We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
Next Review Date 20:02:2020
Skinni Jab (www.skinnijab.com) is a trading name for the parent company known as Kickstarter Medical. Other trading names are The K Plan and My Skinny Jab.
Kickstarter Medical is the data controller for all the organisations within the group. This means that Kickstarter Medical determines what data is collected by each organisation within the group, how this data is going to be used and how this data is protected.
You can contact us for postal enquiries at:-
Postal Enquiries Only
PO Box 4336,
If you have questions about how we process personal data or would like to exercise your data subject rights, please email us at firstname.lastname@example.org
Your rights as a data subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email email@example.com or use the information supplied in the Contact us section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
- The right to be informed
- The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
- a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
- If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
- The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
- The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
- The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:a) The accuracy of the personal data is contested.
b) Processing of the personal data is unlawful.
c) We no longer need the personal data for processing but the personal data is required for part of a legal process.
d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
- The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
- The right to object
You have the right to object to our processing of your data where
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing is for the purposes of scientific or historical research; or
- Processing involves automated decision-making and profiling.
We collect personal data from you for one or more of the following purposes:
- To provide you with information that you have requested or that we think may be relevant to a subject in which you have demonstrated an interest.
- To initiate and complete commercial transactions with you for the purchase of products and/or services.
- To fulfil a contract that we have entered into with you.
- To ensure the security and safe operation of our websites and underlying business infrastructure.
- To manage any communication between you and us.
The table in section 5 below provides more detail about the data that we collect for each of these purposes, the lawful basis for doing so, and the period for which we will retain each type of data.
In addition, to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:
- Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
- Your login information, browser type and version, time zone setting, browser plug-in types and versions.
- Operating system and platform.
- Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.
- Contact information such as email address, postal address and telephone number
- IP address
- Medical History including your GP details
- Medication previously and currently prescribed
- Consultation Details and ongoing notes - medical staff, counsellors, psychotherapists, coaches
- Pre and Post Wellbeing Assessment Survey data
We will use your personal information ONLY to allow us to provide the services you have requested.
We will only share your information with other professional partners who are directly involved in providing the service and care you have requested.
- Kickstarter Medical Customer Services
- Therapists - Coaches, Psychotherapists, Counsellors
- Royal Mail (Name & Address Only)
To improve the content and functionality of our website we may send you promotional material about the services offered by Kickstarter Medical Limited. You may opt out at any time of our email communication by clicking on the unsubscribe link at the end of every email we send you.
Your details are not shared or sold to any third parties under any circumstances.
Kickstarter Mecial will conduct an identity check at the point that you enrol into our paid services. We will require a valid form of I.D, such as a passport or driving licence in digital format and this will be stored securely on your profile with us.
All medical records by Kickstarter Medical will be retained in accordance with “Records Management Code of Practice for Health & Social Care, Jul 2016”
All data at Kickstarter Medical is stored in keeping with best practice for ISO 27001:2018. This means that your data is securely stored and only accessible to people with the authority to access it via our clinical application.
Kickstarter Medical databases are secured in a private network and access to these databases are granted on an exceptional basis only. Your data is secured by industry standard protocols and firewalls to prevent unauthorised access to information. Kickstarter Medical operates to a recovery point objective of 20 minutes, which means your data is also securely backed up and protected in the event of any disruption to our IT system.
All access to data is logged so we have a complete audit trail of your data inside of our organisation.
We do not work with 3rd parties who are not directly involved in providing the service and care you have requested. Therefore we do not have a requirement to exchange data outside of our organisation with these third parties. You can be sure that when you consent to provide your personal information to us, Kickstarter Medical Limited is the only user of this information.
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee would normally be payable, and we will endeavour to provide any and all information in response to your request free of charge within 28 days of receiving your request. Please contact us for more details at firstname.lastname@example.org
The table below describes the various forms of personal data we collect and the lawful basis for processing this data. Our business architecture, accounting and systems infrastructure and compliance organisation means that all personal data is processed on common, group-wide platforms.
We have processes in place to make sure that only those people in our organisation who need to access your data can do so. A number of data elements are collected for multiple purposes, as the table below shows. Some data may be shared with third parties; where this happens, this is also identified below.
When we process on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:
The purpose test – is there a legitimate interest behind the processing?
Necessity test – is the processing necessary for that purpose?
Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?
You can download our "Purpose of Collection" table here
Cookies are small text files that are stored by the browser (for example, Internet Explorer, Chrome or Safari) on your computer or mobile phone. They allow websites to store things like user preferences. You can think of cookies as providing a ‘memory’ for the website so that it can recognise you when you come back and respond appropriately.
While you are signed into the site, we combine information from your registration cookies with analytics cookies, which we could use to identify which pages you have seen on.
Postal Enquiries Only
PO Box 4336,
Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you. We will respond within 28 days from receiving your enquiry.
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in confidence.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the ICO (Information Commissioner’s Office), which is also our lead supervisory authority. Its contact information can be found here