Privacy Policy

The policy:
This privacy policy notice is served by [Cane Osteopathy and Face Oxford], Floor 2, Clarendon Business Centres, 52 Cornmarket Street, Oxford OX1 3HJ] under the website; [www.faceoxford.com]. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us.

Policy key definitions:

  • I”, “our”, “us”, or “we” refer to the business, [Cane Osteopathy and Face Oxford].
  • “you”, “the user” refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner’s Office.
  • Cookies mean small files stored on a user’s computer or device.

Key principles of GDPR:
Our privacy policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

What Personal Data may we collect about you?
We collect and process your Personal Data, which can come directly from you or from third parties with whom we contract or provide services or for compliance reasons. Personal Data includes all information that identifies you or can be used to identify you.

The types of your Personal Data we collect depends on the nature of your relationship us and applicable laws.

The Personal Data we process about you,includes the data we collect directly from you either as part of your relationship with us or through other interactions you may have with us.The information we process about you may include the following categories of Personal Data:
Age and date of birth;
Demographic data;
Health and other Sensitive Personal Data;
Data collected from Cookies;
Data collected from website / mobile device usage and analytics;
Personal contact information (address, telephone, email address);
Programs and activities in which you participated;
Trials and use of our products;
Opinions about us or our product and services;
Communication and other personal preferences;
Product request information;
Photographs and video;
Payment related information;
Financial information;
Product identifying, generated, usage, and diagnostic data; and/or
Product service and error data

Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.

  • We are registered with the ICO under the Data Protection Register, our registration number is: A8521275.
  • Lawful basis: Consent
    Where our purpose for processing is: To obtain information from youabout your suitability for treatment and to monitor outcomes and progress.
    Which is necessary for:
    Processing and reporting of adverse events;
    To communicate product safety information to you;
    Product quality and complaint management;
    Administering and maintaining legally required product registries, including medical device tracking;
    Administering and maintaining voluntary patient engagement and support platforms;Responding to your requests for information, products, or services;
    Our company compliance and facility and network security purposes;
    Internal investigations of possible misconduct or failure to comply with
    our policies and procedures;
    Auditing our programs and services for compliance purposes;
    Legal proceedings and government investigations (such as pursuant to warrants, subpoenas, and court legal orders);
    Where we have Legal obligations to process the personal data;
    Communications regarding our studies;
    Communications about market research and product developments;
    Communications about product information;
    Communications about general health information (such as information on certain health conditions);
    To determine your eligibility for certain products, services, or programs;
    Organizational planning and development (such as internal communications, budgets, administration, and project management);
    Administering educational programs;
    Business and marketing research;
    Authenticating and verifying your identity in your interactions with us;
    Tracking your interactions (online and offline) with us;Improvement and development of our products and services;
    Device and application diagnostics;
    Statistical analysis; Payment processing; and/or
    Website administration
    For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes
    We process your information in the following ways: Your details are stored securely on electronic devices and booking systems.
    Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
    Sharing your information: We do share your personal information with third parties and they include: AMedSu iRejuvenation app, mailchimp, Cliniko booking system.
  • Lawful basis: Legal obligation
    Where our purpose for processing is: In specific circumstances, we may need to process your Personal Data to comply with a relevant law/regulation (such as when we are required by medical regulations to track usage of medical devices) or to fulfill our obligations under a contract to which you are subject.
    Which is necessary because: Where we process your Personal Data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing to fulfill our contract obligations under a contract where you are a party, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.
    We process your information in the following ways:
    Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.Sharing your information: We do share your personal information withthird parties and they include: AMedSu iRejuvenation app, mailchimp, Cliniko booking system.
  • Lawful basis: Legitimate interests
    Where our purpose for processing is: To enable us to communicate with you and managing our interactions with you regarding our products and services, scientific research, and education opportunities. In addition to the other rights, you have the right to object to such processing of your Personal Data. You can register your objection by contacting us as described in the “how do you contact us” section below.
    Which is necessary because: It is in our legitimate interest ie: there is a business or commercial reason to do so, unless this is outweighed by your rights or interests.
    We process your information in the following ways: Enabling us to contact you with special offers, information about changes to treatments etc.
    Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
    Sharing your information: We do share your personal information with third parties and they include: AMedSu iRejuvenation app, mailchimp, Cliniko booking system.

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.We handle subject access requests in accordance with the GDPR.

Internet cookies
We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.Some cookies are required to enjoy and use the full functionality of this website.We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manageand delete cookies from your device, please see your web browser options.Cookies that we use are;

Globally and in the European Union member states Google sets the following cookies:

__utma Cookie
A persistent cookie – remains on a computer, unless it expires or the cookie cache is cleared. It tracks visitors. Metrics associated with the Google __utma cookie include: first visit (unique visit), last visit (returning visit). This also includes Days and Visits to purchase calculations which afford ecommerce websites with data intelligence around purchasing sales funnels.

__utmb Cookie & __utmc Cookie
These cookies work in tandem to calculate visit length. Google __utmb cookie demarks the exact arrival time, then Google __utmc registers the precise exit time of the user.
Because __utmb counts entrance visits, it is a session cookie, and expires at the end of the session, e.g. when the user leaves the page. A timestamp of 30minutes must pass before Google cookie __utmc expires. Given__utmc cannot tell if a browser or website session ends. Therefore, if no new page view is recorded in 30 minutes the cookie is expired.
This is a standard ‘grace period’ in web analytics. Ominture and WebTrends among many others follow the same procedure.

__utmz Cookie
Cookie __utmz monitors the HTTP Referrer and notes where a visitor arrived from, with the referrer siloed into type (Search engine (organic or cpc), direct, social and unaccounted). From the HTTP Referrer the __utmz Cookie also registers, what keyword generated the visit plus geolocation data.
This cookie lasts six months. In tracking terms this Cookie is perhaps the most important as it will tell you about your traffic and help with conversion information such as what source / medium / keyword to attribute for a Goal Conversion.

__utmv Cookie
Google __utmv Cookie lasts “forever”. It is a persistant cookie. It is used for segmentation, data experimentation and the __utmv works hand in hand with the __utmz cookie to improve cookie targeting capabilities.

Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Fair & Transparent Privacy Explained
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.

Sponsored links, affiliate tracking & commissions
Our website may contain adverts, sponsored and affiliate links on some pages. These are typically served through our advertising partners; Google Adsense, eBay Partner Network, Amazon Affiliates, or are self served throughour own means. We only use trusted advertising partners who each have highstandards of user privacy and security. However we do not control the actual adverts seen / displayed by our advertising partners. Our ad partners may collect data and use cookies for ad personalisation and measurement. Where ad preferences are requested as ‘non-personalised’ cookies may still be used for frequency capping, aggregated ad reporting and to combat fraud and abuse.
Clickable sponsored or affiliate links may be displayed as a website URL like this; www.soswestwales.com or as a titled text link like this: Storage in Pembrokeshire.
Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on thiswebsite above. Your actions are usually recorded as a referral from our website by this cookie. In most cases we earn a very small commission from the advertiser or advertising partner, at no cost to you, whether you make a purchase on their website or not.
We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the best overall experience and valued information.
If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.

Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to alist of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such
data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent(unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can also unsubscribe from all MailChimp lists, by following this link, otherwise contact the EMS provider.Our EMS provider is; [mailchimp]. We hold the following information about you within our EMS system;

  • Email address
  • I.P address
  • Subscription time & date