Privacy Statement
This statement provides information on how GetHarley uses your personal information in its role as a data controller. It also lets you know your personal information rights, including your right to object to our processing of your personal information. If you want to know more, please contact our privacy team at: DPO.GetHarley@twobirds.com
We provide some of your personal information to the practitioner who treats you and receive information from them after your treatment. Please also refer to the privacy statement of your practitioner for details of how they use your personal information when treating you.
Overview
This is a summary of the personal information we collect and what it is used for. We only use your personal information for these purposes. Further details are provided later.
How your personal information is used | What personal information we use |
Creating a GetHarley Account and booking a consultation | |
Creating a GetHarley account profile. | Name, phone number, email address, date of birth, and password. |
Booking a consultation | |
Matching you with a practitioner. | Reasons why you want to have a consultation, practitioner preferences, availability times. We also use health-related information: including whether you are on medication, and a photo of your skin, where this is necessary to match you with a practitioner. |
Facilitating an appointment with a practitioner. This includes providing your details to the practitioner and arranging the consultation. | First name, last name, email address, date of birth, reasons for wishing to consult with the practitioner, practitioner recommendation preferences, whether you are on medication (and details), and a photo of your skin where this is necessary to match you with a practitioner. |
Purchasing products from GetHarley | |
Purchasing products and delivery | The products you have ordered, delivery address, order number, telephone number, email address and limited credit card transaction details (date of transaction and masked credit card details). |
Product delivery | |
Managing our services | |
Communicating with you as a client using our services (not direct marketing) | All personal contact information described above. |
Dealing with your enquiries | All personal contact information described above. |
Exercising our legal rights and complying with legal obligations | All personal information described above. |
Administration, quality, and training | |
System and product development | All personal information and special category data described above. |
Marketing | |
Sending you reminders about our products, including when you run out, providing you with our latest offers and information, and keeping you up to date with GetHarley. | Name, email address; WhatsApp profile; telephone number; contact details; interest preferences and skincare plan. |
Digital marketing programme management | Name; email address; phone number and other personal information described above (but not your health information). |
Receiving and editing your skin photographs you voluntarily provide for marketing and promotional materials | Your skin pictures you have provided before and after undergoing a practitioner-approved skincare treatment plan. When you voluntarily provide this to us, we collect and use this information in conjunction with the skin picture you provided us when booking an online consultation to see a practitioner. We will not use your full photograph but will instead take a cropped image that does not allow anyone viewing the image to identify you from that image alone. We also collect your name and signature in our Release Form for this purpose. |
About GetHarley
GetHarley allows you to easily access some of the world’s best skincare practitioners online. Once you have registered with us and booked a consultation, or your practitioner enrols you onto GetHarley in-clinic, your practitioner will assess your skin and recommend personalised regimens consisting of highly effective, premium pharmaceutical grade products delivered to your door, as well as in-clinic treatments.
When you use GetHarley, we only use your personal information to:
- connect you with a practitioner (when you book a consultation directly through us);
- arrange a consultation with that practitioner,
- supply you with the products you have ordered (after receiving treatment from your practitioner); and
- manage the GetHarley business.
For more information on how and why we use your personal information, including the legal bases we rely on, please see the “Lawful use of your personal information” section below.
Your practitioner uses GetHarley to record your recommendations, develop a skin-care plan and send these to you. They also use GetHarley to help provide you further advice and recommendations when you need it. When GetHarley uses your personal information in connection with these activities, this is under the instruction of your practitioner who is responsible for your personal information (see “How the practitioner uses your personal information” below).
We do not use or share your personal information except as set out in this statement.
Our full details, including how you can contact us, can be found at the end of this statement.
How the practitioner uses your personal information
GetHarley does not provide medical services or clinical advice. Only your practitioner can do this. Your practitioner will collect and use your personal information in connection with your consultation. The information shared with and processed by GetHarley as described in this notice will be done in our capacity as a data controller. Your practitioner will also act as a data controller for this information and for any additional information they collect as part of providing their consultation and treatment services to you. Ask your practitioner for their privacy statement detailing how they use your personal information, which will include information we might provide to them when you book an online consultation directly through us as well as information, they may provide to us.
Where GetHarley gets your personal information
You may have signed up to GetHarley directly, or you may be signed-up in-clinic by your practitioner. Where you sign-up directly, your personal information is provided by you using our on-line forms. When you are signed-up by your practitioner, they will provide your personal information to GetHarley in the ways described below.
What GetHarley uses your personal information for
Account creation and maintenance
Your practitioner will create an account with GetHarley on your behalf during a consultation to use our services. The information needed to create an account is your name, phone number, email address, and date of birth. We do this as this is necessary for us to provide our contractual services to you. Not providing this information means we will not be able to provide our services.
Booking a consultation and matching you with a practitioner
When you book a consultation with a practitioner through GetHarley.com we will ask you for the reasons why you want to have a consultation, practitioner preferences, and availability times. Subject to your explicit consent, we also ask for some health-related information, such as whether you are on medication, and for a photo of your skin. These details are necessary for us to match you with the right practitioner (unless you are booking directly with a practitioner through their website). They are then provided to the practitioner to ensure they have the information they need for the consultation. If you do not consent to providing us with this information, we will try to match you with a practitioner to the best of our ability, but it may be more difficult for us to do so.
Where we can match you with a practitioner without needing health-related information and where we do not collect this information, we will only use your contact details, practitioner preferences, availability times, and the reasons why you seek consultation to match you with a practitioner. We do this in reliance on our legitimate interests of providing skincare services. If you do not provide this information, it may affect your ability to book an online consultation; however you may still be able to use our services if you enrol directly with a practitioner in our network.
Skincare plan
Your practitioner will develop a skincare plan for you, which will be provided to you by GetHarley. This will include the products recommended for you, and personalised instructions on your skincare regimen. It will also include some contact details such as your name. We process this information in reliance on our legitimate interests of providing our skincare services. Where we process your health-related information, we rely on your practitioner obtaining your explicit consent for such processing.
Purchasing products from GetHarley
Once you have completed your consultation, you can buy your skincare products directly from GetHarley. When purchasing our products, we need to use your name, delivery address, telephone number, and email address. We will provide you with an order number, as well as details of the products you have ordered. We process this information to perform our contract with you.
We do not collect payment details from you directly as payments are processed using our payment partner Stripe. However, Stripe do provide GetHarley with your unique customer ID, as well as your masked credit card information.
GetHarley Skincare Concierge Service
We know that as you progress through your skincare regimen you will have questions you want to ask. We will use your personal information (including your contact details,information related to your skincare plan and feedback) so that your practitioner can provide you advice on products, product use and your skincare plan. We will also use this personal information to send you reminders about your plan, including order refills. We process this data in reliance on our legitimate interests of providing skincare services. Special category data may be used for analytics purposes, shared with third parties, your consent is relied upon for this processing.
Your practitioner will also be responsible for how your personal information is used through the skincare concierge service, including obtaining your consent. Ask for their privacy statement to get further details.
Other uses of your personal information
Communicating with you as a client using our services (not direct marketing)
We will use your personal contact information (name, phone number, email) to communicate with you (including by email, ‘phone, text and messaging applications) in connection with the provision of our services to you as a client. We do this in reliance on our legitimate interests of providing customer service.
Enquiries and customer care
If you enquire about GetHarley or our services, or contact us in respect of customer care issues , we use your personal contact information (name, phone number, email) as well as other information you provide as part of that enquiry, or in subsequent related communications, in reliance on our legitimate interests of providing customer service and only for the purposes of:
- contacting you in connection with our services;
- providing you with information our services; and
- responding to, progressing, and managing your enquiries and requests.
Practitioner management and in-person enrolment
We may also receive your personal contact information (name, phone number, email) as well as your skincare plan details, including information regarding your condition and treatment, from your practitioner when you elect to receive our skincare services with your practitioner. We may also receive this data when you are not enrolled onto our platform but where your practitioner will ask you whether you want to be. We receive this information in reliance on our legitimate interests of providing skincare services.
Legal rights and obligations
We may also use all categories of your personal information specified above in connection with the exercise of our legal rights. To the extent necessary, we will use and retain this data to fulfil our legal obligations in the UK and the European Economic Area (EEA). See below for more information.
Administration, quality, and training
To allow us to administer our business (including in accordance with legal or other obligations we must meet), and our relationship with you, we will use your personal information, including your contact details, skincare plan, product purchase, and other information related to your consultation in connection with the maintenance of our quality standards and the provision of internal training. We do this in reliance on our legitimate interests of providing skincare services.
System and product development
We also use your personal information (including your contact details and other information related to your consultation such as skincare plan details, order details and feedback), to develop and improve our systems and products. We will aggregate and/or pseudonymise personal information for this purpose so it can no longer be associated with you. We will also provide this information to third parties so they can provide services to us in respect of system and product development or improvement, but they will only be able to use your personal information in accordance with our instructions. We process this data on the basis of our legitimate interests of improving our products and services, except where we’d need your explicit consent to do this.
Marketing
We will use your name, email address and phone number to create digital marketing custom audience profiles. To do this we will provide these details to digital marketing providers, like Google, Bing, Facebook, Pinterest, and RTB House. When creating custom audiences, the providers are obliged to use this information only to provide services to GetHarley, and not for any other purpose. We may use these audience profiles to engage in performance marketing, including through social media. We may also collect this personal information during in-person marketing events. Providing this information in this scenario is completely voluntary, but failure to do so may result in you not receiving information about our services. We do this in reliance on our legitimate interests to market our skincare services for this processing. Where the creation of those profiles requires the setting of cookies and other technologies on your browser, we only do this where we have your consent to do so. Where you have asked us to send you product reminders, our latest offers and information, and updates on GetHarley, we will use your name, email address and phone number. We will also use your other personal information (but not health information) to ensure the information we send you is relevant. We rely on our legitimate interests to market our skincare services for this processing.
If you have booked an online consultation, we may ask you to provide us skincare pictures of your post practitioner-approved treatment to be used in conjunction with the before pictures in our marketing and promotional materials. Doing so is completely optional and voluntary. We will not use your full photograph but will instead take a cropped image that does not allow anyone viewing the image to identify you from that image alone. We do this on the basis of your consent. Not providing this information will not affect your use of our services.
We may also process your health-related information to send you information regarding new treatments that are relevant for your circumstances and conditions. We do this on the basis of your consent. Not providing this information will not affect your use of our services.
Who else gets your personal information?
Practitioners
We provide your personal information (including name, phone number, email address, information related to your consultation, and health-information if applicable) to practitioners in the ways described above for the purposes of facilitating consultations, patient management, and as part of providing you with our Skincare Concierge Service. Ask your practitioner for their privacy statement to get details on how they use your personal information.
Service providers
To help us provide our solutions and services, we share your personal information with third parties who provide services to us, including:
- information technology and information services providers;
- advertising, marketing, and e-commerce partners
- payment providers
- customer support services
- other third-party service providers; and
- professional and other third-party advisers.
- analytics service providers
These third parties can only use the personal information we share to provide their services to us or to support our delivery of our services to you.
In connection with a business transaction
We may share all categories of personal information mentioned above in the event of a corporate transaction involving a change to ownership or control of all or part of our services and assets. We share this information only when necessary to fulfil that corporate transaction
Regulatory and law enforcement bodies
We may share all categories of personal information mentioned above with regulatory, prosecuting, law enforcement, tax or governmental authorities, courts and tribunals in response to a lawful request for information by these bodies. We may also share this information to enforce our rights and prevent fraud and abuse, including to enforce and administer our agreements and respond to claims asserted against us.
Security of personal information and where it is kept
We use strict procedures and security features to ensure the confidentiality and security of your personal information. This includes using third party hosting services that meet the highest international security and resilience standards. Your personal information is generally kept in the United Kingdom or the European Union. Your personal information (including your name, phone number, email, and information related to your skincare plan) may be transferred to the United States in connection with our use of our service providers. We do this pursuant to EU Commission approved standard contractual clauses (SCCs). If you would like further details on the safeguards we have employed in respect of these transfers, please contact us.
How long we retain your personal information
We only keep your personal information for as long as is necessary for the purposes we collect and use it. We retain personal contact details and information related to your online consultation and skincare plan (including limited payment information referenced above) for 6 years from the date the plan was created or when you last ordered a product. Where you provide personal contact details and/or health-related information for an online consultation but cancel the booking, we retain this information for 6 years after cancellation. We retain a record of our communication history with you, including client communications, customer care, and correspondence related to our skincare concierge service for 6 years.
Lawful use of your personal information
Use of personal information | Lawful basis for our use of your personal information |
Using health-related information to match you with a practitioner and facilitate the consultation: | We only use personal information and special category data in this way if you have also provided explicit consent. If you do not provide your explicit consent, we may not be able to provide some of our online consultation services to you. This is because we will not be able to match you with the most suitable practitioner and the practitioner will not be able to best prepare for the consultation. However, you may use our services if you arrange a consultation with and receive treatment from a practitioner in our network and/or arrange a consultation that does not require this health information. If you do not provide this information, we will try to the best of our ability to match you with a practitioner and allow you to use our service, but this may affect our ability to find the best match for you. |
Booking a consultation, matching you with a practitioner, arranging the appointment with the practitioner. | The use of your personal information is necessary to fulfil our legitimate interests of providing skincare services. |
Purchasing products from GetHarley | The use of your personal information is necessary for the purposes of performing our contract with you. Where information that is needed to perform our contract with you is not provided, this will mean we will not be able to process your payment, dispatch or deliver our product(s) to you. |
Other uses of personal information:
|
This use of your information and special category data is in the legitimate interests of GetHarley to provide skincare services, improve our products and services, and defend our legal rights. If we use health-related data (such as your skincare plan details and order details) to improve our services, we will do this on the basis of your explicit consent. |
Fulfil legal obligations | This use of your information is necessary to comply with our UK/EEA legal obligations, including those associated with responding to lawful orders from regulatory and judicial bodies like courts. |
Marketing | Where we use your personal information for digital marketing custom profiles, we do this in GetHarley’s legitimate interest. Where the creation of those profiles requires the setting of cookies and other technologies on your browser, we only do this where we have your consent to do so. Please see our cookie policy for more information. Where you have asked to be sent reminders, receive our latest offers and information and be kept up to date with all the latest at GetHarley, we rely on your consent. Where we receive and crop your skincare pictures if you voluntarily provide them for use in our marketing and promotional campaigns, we rely on consent. |
Your rights
Use of health-related information
If you want to withdraw consent for the use of your health-related information please email us (support@getharley.com). However, this won’t affect our use of the personal information already collected with your consent.
Once you withdraw consent, we will not be able to collect or continue to use your health-related information, which may affect the services we provide.
Consent and Legitimate interests
Where we rely on consent to otherwise process your personal information, you can withdraw that consent at any time in the ways indicated above. If you withdraw consent this will not affect our prior use of your personal information.
Where the lawful basis for using your personal information is based on legitimate interest, you can object to our use of your personal information in this way at any time. If you want to exercise this right, let us know by sending us a request preferably by email or in writing to the address given below.
Accessing, deleting, rectifying, and moving your personal information
You have the right to:
- access your personal information;
- rectify any incorrect personal information;
- delete your personal information
- limit how we use your personal information; and/or
- have your personal information transmitted to another data controller (data portability).
If you want to exercise these rights, let us know by sending us a request preferably by email or in writing. You may ask you need to provide additional information to verify and complete your request.
Lodging a complaint
You can complain about our processing of your personal information with a supervisory authority. In the UK, this is the Information Commissioner’s Office:
For a list of supervisory authorities in the EU, please see here.
How do you contact us?
The data controller is 16HarleyCo Ltd (t/a GetHarley)
You can write to us at: F102 Ambassador Building, Embassy Gardens, London, SW11 7BT, United Kingdom.
For the EEA, we have appointed an EEA representative who can be contacted at Bird & Bird GDPR Representative Services Ireland, Deloitte House, 29 Earlsfort Terrace, Dublin 2, D02 AY28, or via email at EUrepresentative.GetHarley@twobirds.com
We have appointed a Data Protection Officer (DPO). If you wish to contact them in relation to our use of your personal information, you can do so by emailing: DPO.GetHarley@twobirds.com Bird & Bird Privacy Solutions, Bird & Bird DPO Services SRL, Avenue Louise 235 Box 1, 1050 Brussels, Belgium.
This privacy statement will evolve with time, and when we update it, we will revise the "Last Updated" entry above. We may communicate any changes with you from time to time in a manner we determine.
This Statement is effective from 21 June 2024. To see prior privacy statements, email us at the address given above.
Have a question? Please email hello@getharley.com or WhatsApp +44 7398 909 422
We're hiring! Email talent@getharley.com if you're interested in joining us.