Privacy Policy

Effective Date: 16 January 2025

This Privacy Policy outlines how Rejoovd® collects, uses, and protects the personal data of customers in compliance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. By using our services, you consent to the collection and use of your personal data as described in this policy.

1. Data Controller

The Data Controller responsible for your personal data is Rejoovd®, operating under the trading name specified in our Terms and Conditions.

Contact details:

Email: hello@rejoovd.com
Phone: 020 3876 5554
Address: 19 Queen Anne’s Place, Enfield, EN1 2QB

2. Information We Collect

We may collect and process the following personal data:

Identity Data: Name, title, and date of birth.
Contact Data: Phone number, email address, and postal address.
Health Data: Medical history, allergies, or other health-related information provided by you to ensure the safe provision of services.
Transaction Data: Details of payments made for our services.
Technical Data: Information about your use of our website or booking platform, such as IP address, browser type, and device information.
CCTV Data: Video recordings in public areas of our premises (e.g., reception and waiting areas).

We collect this information directly from you through our booking platform, forms completed in person, or interactions with our team.

3. How We Use Your Information

We use your personal data for the following purposes:

To Provide Services:
- To manage appointments, provide therapy services, and ensure your health and safety.
Communication:
- To send appointment reminders, respond to inquiries, and provide updates about our services.
Marketing (with Consent):
- To send promotional offers, updates, or newsletters by email or SMS. You may opt out at any time.
Legal and Compliance:
- To comply with legal obligations, such as maintaining records for tax purposes or responding to regulatory requests.
Security:
- To ensure the safety of our premises using CCTV in public areas.

4. Sharing Your Information

We do not sell or rent your personal data to third parties. However, we may share your data with:

Service Providers: Third-party platforms such as Vagaro, which act as data processors, processing personal data on behalf of Rejoovd® to facilitate bookings and payments.
Legal Authorities: When required to comply with a legal obligation or to protect the rights of the business.
Professional Advisors: Accountants, auditors, or legal advisors for legitimate business purposes.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: For sending marketing communications or collecting health-related data for services.
Contractual Necessity: To fulfil our contractual obligations, such as managing bookings.
Legal Obligations: To comply with applicable laws, including tax and health and safety regulations.
Legitimate Interests: For the operation and security of our business, such as using CCTV or maintaining records.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal or regulatory requirements:

Health Records: Retained for 8 years for safety and regulatory compliance.
Transaction Records: Retained for at least 6 years to comply with tax laws.
CCTV Footage: Retained for up to 30 days, unless required for an investigation.

Once the retention period expires, your data will be securely deleted or anonymised.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Access: The right to request access to your personal data.
Correction: The right to request corrections to incomplete or inaccurate data.
Erasure: The right to request deletion of your data (“right to be forgotten”).
Restriction: The right to request the restriction of processing under certain conditions.
Objection: The right to object to processing based on legitimate interests or direct marketing.
Data Portability: The right to receive your data in a portable format.

To exercise any of these rights, please contact us at hello@rejoovd.com. We may require proof of identity to process your request. We will respond within one calendar month of receiving your request.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encrypted storage of electronic records.
Access controls to physical and digital data.
Regular security audits and team training.

Third-Party Security:
When personal data is processed via Vagaro, advanced security measures are implemented, including:

Encryption: Data is encrypted both in transit and at rest using TLS v1.2 or higher and AES-256 encryption. Encryption keys are securely stored in Hardware Security Modules (HSM) with limited access, and key management procedures are reviewed annually.
Data Integrity: Vagaro uses AES-256-GCM encryption and a digital signature scheme to ensure data integrity. Additional access controls and multiple redundant checkpoints are implemented to maintain data accuracy.
Access Control Mechanisms: Vagaro employs account lockouts, Multi-Factor Authentication (MFA), rate-limiting, API key controls, identity access management, and regular access reviews to restrict data access to authorised personnel only.
Network Security: Vagaro’s network controls include isolated/private networks, firewalls, monitoring of multiple network points and sources, and logging and monitoring for security incidents.
SOC2 Compliance: Vagaro’s SOC2 report demonstrates adherence to high standards of data integrity and security.

These measures ensure the security and confidentiality of your personal data while processed via Vagaro’s platform.

9. Cookies and Online Tracking

Our website and booking platform may use cookies to enhance user experience. You can control or disable cookies through your browser settings.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Any significant updates will be communicated via email or a notice on our website.

11. Complaints

If you have concerns about how we handle your personal data, please contact us first at hello@rejoovd.com. If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner’s Office (ICO):
• Website: https://www.ico.org.uk
• Phone: 0303 123 1113

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.