Book your Appointment Today and Get 15% DISCOUNT!

Privacy Policy

At EVOTONE, we take data protection very seriously. We are committed to protecting your personal information and respecting your privacy. This policy explains how we collect, use, and process your personal data when you use our website and our services.

OVERVIEW

We respect your privacy and protect your personal information. While it is possible to use our website without providing personal data, we may need to process your personal data if you wish to use certain services. We obtain consent from our users before processing their personal data.

We process personal data, such as your name, address, email address, or phone number, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This data protection policy aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process, as well as the rights of data subjects.

As the controller, we have taken technical and organizational measures to protect personal data processed through our website. However, please be aware that Internet-based data transmissions may have security gaps, and absolute protection cannot be guaranteed.

NAME AND ADDRESS OF THE CONTROLLER

Esthetic Solutions Ltd t/a EVOTONE is the controller responsible for complying with GDPR and other data protection laws. Our registered address is:

288 Kensington High Street,
London,
W14 8NZ,
United Kingdom.

You can contact us at info@evotone.co.uk.

TEXT MARKETING AND NOTIFICATIONS

When you enter your phone number and email address in our subscriber pop-up form, you agree to receive text notifications or emails from us, including text or email marketing offers. You can unsubscribe from these messages by replying with the copy provided in the SMS. Using alternative words or requests will not be considered a reasonable means of opting out. Message and data rates may apply.

Please contact us at info@evotone.co.uk for more information.

DEFINITIONS

To ensure clarity and understanding, this data protection declaration is based on the terms used in the General Data Protection Regulation (GDPR). We have provided the following definitions:

a. Personal Data

Personal data refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person can be identified directly or indirectly by using an identifier such as a name, identification number, location data, online identifier, or other factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b. Data Subject

A data subject is any natural person whose personal data is processed by the controller responsible for the processing.

c. Processing

Processing refers to any operation or set of operations performed on personal data, whether by automated means or not. These operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d. Restrictions of Processing

Restriction of processing involves marking stored personal data with the aim of limiting their processing in the future.

e. Profiling

Profiling means any form of automated processing of personal data that evaluates certain personal aspects relating to a natural person, such as analyzing or predicting aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f. Pseudonymisation

Pseudonymisation is the processing of personal data in a way that the personal data can no longer be attributed to a specific data subject without using additional information. The additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g. Controller or Controller Responsible for the Processing

The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of processing personal data. If the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h. Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

i. Recipient

A recipient is a natural or legal person, public authority, agency, or another body, to whom the personal data are disclosed, whether a third party or not. However, public authorities that receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j. Third Party

A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k. Consent

Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

COOKIES

Our Use of Cookies

We utilize cookies on our website. Cookies are text files stored in a computer system through an Internet browser. They are commonly used by many websites and servers. A cookie ID, which is a unique identifier, is assigned to each cookie. This ID allows websites and servers to distinguish and identify the specific Internet browser in which the cookie is stored. Through the use of cookies, we can provide enhanced and user-friendly services that would not be possible without them.

Enhanced User Experience

Cookies enable us to optimize the information and offers on our website to cater to the user’s preferences. As mentioned before, cookies help us recognize and identify our website users, making it easier for them to navigate and utilize our website. For instance, a cookie may store login information, so users do not have to enter their credentials every time they access the website. Another example is the use of cookies in an online shop, where they remember the items placed in a virtual shopping cart.

Managing Cookies

Users have the option to prevent the setting of cookies or delete existing cookies through the settings of their Internet browser or other software programs. These options are available in most popular Internet browsers. However, please note that disabling cookies may impact the full functionality of our website.

COLLECTION OF GENERAL DATA AND INFORMATION

General Data Collection

When our website is accessed by a data subject or an automated system, certain general data and information are collected and stored in server log files. These may include (1) the types and versions of browsers used, (2) the operating system of the accessing system, (3) the website from which the access originated (referrer), (4) the sub-pages visited, (5) the date and time of access, (6) the Internet Protocol (IP) address, (7) the Internet service provider of the accessing system, and (8) other similar data used for security purposes.

Purpose of Data Collection

The collected general data and information do not allow us to draw conclusions about individual data subjects. Instead, they are necessary to (1) deliver the content of our website correctly, (2) optimize our website’s content and advertising, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with necessary information for investigating cyber-attacks. We analyze this anonymized data statistically to enhance data protection and security, ensuring optimal protection for the personal data we process. The server log files’ anonymous data is stored separately from personal data provided by data subjects.

RIGHTS OF THE DATA SUBJECT

a. Right of Confirmation

You have the right to obtain confirmation from us as to whether or not we are processing your personal data. If you wish to exercise this right, you can contact any of our employees.

b. Right of Access

You have the right to request free information about the personal data we have stored about you at any time, as well as a copy of this information. The European directives and regulations grant you access to the following information:

  • The purposes of the processing
  • The categories of personal data involved
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations
  • The envisaged period for which the personal data will be stored, or the criteria used to determine that period
  • The existence of the right to request rectification, erasure, or restriction of processing of personal data, or to object to such processing
  • The right to lodge a complaint with a supervisory authority
  • Where the personal data are not collected from you, any available information about their source
  • The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you

You also have the right to be informed about whether your personal data is transferred to a third country or international organization and, if so, to be provided with information about the safeguards in place regarding the transfer. If you would like to exercise your right of access, you can contact any of our employees.

c. Right to Rectification

You have the right to request the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed by providing a supplementary statement. To exercise your right to rectification, please contact any of our employees.

d. Right to Erasure (Right to be Forgotten)

You have the right to request the erasure of your personal data without undue delay if one of the following grounds applies, provided that the processing is not necessary:

  • The personal data are no longer necessary for the purposes for which they were collected or processed
  • You withdraw your consent on which the processing is based, and there is no other legal ground for the processing
  • You object to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR
  • The personal data have been unlawfully processed
  • The erasure is necessary for compliance with a legal obligation in Union or Member State law to which we are subject
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR

If any of the above reasons apply and you wish to request the erasure of your personal data stored by us, please contact any of our employees. They will ensure that your erasure request is processed promptly. If we have made your personal data public and are obligated to erase it, we will also take reasonable steps, including technical measures, to inform other controllers processing the data about your erasure request.

e. Right to Restriction of Processing

You have the right to request the restriction of processing if one of the following applies:

  • The accuracy of your personal data is contested, allowing us to verify the accuracy of the data
  • The processing is unlawful, but you oppose the erasure of the data and request the restriction of their use instead
  • We no longer need the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims
  • You have objected to the processing pursuant to Article 21(1) of the GDPR, pending the verification of whether our legitimate grounds override yours.

If any of the aforementioned conditions are met and you wish to request the restriction of processing of your personal data, please contact any of our employees. They will take the necessary steps to ensure the restriction of processing.

f. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, where the processing is based on your consent or a contract, and is carried out by automated means, unless it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

Additionally, if technically feasible and not infringing upon the rights and freedoms of others, you have the right to have your personal data transmitted directly from us to another controller upon your request.

To exercise your right to data portability, you can contact any of our employees.

g. Right to Object

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on these provisions.

We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time. This also applies to profiling related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for those purposes.

Furthermore, you have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

To exercise your right to object, please contact any of our employees. You also have the right to object to the use of automated means, including technical specifications, for exercising your right to object in the context of the use of information society services, in accordance with Directive 2002/58/EC.

h. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for entering into or performance of a contract between you and us, is authorized by Union or Member State law, or is based on your explicit consent.

If the decision is necessary for entering into or performance of a contract between you and us or is based on your explicit consent, we will implement suitable measures to safeguard your rights, freedoms, and legitimate interests. This includes your right to obtain human intervention, express your point of view, and contest the decision.

If you wish to exercise your rights regarding automated individual decision-making, including profiling, you can contact any of our employees.

i. Right to Withdraw Data Protection Consent

You have the right to withdraw your consent to the processing of your personal data at any time. Withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise your right to withdraw consent, please contact any of our employees.

LEGAL BASIS FOR THE PROCESSING

Under Article 6(1) lit. a of the GDPR, the legal basis for processing operations is obtained consent for a specific purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Article 6(1) lit. b of the GDPR. Similarly, processing operations necessary for carrying out pre-contractual measures are based on the same legal provision. When there is a legal obligation requiring the processing of personal data, such as for tax obligations, the processing is based on Art. 6(1) lit. c of the GDPR. In certain cases, processing may be necessary to protect vital interests or those of another natural person, based on Art. 6(1) lit. d of the GDPR. Lastly, if none of the aforementioned legal grounds apply, processing may be based on Article 6(1) lit. f of the GDPR, which is justified by our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms requiring personal data protection override those interests. The European legislator acknowledges this legitimate interest, particularly when the data subject is our client (Recital 47 Sentence 2 GDPR).

ROUTINE ERASURE AND BLOCKING OF PERSONAL DATA

We will process and store your personal data only for the period necessary to achieve the purpose of storage, as granted by the European legislator or other applicable laws and regulations. Once the storage purpose is no longer applicable or the prescribed storage period expires, we will routinely block or erase the personal data in compliance with legal requirements.

THE LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER OR A THIRD PARTY

When processing personal data based on Article 6(1) lit. f of the GDPR, our legitimate interest is to conduct our business to the benefit of the well-being of all our employees and shareholders.

PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

The period for which personal data will be stored is determined by the respective statutory retention period. After the expiration of this period, the corresponding data will be routinely deleted, provided it is no longer necessary for the fulfillment or initiation of a contract.

PROVISION OF PERSONAL DATA AS STATUTORY OR CONTRACTUAL REQUIREMENT; REQUIREMENT NECESSARY TO ENTER INTO A CONTRACT; OBLIGATION OF THE DATA SUBJECT TO PROVIDE THE PERSONAL DATA; POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE SUCH DATA

We would like to clarify that the provision of personal data may be required by law (e.g., tax regulations) or may be necessary as per contractual provisions (e.g., information about the contractual partner). In some cases, it may be necessary to provide us with personal data to enter into a contract, which will subsequently be processed by us. For example, if our company enters into a contract with you, you are obliged to provide us with the necessary personal data. Failure to provide the required personal data may result in the inability to conclude the contract. Prior to providing personal data, the data subject must contact any of our employees.

The employee will inform the data subject whether the provision of personal data is required by law or contract, necessary for the conclusion of a contract, the existence of an obligation to provide personal data, and the potential consequences of not providing such data.

PAYMENT METHOD: DATA PROTECTION PROVISIONS ABOUT THE USE OF PAYPAL AND STRIPE AS PAYMENT PROCESSORS

On this website, we have integrated components of PayPal and Stripe as online payment service providers. PayPal and Stripe process payments through virtual private or business accounts, including virtual payments through credit cards.

PayPal:

PayPal is an online payment service provider that allows payments to be processed via PayPal accounts, which represent virtual private or business accounts. PayPal also accepts payments through credit cards for users who do not have a PayPal account. A PayPal account is managed using an email address, eliminating the need for traditional account numbers. By choosing the “PayPal” payment option during the ordering process on our online shop, you agree to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal usually includes your first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. This data is processed for payment processing and fraud prevention purposes. Personal data exchanged between PayPal and the controller for processing purposes may also be transmitted by PayPal to credit agencies for identity and creditworthiness checks. PayPal may transfer personal data to affiliates, service providers, or subcontractors when necessary to fulfill contractual obligations or for data processing.

You have the option to revoke your consent to the handling of personal data at any time with PayPal. However, please note that revocation does not affect the processing, use, or transmission of personal data necessary for (contractual) payment processing.

For more information about PayPal’s data protection provisions, you can visit the following link: PayPal’s privacy policy.

Stripe:

Stripe is an online payment service provider that facilitates payment processing for businesses. When you choose the “Stripe” payment option during the ordering process on our online shop, your personal data required for payment processing will be transmitted to Stripe.

The personal data transmitted to Stripe usually includes your first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. Stripe processes this data to fulfill payment processing and fraud prevention requirements. Personal data exchanged between Stripe and the controller for processing purposes may be transferred to credit agencies for identity and creditworthiness checks. Stripe may also share personal data with affiliates, service providers, or subcontractors when necessary to fulfill contractual obligations or for data processing.

Please note that you have the right to revoke your consent to the handling of personal data at any time with Stripe. However, revocation does not affect the processing, use, or transmission of personal data necessary for (contractual) payment processing.

For more information about Stripe’s data protection provisions, you can visit the following link: Stripe’s privacy policy.

NEWSLETTER SUBSCRIPTION

On our website, users have the opportunity to subscribe to our enterprise’s newsletter. The personal data transmitted and the timing of the newsletter delivery are determined by the input mask used for this purpose.

To keep our customers and business partners informed, we regularly send out newsletters about our enterprise’s offers. The data subject can receive the newsletter only if (1) they have a valid email address and (2) they register for newsletter shipping. In accordance with legal requirements, a confirmation email will be sent to the registered email address as part of the double opt-in procedure to verify the data subject’s authorization to receive the newsletter.

During the newsletter registration process, we store the IP address of the computer system used by the data subject at the time of registration, as well as the date and time of registration. This data is collected to prevent potential misuse of the data subject’s email address and serves the purpose of protecting the controller’s legal rights.

The personal data collected during newsletter registration will be used solely for sending the newsletter. Subscribers may also receive important updates or notifications related to the newsletter service or their registration, such as changes to the newsletter content or technical circumstances. Personal data collected through the newsletter service will not be shared with third parties. Subscribers can unsubscribe from the newsletter at any time. The consent given for the storage of personal data for newsletter delivery can also be revoked at any time. Each newsletter contains a corresponding link for revoking consent. Alternatively, users can unsubscribe directly on the controller’s website or communicate their withdrawal in a different manner.

NEWSLETTER TRACKING

Our newsletters may contain tracking pixels, which are miniature graphics embedded in HTML-format emails. These tracking pixels enable log file recording and analysis, allowing us to statistically analyze the success or failure of online marketing campaigns. By using tracking pixels, we can determine if and when an email was opened by a data subject and which links in the email were accessed.

The personal data collected through tracking pixels in our newsletters are stored and analyzed by the controller to optimize newsletter delivery and customize future newsletters according to the interests of the data subjects. This personal data will not be shared with third parties. Data subjects have the right to revoke their consent to receive newsletters at any time. Upon revocation, the personal data collected will be deleted by the controller. We consider a withdrawal from newsletter receipt as a revocation automatically.

CONTACT POSSIBILITY VIA THE WEBSITE

Our website provides information that allows for quick electronic contact with our enterprise, including direct communication via an email address. If a data subject contacts the controller via email or a contact form, the personal data transmitted by the data subject will be automatically stored. The voluntary personal data provided by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. There is no sharing of this personal data with third parties.

DATA PROTECTION FOR APPLICATIONS AND APPLICATION PROCEDURES

The data controller is committed to ensuring the protection and processing of personal data of applicants for the purpose of the application procedure. This includes electronic processing, especially when applicants submit their application documents via email or web forms on the website.

In the event that the data controller enters into an employment contract with an applicant, the submitted data will be stored to facilitate the employment relationship in compliance with legal requirements. If no employment contract is concluded, the application documents will be automatically deleted two months after the applicant is notified of the decision to reject their application, unless there are other legitimate interests of the controller that override the need for erasure. An example of such a legitimate interest could be the requirement of maintaining proof in a procedure under the General Equal Treatment Act (AGG).

REGISTRATION ON OUR WEBSITE

Data protection is a priority for us, and we provide the data subject with the option to register on our website by providing personal data. The type of personal data transmitted to the controller is determined by the specific registration form used. The personal data provided by the data subject are collected and stored solely for internal use by the controller and for its own purposes. The controller may engage one or more processors (such as a parcel service) who also process personal data for internal purposes on behalf of the controller.

During the registration process on the controller’s website, the IP address assigned by the Internet service provider (ISP), as well as the date and time of registration, are also stored. This data is stored to prevent misuse of our services and, if necessary, to investigate any offenses committed. Thus, the storage of this data is necessary to safeguard the interests of the controller. Unless there is a legal obligation to disclose the data or if disclosure is necessary for criminal prosecution purposes, this data is not shared with third parties.

The registration of the data subject, along with the voluntary provision of personal data, enables the controller to offer exclusive content or services to registered users based on the nature of the matter at hand. Registered individuals are free to update or delete their personal data stored by the controller at any time.