portability: Download all your data in JSON format
  • Consultation Editing: Modify consultation forms within 24 hours of submission
  • Photo Management: Delete individual photos from your consultations
  • Account Deletion: Permanently delete your account and data

Additional Rights

  • Restriction: Request limitation of data processing
  • Objection: Object to marketing communications or analytics
  • Withdraw Consent: Update cookie preferences or marketing opt-out
  • Complaint: Lodge complaints with the Information Commissioner's Office (ICO)

How to Exercise Your Rights

  • Customer Portal: Most rights can be exercised directly at customer-portal.html
  • Email: Contact info@refine-smp.co.uk for assistance
  • Response Time: We respond to requests within 30 days
  • Identity Verification: May be required for security purposes
Access Customer Portal Manage Cookies Withdraw All Consent

To exercise these rights, contact us at info@refine-smp.co.uk

8. Cookies and Tracking

Our website uses cookies to improve your experience. We use:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: To understand website usage (Google Analytics)
  • Marketing Cookies: For targeted advertising (with consent)

You can manage cookie preferences through your browser settings or our Cookie Policy.

9. Security

We implement appropriate technical and organizational measures to protect your data:

  • Secure encrypted connections (SSL/TLS)
  • Access controls and staff training
  • Regular security assessments
  • Secure data storage and backup systems

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Significant changes will be communicated via email or website notice.

11. Contact Information

For questions about this Privacy Policy or your personal data:

Refine SMP
9 Anderton Grove
Ashton-Under-Lyne, OL6 9EF
Greater Manchester, UK

Email: info@refine-smp.co.uk
Phone: 07570 448986

If you're not satisfied with our response, you can contact the Information Commissioner's Office (ICO) at ico.org.uk

Last Updated: September 2024