Effective Date: 1st February, 2025

At You Can Clinic, we are committed to protecting your privacy and ensuring your personal data is handled securely and transparently. This Privacy Policy outlines how we collect, use, store, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

You Can Clinic is an aesthetics training centre and registered pharmacy based in the UK. We provide training courses, online pharmacy, and online booking facilities through our website: www.youcanclinic.com 

For any queries related to this Privacy Policy, please contact us:

  • Email: info@youcanclinic.com
  • Phone: 02921 678747
  • Address: You Can Clinic, Unit 7,
    Cardiff Medicentre, Heath Park,
    Cardiff, CF14 4UJ

2. Data we collect

We collect and process the following categories of personal data:

  • Identity data: Name, title, and date of birth.
  • Contact data: Address, email address, and phone number.
  • Booking data: Course preferences, payment details, and attendance records.
  • Technical data: IP address, browser type, operating system, and other details collected via cookies when you visit our website.
  • Marketing preferences: Your preferences for receiving marketing communications from us.
  • Medical or health information: If required for certain training courses, with your explicit consent.

3. How we use your data

We use your personal data for the following purposes:

  1. To provide services

    • Process bookings and payments.
    • Communicate course details and updates.

  2. To improve our website

    • Analyse website usage and enhance user experience.

  3. For marketing purposes

    • Send newsletters, promotional offers, and information about new courses (if you have opted in).

  4. To comply with legal obligations

    • Maintain accurate records for tax, legal, and regulatory purposes.

  5. Customer support

    • Respond to queries, feedback, and complaints.

4. Legal basis for processing your data

We process your data based on the following legal grounds:

  • Consent: For sending marketing communications (you can withdraw consent at any time).
  • Contractual obligation: To fulfill bookings and deliver training services.
  • Legal compliance: To meet regulatory requirements.
  • Legitimate Interests: To improve our services, website, and customer experience.

5. How we share your data

We do not sell your personal data. However, we may share your information with:

  • Service providers: Payment processors, IT support, and marketing platforms.
  • Legal authorities: If required by law or to protect our legal rights.
  • Partners: For jointly hosted training events (with your consent).

All third-party processors are bound by contracts to keep your data secure and use it only for the agreed purposes.

6. Data retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, including legal or reporting requirements.

  • Customer data: Retained for 7 years after your last booking.
  • Marketing data: Retained until you opt-out or withdraw consent.

7. Your rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Rectify inaccurate or incomplete data.
  • Deletion: Request deletion of your data (subject to legal requirements).
  • Objection: Object to data processing based on legitimate interests.
  • Data portability: Request transfer of your data to another provider.
  • Withdraw consent: Opt out of marketing communications at any time.

To exercise your rights, contact us at info@youcanclinic.com.

8. Cookies

Our website uses cookies to enhance user experience and analyze site traffic. Cookies we use include:

  • Essential Cookies: Necessary for website functionality.
  • Analytics Cookies: Track usage patterns and improve site performance.
  • Marketing Cookies: Personalise ads and track conversions.

You can manage your cookie preferences through your browser settings. For more information, refer to our [Cookie Policy].

9. Data Security

We implement robust security measures to protect your personal data, including:

  • Encryption of sensitive data.
  • Regular system updates and monitoring.
  • Access controls to restrict unauthorized access.

10. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website. We encourage you to review this policy periodically.

Contact Us

If you have any concerns or questions about how we handle your data, please contact our Data Protection Officer:

  • Email: info@youcanclinic.com
  • Phone: 02921 678747
  • Address: You Can Clinic, Unit 7,
    Cardiff Medicentre, Heath Park,
    Cardiff, CF14 4UJ

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):