Extetica Limited, T/A Flint + Flint Clinic is a company registered in England and Wales, company number 06162736. (collectively referred to as "Extetica Limited, T/A Flint + Flint", "we" or "us" in this policy).
Maintaining the security of your data is a priority at Extetica Ltd, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. We are also dedicated to being transparent about what data we collect about you and how we use it. This policy, which applies whether you visit one of our clinics or training schools, use your mobile device or go online, or are a member of our Loyalty Scheme provides you with information about:
- how we use your data;
- what personal data we collect;
- how we ensure your privacy is maintained; and
- your legal rights relating to your personal data.
HOW WE USE YOUR DATA
General Extetica Limited (and trusted partners acting on our behalf) uses your personal data:
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage any registered account(s) that you hold with us;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes, including CCTV;
- with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;
- for market research purposes - to better understand your needs;
- to enable Extetica Limited to manage customer service interactions with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
Promotional communications Extetica Limited uses your personal data for direct marketing purposes (with your consent or if we believe that we have a legitimate basis to do so under the recital 47 of the GDPR) and may send you postal mail to update you on the latest Extetica Limited offers. Extetica Limited aims to update you about products & services which are of interest and relevance to you as an individual. You have the right to opt-out of receiving promotional communications at any time, by:
- changing marketing preferences via your Flint + Flint Account on the Flint + Flint website;
- making use of the simple “unsubscribe” link in emails or the “STOP” number for texts; and/or
- contacting Extetica Limited via the contact channels set out in this Policy.
We may analyse your browsing and purchasing activity on-line, and your responses to marketing communications. The results of this analysis, together with other demographic data, allows us to ensure that we contact you with information on products and offers that are relevant to you. To do so, we use software and other technology (automated processing).
SHARING DATA WITH THIRD PARTIES
Our service providers and suppliers In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery and marketing service providers. Extetica Limited only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Extetica Limited and to you, and for no other purposes.
Other third parties Aside from our service providers, Extetica Limited will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes. We may share your data with:
- our trusted partners who help us to deliver the services that you have asked of us,
- credit reference agencies where necessary for card payments;
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: -
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- for the protection of our employees and customers.
International transfers To deliver products and services to you, it is sometimes necessary for Extetica Limited to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.
How long do we keep your data? We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however, the longest we will normally hold any personal data is 10 years.
WHAT PERSONAL DATA DO WE COLLECT?
Extetica Limited may collect the following information about you:
- your name, age/date of birth and gender;
- your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
- purchases and orders made by you;
- your online browsing activities on Extetica Ltd websites;
- your password(s);
- when you make a purchase or place an order with us, your payment card details;
- your communication and marketing preferences;
- your interests, preferences, feedback and survey responses;
- your location;
- your correspondence and communications with Extetica Limited
Our website is not intended for children and we do not knowingly collect data relating to children. This list is not exhaustive, and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you leave an enquiry through our websites or make a booking at one of our clinics. Other personal data is collected indirectly, for example, your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
HOW WE PROTECT YOUR DATA
Our controls Extetica Limited is committed to keeping your personal data safe and secure. Our security measures include:
- encryption of data;
- regular cybersecurity assessments of all service providers who may handle your personal data;
- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
- security controls which protect the entire Extetica Limted IT infrastructure from external attack and unauthorised access; and
- internal policies setting out our data security approach and training for employees.
WHAT YOU CAN DO TO HELP PROTECT YOUR DATA
- Extetica Limited will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Extetica Limited asking you to do so, please ignore it and do not respond.
- If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
- In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Extetica Limited and more generally: -
- keep your account passwords private. Remember, anybody who knows your password may access your account.
- when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this accessing your account, clicking ‘your account’, clicking ‘your data’ and selecting ‘change password’.
- avoid using the same password for multiple online accounts.
You have the following rights:
- the right to ask what personal data that we hold about you at any time,
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
- (as set out above) the right to opt out of any marketing communications that we may send you. If you wish to exercise any of the above rights, please contact us using the contact details set out below. Legal basis for Extetica Limited processing customer personal data: Extetica Limited collects and uses customers’ personal data because is it necessary for:
- the pursuit of our legitimate interests (as set out below);
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or
- complying with our legal obligations.
In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message if they are not a member of our rewards scheme. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Our legitimate interests The normal legal basis for processing customer data is that it is necessary for the legitimate interests of Extetica Limited, including:
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services;
- sending promotional communications which are relevant and tailored to individual customers
- administering our rewards scheme;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- managing insurance claims by customers;
- protecting Extetica Limited, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Extetica Limited;
- effectively handling any legal claims or regulatory enforcement actions taken against Extetica Limited; and
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
How do you get my consent? When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent.
How do I withdraw my consent? If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at email@example.com or emailing us at: Flint+Flint, 12 Tib Lane, Manchester GB M2 4JB
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
Our store is hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored in Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.Payment: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
Links When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
- Extetica Limited, or on behalf of Extetica Limited, and are necessary to enable you to a make purchase on our websites;
- third parties who participate with us in marketing programmes; and
- third parties who broadcast web banner advertisements on behalf of Extetica Limited.
What are cookies used for? The main purposes for which cookies are used are:
- For technical purposes essential to effective operation of our websites, particularly in relation to on- line transactions and site navigation.
- For Extetica Limited to market to you, particularly web banner advertisements and targeted updates.
- To enable Extetica Limited to collect information about your browsing and shopping patterns, including to monitor the success of campaigns, competitions etc.
- To enable Extetica Limited to meet its contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.
How do I disable cookies? If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.
What happens if I disable cookies? This depends on which cookies you disable, but in general, the websites may not operate properly if cookies are switched off. If you only disable third-party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our sites.
AGE OF CONSENT By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
QUESTIONS AND CONTACT INFORMATION If you have any questions about how Extetica Limited uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:
- Phone us on: 0800 170 0606 and select Flint + Flint Head Office
- e-mail us at: firstname.lastname@example.org
- write to us at Extetica Limited, 12 Tib Lane, Manchester, M2 4JB.