×

Privacy Policy

Below is a privacy policy which applies to use of your information from June 2014. The policy explains what data is kept about you, how it is used, and how your information is protected. 

This policy is effective from 28th May 2018.

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

You can request a copy of your personal information, details of how you can obtain this information are available below. 

About GDPR & KMP Skin LTD: 

New data protection laws coming into effect from 25th May 2018, mean that businesses need your permission to send you marketing information and provide you with more transparency about how your data is collected, including how personal information is used. KMP Skin LTD, is compliant with GDPR regulations, as your permission has always been sought for ‘positive opt in’ to receive and marketing information from us. 

Marketing you receive from KMP Skin LTD: 

You will only receive marketing information from KMP Skin LTD if you ‘positively opted in’ to receive information on your consultation form, or if you have subscribed to receive marketing information directly via the website. 

Opting in to receiving marketing from KMP Skin LTD means you will receive newsletters, information about any client events, special offers and promotions.

This information will be sent to you via email at the email address you have provided on your consultation form. 

At any time, you can unsubscribe from this marketing information, either by contacting the business directly at info@kmpskin.com or by clicking the ‘unsubscribe’ button at the bottom of any marketing e-mails. 

What data is collected and how it is collected, and how it is stored: 

KMP Skin LTD values its clients and respects their privacy. Any information we collect about you is held with the utmost care and security.

When you book an appointment or make an enquiry, visit KMP Skin, or visit our website, the following data may be collected about you: 

  • Identity Data – This may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
  • Contact Data – This may include your billing address, delivery address, email address and telephone numbers.
  • Financial Data – This may include your bank account and payment card details. We are able to process card payments for products and services over the phone using software from Stripe and Shopify. 
  • Transaction Data – This may include details about payments between us and other details of purchases made by you.
  • Technical Data – This may include your internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
  • Usage Data – This may include information about how you use our website, products and services.
  • Marketing and Communications Data – This may include your preferences in receiving marketing communications from us, your communication preferences as well the contact and identity data you have provided when you opted in to receiving such communications. Our newsletters and marketing communication emails are managed and delivered using MailChimp. Please see more regarding their privacy policy: https://mailchimp.com/legal/privacy/

We may also process Aggregated Data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.

  • Special category Data — This is information regarding your health, to make sure there are no contraindications to any treatments you undertake at KMP Skin. It is very important that any special category data is accurate and up to date. It is your responsibility to let us know if at any time your heath changes in a way that may affect any treatments you have at KMP Skin. You can let your therapist know or e mail info@kmpskin.com to alert us of any changes.

HOW WE COLLECT YOUR PERSONAL DATA

You provide us with personal data in the following ways:

  • By completing a pre treatment consultation form
  • By signing a terms of engagement form
  • During a treatment
  • Through email, over the telephone or by post
  • By providing credit card and online payment details

This data is securely and confidentially kept on file at the business premises or online in a secure salon software & e commerce system. After a period of 36 months, if you have not visited KMP Skin your consultation form will be flagged as inactive.

E commerce at www.KMPSkin.com is powered by Shopify. To read about Shopify’s GDPR policy or how your data is collected and used by Shopify please click here. 

How KMP Skin LTD uses your data:

KMP Skin LTD is based at 24 Hanover Square, Mayfair, London, W1S 1JD and uses a salon software system provided to clinics by nDevor Systems LTD. 

Below is a statement to how nDevor Systems LED T/A Phorest use your information.

Phorest Privacy Notice 

The following privacy notice outlines how nDevor Systems Ltd T/A Phorest (‘we’ or ‘us’ or ‘our’) gathers, processes, and protects personal data, stored on behalf of Data Controllers . Phorest is a software company that provides services including provision of software to salons and other businesses to manage their business, online booking services and SMS delivery. 

The data protection officer for the organisation is Garrett Ahern. You can contact the data protection officer by sending an email to gdprdpo@phorest.com or writing to Data Protection Officer, Phorest, 9 Anglesea Row, Dublin 7, Ireland. 

We process your personal information for the purposes laid out in this privacy notice. We act as data processor on behalf of client businesses and have access to personal information of your clients only in cases that customer support or troubleshooting is required. 

Personal data collected 

We take your privacy seriously and will never sell or rent your personal data to any third-party. We need to obtain and process your personal data to provide you with our software, services and to fulfil our business and legal obligations. We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice. 

Your personal data is collected and processed for the following purposes: 

Name & Contact Details 

  • In the performance of a contract, to manage a software system to sell products or services (name, address, email, contact number)
  • Through legitimate interest to engage in communication with you to provide business reports and system-related alerts.
  • To contact you with any relevant offers, promotions and services.
  • As required by law or to respond to legal process.
  • In the performance of contract to process appointments etc, we store
    consultation forms, appointment data and associated notes.

Tax, banking and payment details 

  • To receive payments and perform our contract with you.
  • As part of our legal obligation for business accounting, tax and insurance
    purposes.

Rights of the individual 

The individual holds a number of rights in relation to the personal information that we hold on them, which includes: 

  • The right to access what personal data we hold about the individual.
  • The right to be informed of how we are using the individual’s personal data.
  • The right to request the erasure of the personal data we hold on the
    individual.
  • The right to object to us processing the individual’s personal data or restrict us
    from processing some or all of the individual’s personal data.
  • The right to object to direct marketing from us.
  • The right to request the correction of incorrect information we hold on the
    individual.
  • The right to request that we transfer the information we hold on the
    individual to another service provider. 

If we receive a request from the individual to exercise any of the above rights, we may ask to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.

Process of collection

Personal data is provided to us through Phorest software, our website, over the phone, in Phorest salons, by email, social media, in writing or any other means by which it is provided by salons and/or consumers.
Phorest gives salons access to information about their account and bookings through Phorest software, for the limited purpose of viewing and updating that information.

Data Sharing & Use of Data Processors
We disclose your personal data to third parties for the purposes of providing a service to you, running our business, and when required by law and to enforce our legal rights. Where we use a third-party, we have strict agreements in place governing the processing of your personal data, on which no action can be taken without instruction from us. 

The third-parties with whom we work will never share or disclose your personal information and will hold it securely at all times. Furthermore, they must process the personal information in accordance with this Privacy Notice and as permitted by applicable data protection laws. We share your personal data with the following categories of companies: 

  • Professional services such as marketing companies to help us run our business and get in contact with you.
  • Accountancy and insurance companies to help us run our business and fulfil our legal obligations.

IT Infrastructure providers are used to store and handle data. How Long Do We Keep Your Data?
Phorest retains your personal data for as long as necessary to provide you with our services as our client and under the following criteria:

  • Where there is a legal basis, obligation or legitimate interest to continuing processing your personal information
  • Where processing is necessary for the establishment, exercise or defence of legal claims

Cookies (if applicable)

A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as items added in the shopping cart, visited pages or login options.
Our website relies on cookies to carry out certain functions and to tailor your user experience. Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do, some features of this site may not work as intended. You can control and/or delete cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Transfers of personal information 

When personal data of persons located in the EU is processed through Phorest software, all of it is held within the EU. Your information is processed by the Phorest software and stored in the Amazon Web Services cloud infrastructure. During this process your data is encrypted in transit and at rest. 

Consequences of not providing your personal information to Phorest 

In the event that you want to purchase a product or service from Phorest, certain personal information is required to enter into a contract with you. You can always choose not to provide personal information. However, Phorest may not be able to enter into a contract with you to fulfil an attempt to purchase a product or service if you do not provide your personal information. 

Safeguarding your Personal Data 

Appropriate measures are taken to protect your personal data from access from unauthorized persons or inappropriate access, internal or external. Your connection to the Phorest system uses a HTTP Secure communication protocol and TLS security. 

This means all information passed to the Phorest system is encrypted during data input and transfer to the cloud. Any paper files recording your personal data are held in a locked filing cabinet or safe which can only be accessed by authorised personnel. 

Your employees should be assigned specific access rights by you (salon management) and through this mechanism, can only access the salon software with the PIN number assigned to them by the management of the salon. 

Complaints 

In the occurrence that you want to make a complaint about how your personal data was gathered, how it is being processed by Phorest (or third parties used by Phorest) or you are not satisfied about how a complaint has been handled, you retain the right to lodge a complaint directly with the supervisory authority and Phorest and also the Phorest Data Protection Officer. Phorest would appreciate the opportunity to assist you with your query before raising a complaint with Data Protection authorities. 

Phorest Data Protection Officer/GDPR Owner 

The data protection officer for the organisation is Garrett Ahern. You can contact the data protection officer by sending an email to gdprdpo@phorest.com or by writing to Data Protection Officer, Phorest, 9 Anglesea Row, Dublin 7, Ireland. 

Changes to our privacy notice 

We may change this notice from time to time. All changes will be posted and updated here. We will notify you directly by email (if we hold one for you) if any significant changes occur. We advise you to check back here frequently to review the most current version of this notice. 

Requesting a copy of your personal info:  

Under the UK Data Protection Act (1998), you may request a copy of your personal data held by us, we have up to 40 calendar days to provide this information. 

The request must be in writing and contain the following:

  • Your name, postal address and telephone number. 

You must also provide :

  • A photocopy of your passport or driving licence.
  • Your signature and the date of the request
  • Signed authority from the individual whose data is required if you are applying on their behalf.

Please send your request to :

KMP Skin LTD 

24 Hanover Square

London, 

Mayfair 

W1S 1JD

You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you have any further questions about the information above, please do not hesitate to contact KMP Skin LTD, using the correspondence address above. 

© 2026. All Rights Reserved
FAQs Privacy Policy Terms & Conditions