SHIFFA WELLNESS is committed to protecting the privacy and security of the personal data of our website visitors and clients we deal with during our business operations and the provision of our services. This Privacy Notice explains who we are, how we collect, share, and use your personal data, and how you can exercise your data protection rights.
SHIFFA WELLNESS
G4-F4 Esperanza 198,
Linking Road Bandra West,
Mumbai-400050
and our data protection officer’s email address is
manager@shiffawellness.com.
Shiffa Wellness provides nutritional wellness services globally including elective IV therapies, booster injections, diagnostic testing, vaccinations, and aesthetic procedures related to skin.
We process and manage your personal data according to the relationship we have with you. This relationship helps us to identify the appropriate data subject category you belong to (or group of individuals whose data we process in an identical manner) and allows us to provide you the details of how we process your personal data. We interact with you in one of more of the following ways:
We collect, store, and use your personal data when you visit a clinic location for medical services. We process your personal data based on your consent and our legitimate interest.
We need to process your personal information to service the contract of provision of services we are about to or have entered with you. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered with you, or we may be prevented from complying with our legal obligations.
It is in our legitimate interest to collect your contact and payment data for us to bill you for the Shiffa Wellness services you purchase from us and to manage your clinic visits, provide you with details of the appropriate aftercare and of future promotions or business updates and medical services.
Name, email address, phone number, date of birth, gender, home address, medical questionnaire information, and medical notes.
Directly from yourself.
We share your medical data with our clinic-based medical team and your contact data with our Customer First Team.
India, UK, and Canada.
We keep your data for the period during which you are a clinic customer and as long as reasonably necessary thereafter to fulfil our legal and regulatory requirements.
Whenever we transfer your personal data out of India, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is appropriate:
We have put in place security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We limit access to your personal information to authorised employees or contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We collect, store, and use your personal data to make our website more intuitive and easier to use and protect the security and effective functioning of our websites based on our legitimate interest.
It is necessary for our legitimate interests to monitor how our website is used to help us:
IP address, device used, location, and visitor activity.
Directly from yourself.
We share your data with our website analytics providers.
India.
We keep your data for one (1) year.
We collect, store, and use your personal data to respond to requests for general information or confirm appointment bookings based on contract and our legitimate interest.
Name, email address, phone number, and any accompanying information you provide us.
Directly from yourself.
We share your data with our website analytics providers.
Globally, depending on the clinic or service place you have chosen.
We keep your data for three (3) years.
As a job applicant, we collect, store, and use your personal data to assess your skills, qualifications, and suitability for the work or role, during this process based on our legitimate interest and contract.
It is in our legitimate interest to carry out background and reference checks, communicate with you about the recruitment process and keep records related to our hiring process.
If you fail to provide information when requested, which is necessary for us to consider your job application, we will not be able to process your application.
Where your application is made through one of our websites, please also see how we process your data as a website visitor.
In the case of an application for a position in India, we collect your name, email address, CV, interview notes, references, qualifications, skills, employment history, entitlement to work in India, and driving license.
For positions in other regions or if you have applied through our website, we collect your name, email address, phone number, location, and CV (if you provide it).
Directly from yourself and, in certain cases, from recruitment agencies.
Recruitment agencies, referees, credit reference agencies, or other background check agencies.
India.
A year after we have communicated to you our decision about whether to appoint you. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information.
We have put in place security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.
We limit access to your personal information to authorized employees or contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We collect, store, and use your personal data when you provide us goods or services based on contract, legal obligation, and our legitimate interest.
If you fail to provide certain information when requested, we may not be able to perform the contract we are about to, or have entered with you, or we may be prevented from complying with our legal obligations such as tax reporting.
It is in our legitimate interest to collect your contact and payment details for us to pay you, to prevent fraud, to make decisions about the continued provision of goods or services by you, and to make arrangements for the termination of the provision of goods or services by you.
Name, email address, mobile number, physical address, payment details, tax information, and company information.
Directly from yourself or the company you work for through the contract negotiation and setup process.
SHIFFA WELLNESS finance, operations team, business process owners, and franchisees.
India.
The period of our contract with you plus six (6) years, and as long as reasonably necessary thereafter to fulfill our legal and regulatory requirements.
We have put in place security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.
We limit access to your personal information to authorized employees or contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We collect, store, and use your personal data to initiate discussions or share information with you about becoming a SHIFFA WELLNESS franchisee based on contract and our legitimate interest.
We need to process your personal information to manage the contract for services we have entered with you. If you fail to provide certain information when requested, we may not be able to perform the contract for services we have entered with you, or we may be prevented from complying with our legal obligations.
Where your appointment is made through one of our websites, please also see how we process your data as a website visitor.
Name, email address, phone number, location of interest.
Directly from yourself.
SHIFFA WELLNESS franchisees.
India.
We keep your data for three (3) years.
We have put in place security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.
We limit access to your personal information to authorized employees or contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
May, in certain circumstances, be provided to other third parties such as regulatory or law enforcement bodies, but only in compliance with the law and where strictly necessary.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, including profiling, unless you have given us your consent to do so, or it is necessary for entering into or the performance of a contract.
Access: You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the personal data we process.
Rectification: You have the right to ask us to rectify any of your personal data that you think is inaccurate or incomplete. This right always applies.
Erasure: You have the right to ask us to erase your personal data where it is no longer required for the purpose for which it was collected, or you withdraw your prior consent to us processing it and we have no other legal ground for processing it, or it is being processed unlawfully, or when it must be erased to comply with a legal obligation, or it is being used for direct marketing purposes where we have no legitimate grounds for us doing so.
Restriction: You have the right to ask us to restrict the processing of your personal data where it is inaccurate (allowing us to verify the accuracy), or it is being processed unlawfully (and you want us to stop processing rather than erasing it), or where you have objected to us processing it while we’re verifying whether we have legitimate grounds for processing, or it is no longer required for purpose for which it was collected and you want us to keep it for the establishment, exercise, or defence of legal claims.
Portability: This only applies to personal data you have given us. You have the right to ask us to transfer the information you provided us from one organization to another or give it to you. This only applies if we are processing personal data based on your consent or as part of a contract, or in talks with you about entering a contract and the processing is automated.
Objection: You have the right to object to processing your personal data if we are using legitimate interests as our lawful basis for processing, or it is being used for direct marketing.
Withdrawing Consent: You can withdraw your consent that you have previously given to us for one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
You have the right to complain to a Supervisory Authority, in India that is the Information Commissioner’s Office.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will deal with your requests as soon as possible but may take up to 1 month (possibly extended to 3 months where the law permits). Normally there is no charge, however, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time but if we do so, we will provide you with an updated copy of this notice as soon as reasonably practical.