Discover free eBooks, guides and med spa templates on our new resources page

Book a demo
Why us

Privacy Policy

Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our clinic management software, or otherwise engage with us in the UK and the US. We are committed to ensuring that your privacy is protected and to complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR) (where applicable), and the California Consumer Privacy Act (CCPA).

Personal Information We Collect

We collect personal information in several ways, including when you:
 
  • Visit our website or use our software
  • Communicate with us via email, phone, or other channels
  • Provide information to set up or manage your account with us
The personal information we collect may include:
 
  • Name, address, phone number, email address, and other contact details
  • Payment information (e.g., credit card details)
  • Technical information, such as IP addresses, browser type, and data stored in cookies on your device

SMS/Text Messaging

Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. Any other mentions in this policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. If you wish to be removed from receiving future communications, you can opt out by texting STOP.

When you provide us with your mobile phone number, you agree to receive SMS messages from us related to your interactions with us, including but not limited to appointment confirmations, reminders, and follow-up messages.
We do not share, sell, rent, or otherwise disclose your mobile information to third parties for marketing or any other purpose.
You can opt out of receiving SMS messages at any time by replying STOP to any message you receive. After opting out, you may receive a final message confirming your removal.

Standard message and data rates may apply.

If you have any questions regarding this policy, please contact us at [email protected].

How We Use Your Information

We use your personal information to provide and improve our services, including:
 
  • Managing your account and processing payments
  • Authenticating your identity
  • Communicating with you about our products, services, and promotions
  • Enhancing the functionality and security of our services
  • Meeting legal obligations and protecting our business interests
We may send you marketing materials about our services that we believe may be of interest to you. You have the right to opt-out of receiving such communications at any time by contacting us directly or following the instructions in the communications.

Legal Bases for Processing

In the UK and EU, we rely on the following legal bases to process your personal information:
 
  • Performance of a contract: When we provide you with services or communicate with you regarding your account.
  • Consent: When you provide explicit consent for marketing communications or other specific activities.
  • Legitimate interests: When it is in our interest to improve our services, ensure security, and protect our business.
  • Compliance with legal obligations: When we need to comply with applicable laws or respond to legal requests.
In the US, we comply with relevant state and federal privacy regulations, including the CCPA.

Information Sharing and Disclosure

We do not sell or rent your personal information. However, we may share your information in the following circumstances:
 
  • Service Providers: We may share your personal information with third-party service providers who perform services on our behalf (e.g., payment processors, IT support, and website hosting).
  • Legal Compliance: We may disclose your personal information to comply with legal obligations or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • Business Transfers: If our company is acquired, merged, or undergoes a business transfer, your personal information may be transferred as part of that transaction, in accordance with applicable law.
  • Protection of Rights: We may disclose your personal information when necessary to protect our rights, property, or safety, or that of our users or others.
Any third parties with whom we share your personal information are required to maintain the confidentiality of your data and are only permitted to process it as instructed by us, in accordance with this Privacy Policy and applicable laws.

International Data Transfers

We may transfer your personal information outside of the UK, the European Economic Area (EEA), or the US, to countries where data protection laws may differ. However, we ensure that any transfer of your data is subject to appropriate safeguards to protect your privacy rights, such as standard contractual clauses approved by relevant authorities.

Your Rights

Under UK, EU, and US privacy laws, you have the following rights:

  • Right to Access: You can request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal information.
  • Right to Erasure: In certain circumstances, you may request that we delete your personal information.
  • Right to Restrict Processing: You can request that we limit the way we use your personal information.
  • Right to Data Portability: You have the right to request that we transfer your data to another service provider.
  • Right to Object: You may object to our processing of your personal information for specific reasons.
  • Right to Withdraw Consent: Where consent is the legal basis for processing, you may withdraw it at any time.
  • Right to Opt-Out of Sale of Personal Information (CCPA): If applicable, you may request to opt-out of the sale of your personal information.
To exercise any of these rights, please contact us using the details provided in the “Contact Us” section.

Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our website and software. For detailed information on how we use cookies, please review our Cookie Policy, which is incorporated into this Privacy Policy.

Security

We take appropriate security measures to protect your personal information from unauthorized access, alteration, or disclosure. However, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When we no longer need your personal information, we will securely delete or anonymize it.

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time. Any changes will be posted on our website, and the revised Privacy Policy will be effective as of the date of posting. Please review this page regularly to stay informed about how we are protecting your personal information.

Use of Subprocessors for Data Hosting, Processing, and Communications

To provide reliable, secure, and scalable services, we work with trusted third-party providers:

DigitalOcean and AWS: We use DigitalOcean and Amazon Web Services (AWS) to host and process data required for our service, including:

  • Personal information for account setup and management
  • Communication and transaction records for service operation
  • Uploaded, stored, or shared content within the platform

SendGrid, Txtlocal, and Telynx: For email and SMS communication, we use SendGrid for emails, Txtlocal for SMS within the UK, and Telynx for SMS outside the UK.

Data Security

DigitalOcean, AWS, SendGrid, Txtlocal, and Telynx implement leading security measures, including data encryption, access controls, and routine security audits, to protect your data.

Compliance with Data Protection Laws

All subprocessors operate under strict compliance with relevant data protection laws, such as GDPR, and are subject to data processing agreements that safeguard your information.

International Data Transfers

Data processed by DigitalOcean, AWS, and other subprocessors may involve cross-border transfers outside the European Economic Area (EEA). In these cases, we implement Standard Contractual Clauses or equivalent measures to uphold data protection standards.

Your Rights

You have the right to access, correct, or request deletion of data processed by our subprocessors. Please contact us at [email protected] to exercise your rights.

Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at:
Hambrand Technology Company
27 St Cuthbert’s
Bedford, MK40
[email protected]

In the US:
Please email [email protected] for contact info.

This Privacy Policy was last updated on 5 November 2024.