PRIVACY POLICY
Invasix UK Ltd ("We", “Our”, “Us”, as appropriate) is committed to protecting and respecting your privacy.
1. IMPORTANT INFORMATION AND WHO WE ARE.
This policy (together with our Terms of Website Use, Cookies Policy, Conditions of Sale and any other documents referred to within) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed, stored and shared by us. Please read the following carefully to understand our practices regarding your Personal Data.
For the purpose of the General Data Protection Regulations (GDPR), the data controller is Invasix UK Ltd of 23 Wigmore Street, London W1U 1PL.
We know that you value your privacy and the security of personal information held about you. We are committed to handling your Personal Data and personal sensitive data in line with data protection law and principles, which means that your data will be:
-
Used lawfully, fairly and in a transparent way
-
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
-
Relevant to the purposes we have told you about and limited only to those purposes
-
Accurate and kept up to date
-
Kept only as long as necessary for the purposes we have told you about
-
Kept securely.
This website is not intended for children and we do not knowingly collect data relating to children.
2. WHAT IS PERSONAL DATA?
Personal Data means information that can directly or indirectly identify you ("Personal Data"). This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as an IP address.
Information about health, such as medical history, is a special category of Personal Data that requires additional safeguarding measures.
3. HOW DO WE COLLECT PERSONAL DATA?
We use different methods to collect data from and about you, including through:
Direct interactions: You may give us your Personal Data by speaking to us in person on-site or off-site; filling in forms or by corresponding with us by post, phone, email or otherwise;. This includes personal data you provide when you:
-
apply for or buy our products or services;
-
order products;
-
subscribe to our service or publications;
-
allow us to scan your badges at an industry event;
-
request marketing to be sent to you; or
-
give us some feedback.
Automated technologies or interactions: As you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns. We collect this Personal Data by using technologies such as Google Analytics.
Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
-
Technical data from analytics providers such as Google based outside the EU;
-
Contact and financial data from providers of technical, payment and delivery services such as our bank based inside the EU.
-
Contact data from publicly availably sources such as Companies House based inside the EU.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
To see what personal data we collect, for what purpose, how we use it, retain it and secure it, please see the different categories below.
4. REQUESTING A QUOTE OR PLACING AN ORDER
You are able to place orders for our products (including consumables for the InMode and Cooltech Systems) and services in person, via email, over the phone or on our website.
What information is collected?
When you order our products (including consumables) and/or services we may collect the following Personal Data from you: name, title, shipping and billing address, email address, telephone number, mobile number date of birth, payment processing information (i.e. debit/credit card, Paypal).
We may also collect further information in the event of a dispute, return, refund or complaint.
You must ensure that the information you provide is accurate and complete.
What is the purpose of the processing?
We process this Personal Data to carry out Our obligations arising from any contracts entered into between you and Us and to provide you with the information, products and services that you request from Us.
We also process this Personal Data to deal with any enquiries, queries, returns, complaints or to respond to any feedback.
Where and for how long is the data stored?
We store your Personal Data securely on site or securely archived off site in the UK as long as we are required to keep the information by law, normally up to six years.
On-line orders are kept on a secure European-based server and cloud. Off-line orders are kept securely on-site. Access to such information is limited to those members of staff that need to access them. All orders are kept as long as the equipment remains in use.
Order and payment details, as well as complaints and credit notes are kept on our secure accounts EU-based server and cloud system for as long as is legally required, normally up to six years as per HMRC guidelines. Debit or credit card details are not retained at any point, except for the merchant receipt.
Who may the information be shared with?
We may share Personal Data that we receive from you including information used to order our products and/or services with the following third parties:
Our group companies - we may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. Where our group members are not based in the EEA we will ensure that any transferred data is treated in a manner commensurate with EU data protection laws. Our parent company, Invasix Ltd, is based in Israel, a country which has been designated by the European Commission as having an adequate level of protection for personal data
Our service providers – This includes external third-party service providers, such as accountants, auditors, experts, lawyers, credit reference agencies, and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
Our website is hosted and payments taken by wix.com which maintains equivalency to EU data protection under the Shield certification. Please review their data policy here: https://www.wix.com/about/privacy Our website has implemented Google Analytics Demographics and Interest Reporting. Any demographic reports produced using this data will be used to determine a better understand of our website traffic. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. In addition, you can use the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics. For more information, please see our Cookies Policy.
Government or other public authorities – including, but not limited to, HMRC, law enforcement or other agencies to which we are required to disclose Personal Data by law, or by a warrant, subpoena or court order.
Our Suppliers - Occasionally, we may share your Personal Data limited with our suppliers to fulfil our and your legitimate interests. We will always do this under contract and you may write to us to opt-out.
Third parties - In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If Invasix UK or substantially all of its assets are acquired by a third party, Personal Data held by it about its customers will be one of the transferred assets.
What is the legal basis for processing the Personal Data?
We may process your Personal Data on the following bases:
-
To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
-
Fulfil our legal and regulatory obligations such as preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies or the regulators; ensuring the health, safety and protection of our staff.
-
Exercise tasks under our legitimate interests such as to:
- enforce our terms and conditions, notably conditions of returns, refunds and payments;
- handing customer contacts, queries and complaints or disputes;
-
to protect our operations or those of any of our group companies;
-
to protect our rights, privacy, safety of property, and that of our group companies, you or others;
-
to allow us to pursue available remedies or limit our damages;
-
ensure the security and integrity of our services and ensuring our websites operate effectively;
-
to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
-
to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
-
where we assist you in obtaining your own finance for the purchase of our products and/or services we may pass your Personal Data to credit reference agencies and they may keep a record of any search that they do. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
-
Your consent in relation to marketing; to deliver relevant on-line and/or off-line advertising to you; to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
5. VISITORS
What information is collected?
When visitors come to our premises (23 Wigmore Street, London W1U 1PL and/or Wimpole House, 1 Bashley Road, London NW10 6TE) for meetings, inspections, project work, building and electrical work etc, we may collect the following Personal Data: name and company.
What is the purpose of the processing?
We process this Personal Data to know who is on-site and to check timings and attendance in relation to project works.
Where and for how long is the data stored?
The Personal Data is kept as a hardcopy in the Visitors Book on the premises. The data is kept securely on-site and retained as long as lawfully required.
Who may the information be shared with?
We may share this information with our employees and, in the case of project works, the managing agents for the building.
What is the legal basis for processing the Personal Data?
We process this information under our legitimate interest in knowing who is on-site to ensure the privacy, safety and security of our premises, our staff, and you. Also, to confirm attendance for work projects to confirm the performance of a contract.
6. TRAINING AND EVENTS
What information is collected?
When you book or register for training course or an Event run or hosted by Invasix UK we may collect the following Personal Data from you:
Name, title, postal address, email address, home telephone, mobile number, order history, professional registration and qualification, training history, information on the handling of your request and any other Personal Data you voluntarily provide to us.
When you volunteer to be a model on a training course or at an Event at our premises or off-site we may collect the following Personal Data from you:
Name, email address, home telephone, mobile number, treatment history, health data, complaints, reactions, age / date of birth, information on the handling of your request and any other Personal Data you voluntarily provide to us.
When you run a training course, we may collect the following information about you:
Name, contact details, professional details and biography, information on the handling of your request and any other Personal Data you voluntarily provide to us.
When you attend a course or Event we may obtain your personal information when we video record the course or Event. Where you have volunteered to be a model we may also take before/after treatment photos of you.
What is the purpose of the processing?
We process this Personal Data to book you onto a course or an Event, ensure that you have the necessary qualifications and experience to join the course, and take payment if required. Also, we keep a record of attendees and can issue a certificate of completion.
We process this Personal Data if you volunteer to be a model on the course or Event, to ensure that you are a suitable candidate for the procedure, you have not had a reaction to previous treatments, or had treatments too close together. We keep a database of contact details for volunteers so that we can contact you about future courses or Events.
We process this Personal Data if you are running a course to provide information to delegates, and our marketing material.
We use Event/course video recordings and/or before/after photos that may include information about you for education and marketing purposes on the product and how treatments are administered.
Where and for how long is the data stored?
The information is kept by us on an EU-based secure server for as long as lawfully required. Hard copy consent forms for any treatment are kept securely on-site for as long as lawfully required.
Event day information is kept by the marketing department on an on an EU-based secure server for as long as lawfully required.
Videos and photos may be posted on our social media sites based inside and outside the EEA, or used for marketing materials for up to six years.
Who may the information be shared with?
The Personal Data may be shared with the trainer or company which is running the training course. In the case of a reaction to a treatment, we may also have to share some Personal Data with the manufacturer of the product and the MHRA.
What is the legal basis for processing the Personal Data?
We may process your Personal Data in order to provide the training course or access to an event to you as requested (performance of a contract), and under our legitimate interests to know who is on-site, and ensure the security of our premises, staff and yourself, as well as to improve our training courses.
We may process your Personal Data as a volunteer model under consent. You are required to fill in a consent form for each and every procedure. We may also process your Personal Data under our vital interests to protect the health and safety of attendees including models, and under legal obligations in the event of an adverse reaction to a product.
We may process your Personal Data as a trainer under our legitimate interest to run the training session and under the performance of a contract with you.
We may process your Personal Data by filming the training under our legitimate interests for education and marketing purposes, as well as for vital interests in the case of an injury, a record is maintained.
7. MARKETING
If you opt-in (on-line or off-line) to receive on-line marketing and offers we will add your name and email address to our marketing database which is managed by MailChimp, which maintains equivalency to EU data protection under the Shield certification. Please review their data policy here https://mailchimp.com/legal/terms/. You can change your marketing preferences at any time and will always be offered the opportunity to unsubscribe. We process your name and email address on this basis under your positive consent to do so.
Under EU direct marketing laws we may also send you on-line marketing if you have previously placed an order with us or where you have provided your information for the purpose of contact (for example a badge scan at tradeshow or industry events). You can change your marketing preferences at any time and will always be offered the opportunity to unsubscribe.
We will still contact you regarding your account or orders even if you have opted out of receiving marketing from us.
8. SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our website may, from time to time, contain links to and from the websites of our partner networks, our social media pages, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We do not sell, share or rent any information collected to third parties except for those detailed in this privacy policy.
Where We need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
9. SOCIAL MEDIA PLATFORMS
Communication, engagement and actions taken through external social media platforms that this website and the Company participate are done on the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
We may collect data from your public profile, including, name, photo and other information you make available to Us when you like, post or otherwise interact with Our social media pages such as Facebook, Twitter and Instagram.
10. ACCESS TO INFORMATION
Under the General Data Protection Regulations you have the following rights:
-
Obtain from us confirmation as to whether or not we process Personal Data from you and, where that is the case, access to your Personal Data;
-
Rectification of inaccurate Personal Data;
-
Erasure of Personal Data;
-
Objection to the processing of Personal Data;
-
Restriction of processing of Personal Data; and
-
Portability of Personal Data – to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.
In some instances, our legal obligations may override your rights under data protection laws.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You can learn more about these rights here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. If you have any further queries about this policy, or wish to find out more about your rights, please contact us at neilw@invasix.com. Should you choose to exercise any of these rights, a record will be maintained by Invasix UK.
Where your consent is the legal basis for the processing of your Personal Data, you can withdraw your consent for marketing communications by logging into your account or using the unsubscribe link in any of our marketing communications or by sending us an email to neilw@invasix.com. Please note that withdrawing your consent will not affect the lawfulness of the processing before the withdrawal.
If you think that the processing of Personal Data by us violates data protection laws, you can lodge a complaint with the Information Commissioner in the UK (www.ico.org.uk) or the Data Protection Commissioner in the Republic of Ireland (www.dataprotection.ie).
11. CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
CONTACT
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to:
Email: info@inmodemd.co.uk
Address: Invasix UK, 23 Wigmore Street, London W1U 1PL
Thank you for visiting our website. This Privacy Policy will come into force on 25 May 2018.
​
​
​