Privacy Policy

Introduction

We are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR). As a data controller, we document the lawful basis for processing your data and provide you with rights regarding how your personal information is processed.

This privacy policy explains:

  • What data we collect

  • Why and how we process it

  • Your rights under GDPR

  • How you can exercise those rights

This website may contain links to third-party websites, which operate under their own privacy policies. This privacy policy applies only to this website.

Lawful Basis for Processing

For each method by which we collect personal data, this privacy policy outlines our lawful basis for processing.

  • If we rely on your consent, we provide clear instructions on how you can withdraw your consent and request the deletion of your data.

  • If processing is necessary for our contractual obligations (e.g., booking an appointment and processing payments), we will process your data accordingly.

  • In cases of legal obligations (e.g., fraud prevention), we may process and disclose data as required.

Your Rights Under GDPR

The GDPR grants you the following rights over your personal data:

  1. Right to Access – You can request a copy of the data we hold about you.

  2. Right to Rectification – You can ask us to correct inaccurate or incomplete data.

  3. Right to Erasure ("Right to be Forgotten") – You can request that we delete your personal data.

  4. Right to Restrict Processing – You can request to limit how we process your data.

  5. Right to Data Portability – You can request a copy of your data in a structured, machine-readable format.

  6. Right to Object – You can object to the processing of your data, including for direct marketing purposes.

  7. Right to Withdraw Consent – If processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us via the details provided in the "Our Details" section.

Security Measures

We implement technical and organizational measures to safeguard your data, including:

  • Transport Layer Security (TLS) encryption (commonly known as SSL) for secure data transmission.

  • Identity verification before granting data access.

  • Firewalls and access controls to protect stored information.

  • Regular security audits to detect and prevent vulnerabilities.

Despite these precautions, no method of online transmission is 100% secure, and users should take precautions when sharing personal data.

Data Disclosures

In addition to any sharing of data described elsewhere in this policy, we may disclose personal data when:

  • Required by law enforcement or regulatory authorities.

  • Necessary to investigate suspected criminal activity or fraud.

  • Required to fulfill legal or contractual obligations.

We do not sell or share your personal data with third parties for marketing purposes.

Cookies

Cookies are small text files stored in your browser to enhance your experience. We use:

  • Essential cookies – Necessary for website functionality.

  • Analytics cookies – To track website usage and improve services.

  • Preference cookies – To remember user settings.

You can manage cookie preferences through your browser settings.

Booking an Appointment

When you book an appointment, we collect personal information to assess your suitability for the requested treatment. If you express interest in additional treatments, we may collect further data.

  • We may collect images during your visit for compliance and assessment purposes.

  • This information is not shared with third parties and is used solely for internal purposes.

Payment for Treatments

When you make a payment for a treatment, we collect the necessary details to process the transaction, including:

  • Full name

  • Email address

  • Phone number

  • Billing details (if required by the payment processor)

We do not store payment card details. All transactions are processed securely through our third-party payment provider, which complies with PCI-DSS (Payment Card Industry Data Security Standard) regulations.

How We Contact You

We may contact you via email, telephone, or post for:

  • Appointment confirmations and reminders

  • Treatment-related information

You may opt out or update your communication preferences at any time.

Our Details

This website is owned and operated by La Nova.

  • Company Registration Number: 16077498

  • Business Address: 69 Brighton Road, Surbiton, KT6 5NF

  • Contact Methods:

    • Post: 69 Brighton Road, Surbiton, KT6 5NF

    • Phone: 02082685639

    • Email: info@la-nova.co.uk

Managing Your Data

  • You may request a copy of your data at any time by contacting us.

  • If you wish to delete your data, please submit a request via email.

  • We retain records of past transactions for legal and accounting purposes but do not keep unnecessary personal data longer than required.

Changes to This Privacy Policy

We may update this privacy policy periodically. The last updated date at the top of this document reflects the latest revision.

  • If changes expand data collection or sharing, they will only apply to data collected after the update.

  • Continued use of our website after changes implies acceptance of the updated policy.

For any questions or concerns, please contact us at info@la-nova.co.uk.