Data & Privacy Policy

Our Data and Privacy Policy explains the way in which VIVA Skin Clinic collect, use, maintain, protect and disclose the personal information of the users of our websites:,,, and and all the products and services offered by VIVA Skin Clinic, Consent Clinic, TOXPOD, and VIVA Academy.

About us

Organisation Name: Viva Cosmetics Ltd

Reference number: ZA393367

Start date: 25 May 2018

End date: 24 May 2019

The following is a comprehensive description of the way VIVA Skin Clinic, as data controllers process personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received from us, check any privacy notices, consent forms or contracts we have provided or contact us directly to ask about your personal circumstances and how this Data and Privacy Policy applies to you.

Your information and how we us it

This Data and Privacy Policy tells you what to expect when VIVA Skin Clinic collects personal information about you when you engage with us. It also explains how we’ll process that data, and keep it safe.

We collect personal and financial information such as your name, date of birth as treatments can only be performed on individuals over the age of 18, address, telephone number, bank details and email address when you provide it to us, or when you have given a third party permission to share your information with us. We also under consultation collect your medical history and medical conditions and details and notes regarding medical procedures undertaken.

We will only use the data captured for specific purposes in relation to the provision of services from VIVA Skin Clinics, whether that’s as part of the follow up process originally instigated by you (Consent) or as part of the provision of a service or consent for treatment (under provision of a contract). We may also use your information to keep you up to date with relevant services and useful updates from VIVA Skin Clinics (legitimate interest). At all times recipients will be given the option to opt-out of communications and or have their personal data removed if requested and so long as this removal is not against business practices under law (legal obligation). In rare cases we may have need to process information under (Vital interests) or in the where information is in the publics interest or to perform official functions (Public task).

Description of processing

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these will apply whenever we process personal data:

  1. Consent: you have given clear consent for us to process your personal data for a specific purpose.
  2. Contract: the processing is necessary for a contract we have with the you, or because you have asked us to take specific steps before entering into a contract with you.
  3. Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
  4. Vital interests: the processing is necessary to protect someone’s life.
  5. Public task: the processing is necessary for us to perform a task in the public interest or for VIVA Skin Clinic official functions, and the task or function has a clear basis in law.
  6. Legitimate interests: the processing is necessary for VIVA Skin Clinic legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

Reasons/purposes for processing information

We process personal information to enable us to:

  • Provide non surgical treatments and procedures to clients
  • Maintain our accounts and records
  • Promote our services
  • Undertake research
  • Support and manage our employees

Type/classes of information processed

  • We process information relating to the above reasons/purposes. This information may include:
    • Personal details such as name, date of birth, gender, address, place of work, telephone and email addresses
    • Medical records and history
    • Medical Procedures and notes relating to treatments
    • Goods and services
    • Family details
    • Lifestyle and social circumstances
    • Financial details – all bank details are not stored or retained
    • Education and employment details

In some but not all instances we may process sensitive classes of information that may include:

  • Physical or mental health details
  • Racial or ethnic origin
  • Religious or other beliefs of a similar nature
  • Offences and alleged offences
  • Trade union membership

Who the information is processed about

We process personal information about our:

  • Clients
  • Employees
  • Suppliers
  • Enquirers and complainants
  • Survey respondents
  • Professional advisers and consultants
  • Visitors to our website
  • Visitors to our social media platforms

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of GDPR (25th May 2018). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

  • Current, past or prospective employers
  • Suppliers and service providers
  • Financial organisations
  • Family, associates and representatives of the person whose personal data we are processing
  • Trade associations and bodies
  • Professional advisers and consultants
  • Central government like HMRC
  • Employment and recruitment agencies
  • Business associates
  • Survey and research organisations
  • Credit reference agencies
  • Debt collection agencies

Transfers of Data

GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.

Whist we do not transfer data outside of the EU. It may sometimes be necessary to transfer personal information overseas in the future. VIVA Skin Clinics will only transfer personal data where the organisation receiving the personal data has provided us with adequate safeguards and where your rights must be enforceable and effective legal remedies for individuals must be available following the transfer.

Visitors to our website

When someone visits we use the following third party services:

  • Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way-which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
  • Facebook pixels are used

Functionality on our website relies on the use of Cookies find out more through our Cookie Policy.

If we do collect personally identifiable information through our website, this will be clear to the visitor. We will make it clear when we collect personal information and will explain what we intend to do with it.

Personal data via third party services

VIVA Skin Clinics will collect and store your personal data provided from third parties only when you have given permission for it to be supplied. For example, at events and conferences. This data will only be used for the purposes of relevant follow-up activity (legitimate interest). If after 12months we have not engaged with you further then your data records will be stored and encrypted so there are no personal identifies are associated with this record. This data will only be used for the purposes of VIVA Skin Clinics own research and development. Your records will not be sold to third parties.

People who use our services

VIVA Skin Clinics offers various services to businesses. Within those businesses we have to hold the details of people that have requested or are in some way associated with the provision of the service we provide. We only use these details to provide the service and for other closely related purposes. For example, we may use information about people who take services from us to carry out a survey to find out if they are happy with the level of service they received.

Job applicants and our current and former employees

VIVA Skin Clinics is the data controller for the information you provide during the application process unless otherwise stated. If you have any queries about the process or how we handle your information please contact:

Your information and how we collect and use it.

We collect information about you when you complete one of the forms on our website and is transmitted over HTTPS to our web server we also collect data and information about you in one to one meetings, consultations, via email and over the phone. This will include your name, place of work, contact information and where relevant financial information, along with any other information you choose to provide us at any of the above data collection points.

The information will be used to respond to your enquiry, or contact you about a treatment or procedure that you have shown to have an interest in.

The information will be used solely by VIVA Skin Clinics and will not be shared with any other third party.

Your personal Information will be stored on our financial system purely for the purpose of providing treatment and procedures you have engaged and consented with us to provide and on mail chimp for future marketing and industry related updates that will be relevant to you. In this case your information may be processed outside of the European Economic Area (EEA).

Grounds for processing

We are processing the information you provide under the legal grounds of our legitimate interest, we will use the information provided for legitimate business purposes such as contacting you in response to an enquiry submitted through our website. We have carried out a legitimate interest assessment on the data we collect to support this decision.

Your rights

You have rights over the information that VIVA Skin Clinics, have collected from you, these include the following:

Right to be informed

We provide ‘fair processing information’ through our privacy notice.

Right of access

We will confirm to you that we process your data, and to provide access to any personal information we hold about you should you request this information in writing.

Right of rectification

If any data we hold about you is incomplete or inaccurate we will correct the information we hold and notify you by email or in writing of the corrections made.

Right to erasure (the right to be forgotten)

Where there is no compelling reason for the continued processing of your information we will erase this.

Right to restrict processing

We will stop processing or block your data on request. We may hold enough information to ensure that we can respect this restriction in the future. e.g. We may hold your email address on a list to prevent it being processed in the future.

Right to data portability

In certain circumstances you may request your data in a commonly used and machine-readable format.

Right to object

You may object to us processing your data, unless the processing is for the establishment, exercise or defence of legal claims.

If you’d like to access or correct the data we hold, please contact us.

Rights related to automated decision making including profiling

VIVA Skin Clinics do not automate any decision making with your information.

You can read more about your individual rights on the Information Commissioner’s Office website.

Protecting your information

We know how much data security matters. We will treat your data with the utmost care and take all appropriate steps to protect it.

Your information is only accessed by people who need it to perform their role.

Your personal data is encrypted at rest and in transit as far as possible; we secure the information you submit through www.vivaskinclinics using ‘https’. However this does not account for personal errors and where there has been a breach of data we will comply with the GDPR regulations and report all activities of breach to the ICO.

Your data may, occasionally, be sent outside the European Economic Area (EEA). As described in this notice. In these cases your information will remain secure and confidential.

We will retain personal information only for so long as the information is necessary to fulfil your request, or until you exercise one of your rights.

Complaints or queries

Viva Skin Clinics tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of VIVA Skin Clinics collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to You may also complain to the supervisory authority in the UK, the ICO. Various contact details are listed on the ICO Report a concern page.

Links to other websites

This privacy notice does not cover the links within this site to other websites. We encourage you to read the privacy statements on other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 23rd May, 2018.

How to contact us

If you want to request information about our privacy policy you can email us on or write to:

Chloe Plumstead

Data Privacy Compliance Officer

VIVA Skin Clinics,