Who we are:
The International Institute for Anti-Ageing [iiaa] is based at 12 Priestley Way London NW2 7AP. We offer world class skin consultancy and training to salons across the UK backed up by a range of market leading skin supplements and products available both to salons and direct to end customers.
We operate conscientiously within the requirements of the General Data Protection Regulations 2018 and other electronic marketing legislation. We work within the principles of fair data processing, namely:
- Using information in a way that people would reasonably expect.
- Thinking about the impact of our processing.
- Being transparent and ensuring that people know how we’ll use their information.
This statement (together with our Terms and Conditions), as may be amended from time to time by updates on this page, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, as data controller and a data processor. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1. What This Privacy Statement Covers
This statement covers how we treat any personal information that we collect and receive either from our website or as part of our broader operating processes.
We do not sell or pass on any personal information about our clients or prospects for marketing purposes without your express consent. However the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement and, unless otherwise authorised by you, shall only use it for running and improving our services as a data controller and, in the extent that we process the data, as a data processor.
This statement tells you what information we collect, the steps we take to protect and secure it, how we use and share information, and finally, how you can contact us with questions or concerns.
2. Information We Collect
(a) Personal Information. We collect personal information (e.g., name, email address, phone number, etc.) when you:
- Sign up to our newsletters
- Send us an enquiry through our website
- Email us
- Work with us as a customer, supplier or employee
We also maintain a simple B2B prospect database justified under a Legitimate Interest assessment where we collate names and contact details of B2B (salon) decision makers who are known buyers of our type of service.
Opting Out of Marketing Communications – subject to paragraph 8, you can follow this link to unsubscribe to iiaa marketing emails.
(b) Other User Information. When you access and use our services, we may collect additional contextual information about you or your company. This data is not used for any profiling activity that will lead to automated decisions being made about you.
(c) Billing Information. If you buy from us, we will require your billing information in order to process the transaction. Billing information includes your name, address, telephone number, credit, debit or bank details and other information necessary to process the transaction.
Our systems are internally audited against the PCI DSS standards and we will always endeavour to ensure your payment details remain secure.
(d) IP Addresses and Cookies. We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Uses made of the information
We use this information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner to you and to your computer
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
We may also contact you by email, post or telephone. Please note that where you have provided sensitive data to us, we shall only use your sensitive data for the purpose for which the data was provided to us.
If you do not want us to use your data in this way, or wish to withdraw your consent for use of the data, you can do so by contacting us via telephone on 0208 450 2020 or email at email@example.com.
Please note that at the time you contact us, it may be the case that we no longer process, hold or store your personal information/data as data processor, in which case we would advise you of this and the need to contact the data controller.
Disclosure of this information
We may disclose your personal information to third parties:
- If iiaa or substantially all of our assets are acquired by a third party, in which case personal data held by it about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of our clients, customers or others.
- Our site may, from time to time, contain links to and from the websites of our partner networks, clients, affiliates or other external websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these privacy policies. Before you submit any personal data to our site, you may want to check the policies of our client, for whom we are collecting the data, and whom for your purposes is the data controller. In the absence of any details being listed on our site, you may contact us at or on the details provided below.
3. Information Use, Legal Basis, Sharing, Disclosure, and Retention
(a) Use and Legal Basis.
Sales and Service Delivery. iiaa uses personal data for developing and issuing client agreements and for supplying its products and services – and justifies this under the legal basis of “Contract”.
Marketing Emails. iiaa uses personal data to update existing, prospective and past B2B clients with information about our services. We justify this through a “Legitimate Interests” assessment and offer opt-out functionality for those no longer wishing to hear from us in this way.
We also process personal data to update B2C data subjects with information about our services. We justify this through “Consent” and ensure that there has been a clear opt-in in order to receive data – or a robust soft opt-in based on recent custom.
CCTV and Security. We operate CCTV at our premises – as justified through a “Legitimate Interests” assessment.
Quality Control. We operate call monitoring for quality purposes – as justified through a “Legitimate Interests” assessment.
Administrative and Legal. We also process small amounts if employee, supplier and customer / delegate data under the legal basis of “Contract” and, if in the Vital Interests of the data subject, or with specific consent, or to comply with Employment or Health and Safety or another Legal requirement will hold special category data such as medical history or driving convictions.
(b) Sharing. iiaa does not share, sell, rent or trade personal information with any third parties for marketing or promotional purposes unless express consent has been given.
It does share small quantities of employee data for administrative and legal purposes.
It also reserves the right to share data with relevant authorities if compelled to do so to comply with legal obligations. We will use third party payment processors for card transactions to pay for goods and services but these third parties are authorized to use the data only as necessary to provide these services to us and are prohibited from using your personal information for promotional purposes.
(c) Disclosure. iiaa may disclose personal information under the following circumstances:
- In certain situations, we may disclose personal data in response to lawful requests by public authorities, including but not limited to national security or law enforcement requests. We may also disclose your personal information as required by law, such as to respond to court orders, or similar legal processes, to establish or exercise our legal rights or, defend against legal claims, or if in our judgment in such circumstances disclosure is required or appropriate.
(d) Retention. We will retain existing customer information for as long as a customer account is active with us or as needed to provide our services – and where required to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain all prospective customer data ongoingly until any such time that we receive a request to opt-out.
4. Confidentiality and Security
We use physical, electronic, and procedural safeguards to protect personal information - Our IT arrangements aspire to “Data Protection by Design” and should be able to detect a significant data breach. Where such a breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage we will notify the ICO. Where a breach is likely to result in a high risk to the rights and freedoms of individual data subjects, we will also notify those concerned directly and at the earliest practical opportunity. We shall then fully investigate a data breach and implement corrective action to prevent recurrence.
By using our services or providing personal information to us, you are consenting to iiaa communicating with you electronically regarding security, privacy, and administrative issues related to your use of our services. We may post a notice on our website if a security breach occurs. In these circumstances, we may also send an email to you at the email address you have provided to us.
Data transmissions over the Internet are not 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we use reasonable efforts to ensure security on our systems.
5. Right to Be Informed
We strive to ensure that all those engaging with us are informed of our arrangements for processing personal data through this Privacy Statement which is linked to from our email signatures and website home page.
6. Right of Access
We will respond to data requests within 1 month and will only charge for requests that are manifestly unfounded or excessive. If we have grounds to refuse a request we will inform the data subject and make them aware of their right to complain to the ICO or to seek civil action – again within 1 month of receiving the request
7. Right to Rectification
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will correct any inaccuracies in a data subject’s personal data upon receipt of a request. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to correct the data upon request but may not be able to do so if changing the data may conflict with our legal obligations or disadvantage us in a future legal action. In cases where we cannot rectify the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action
8. Right to Erasure
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will erase a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to erase data upon request but will not be able to do so if holding the data is necessary to fulfil our legal obligations or may be necessary as evidence in a future legal action involving us. In cases where we cannot erase the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action
9. Right to Restrict Processing
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will restrict the processing of a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to facilitate the requested restriction upon request but will not be able to do so if restricting the processing of the data prevents us from fulfilling our legal obligations or the current processing of the data may be necessary as evidence in a future legal action involving us. In cases where we cannot restrict the processing of the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action
10. Right to Data Portability
For personal data obtained directly from a data subject under the legal basis of consent – we shall provide, upon receiving a request, the data that we hold in a standard, widely accessible format
11. Right to Object
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will cease to process a data subject’s personal data upon receipt of a request / opt-out notification
12. Changes to this Privacy Statement
Iiaa reserves the right to revise, modify, or update this statement at any time. We will notify you via email about material changes in the way we treat personal data or by placing a prominent notice on this website.
7. Contacting Iiaa
If you have a privacy concern regarding Iiaa, or this statement, you may contact us via firstname.lastname@example.org