Kosmesis is committed to ensuring the privacy of our patients and website visitors. This policy explains what personal data we may collect about you when you interact with us and how we use it.
- Service: We will only use your data to improve your experience of our services
- Patient Safety: We will only use your sensitive personal data to ensure your care and safety
Who we are?
Kosmesis Ltd is a registered company: Reg Number 08234483. Angelica Kavouni of Kosmesis of 129 Harley Street is the data controller in relation to the processing of personal information that you provide us when using our services.
You can contact our Data Protection Officer at:
or write to:
Data Protection Officer
129 Harley Street
London W1G 6BA
Your personal and sensitive personal data
Under data protection legislation, the data that organisations hold about you can be categorised as follows:
Personal Data: This is data related to an identifiable person or data that can be used to identify a distinct individual. Examples of personal data we collect, and process include names, email addresses, location, telephone numbers. Where this policy states "your data/your personal data" we are referring to Personal Data unless otherwise stated.
Sensitive Personal Data: Sometimes referred to as "Special Category Data", this is data that is deemed to be more sensitive than the above personal data. For example, medical records, genetics, biometric data, details of ethnicity, sexual orientation. We only use this data for the purposes of your treatment and to ensure you care and safety as a patient. We will usually ask for your consent to collect or process this data, though there may be instances where we are required or permitted to do so by applicable law (e.g. To comply with public health requirements). We never use your sensitive personal data for marketing purposes.
The legal bases we rely on
Under data protection legislation, organisations must have one of several reasons for processing your personal data. Below we outline the bases we use and an example of the purpose for which it is used:
Consent: In some situations, we ask for your consent to process your data for the purpose we have identified. As a patient you may be asked for consent to allow us to collect sensitive personal data about you to ensure your safe treatment and care.
Contractual obligations: Sometimes we may need your data to fulfil our obligations. For example, if you wish to book an appointment we may need your payment details, address and contact details to process payment and secure your booking.
Legal compliance: There may be some situations where we are required by law or regulatory bodies to process your data. For example, gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.
When do we collect your personal data?
- When you make an enquiry on any of our websites
- When you communicate with us by phone or email or instant messaging systems
- When you request further information from us
- When you arrange appointments with clinic staff
- When you attend appointments and as part of the consultation process
- When you make payments to us or require a refund
- When you fill in any forms online or in clinic
- When you visit our clinics, we may operate CCTV systems for security purposes
What personal data do we collect?
- Whilst using our website you may submit information to us via an enquiry form. This may include your name, email address, phone number and postcode. We require this information to contact you regarding your enquiry.
- Payment details.
How and why do we use your personal data?
We want to give you the best possible experience from your very first interaction with us. One way to achieve this is to better understand who you are by collecting data about you.
There are many cases where we are required to collect and process data about you either to fulfil our contractual obligations to you or to comply with the law.
We use your personal data for the following purposes:
- To provide you with further information about the subject of your enquiry so you understand your options and can make an informed decision.
- To remind you by email to book subsequent appointments for a treatment you have previously had which requires ongoing review.
- To contact you regarding your appointments and treatments - we want to make sure you don't miss your appointments.
- To make sure we're speaking to the right person - to help prevent and detect fraud.
- To take payment and process refunds
- To provide customer service and support
How we protect your data
We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse. We never sell any of your personal data for any purpose. Any sensitive personal data we may collect (such as medical records) is never used for marketing purposes and access to such data is further restricted.
How long do we keep your data?
We only keep your data for as long as is necessary to fulfil the purpose for which it was collected. At the end of the period, your data will either be deleted or anonymised so that it can be used in a non-identifiable way for statistical analysis which helps us make improvements to our service and business.
Cookies & similar technologies
We don't use tracking or analytics cookies on our websites since 14th May 2018. There may however be cookies from previous visits that have been downloaded onto your computers/devices. Cookies are small, harmless text files that are downloaded to your computer/device when you visit websites. They serve a range of purposes such as helping us understand our website usage, activity and user behaviour.
Who do we share your personal data with?
We never sell your data to any third parties. We want to maintain your trust as a reputable company and believe this is essential to ensure this.
We may share your information with other relevant bodies that will be involved in your care such as:
- Hospitals that we work with that will be involved in your care
- Anaesthetists that may also be involved in your care
- Other medical/professionals that are involved in your care
We do use third parties to support, manage or deliver some of our day to day business services.
As a result, we may share non-sensitive personal data with the following type of companies we work with:
- Companies that help us deliver our emails and electronic communications to you
- Companies that support our website, phone handling and other IT/business systems
What are your rights?
You have many rights relating to your personal data including:
- The right to access the personal data we hold about you.
- The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it.
- The right to request that we delete your data or stop processing it - in some instances such as where we no longer need it, we can delete your personal data.
- The right to stop direct marketing - You have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request.
- The right to withdraw your consent - Whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us.
- Please note there may be instances where we refuse your request for any of the above (unless otherwise stated) where we have a strong overriding reason or are legally obliged to.
If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the "Who we are?" section for contact details.
If you have concerns about aspects of the way your data has been handled or used by us and are not satisfied with our response, you can report your concerns to the UK Information Commissioner Office (ICO). Details of how to do this are on the ICO website ico.org.uk.
or write to:
Data Protection Officer
129 Harley Street
London W1G 6BA
This policy was last updated on 14th May 2018