Instagram Whatsapp Lnr-envelope

Privacy Centre

Bananiana Factory is committed to protecting your privacy and handling your personal data in a fair, lawful, and transparent way.

This Privacy Centre explains what personal data we collect, why we collect it, how we use it, who we may share it with, how long we keep it, and the choices and rights available to you.

By using our website, contacting us, booking a consultation, or receiving a treatment, you acknowledge that your personal data may be processed in line with this notice.

WHO WE ARE

For the purposes of data protection law, Bananiana Factory is the data controller of the personal data covered by this Privacy Centre.

If you have questions about this notice or would like to exercise your privacy rights, please contact us using the details listed at the end of this page.

THE TYPES OF PERSONAL DATA WE MAY COLLECT

Depending on how you interact with us, we may collect and process the following categories of personal data:

Identity data
Your name, title, date of birth, and other information that helps us identify you.

Contact data
Your email address, telephone number, postal address, and any contact details you provide when communicating with us.

Booking and appointment data
Information related to your consultation requests, appointment history, treatment enquiries, booking confirmations, cancellations, and follow-up communication.

Payment and transaction data
Billing details, payment confirmations, and limited transaction information required to process purchases or bookings. We do not store full card details unless this is handled securely by an authorised payment provider.

Medical and health data
Where relevant to a consultation or treatment, we may collect health-related information such as medical history, allergies, medications, previous procedures, pregnancies, relevant symptoms, treatment contraindications, and other information needed to assess your suitability and safety. This may include special category data.

Communications data
Records of emails, messages, calls, forms, reviews, feedback, and other correspondence you send to us.

Technical data
Your IP address, browser type, device information, operating system, referring source, and information about how you interact with our website.

Marketing and preference data
Your communication preferences, subscription choices, cookie preferences, and information about the types of services that may interest you.

HOW WE COLLECT YOUR DATA

We may collect your personal data directly from you when:

You browse our website
You submit an enquiry form
You contact us by email, phone, WhatsApp, social media, or other channels
You book a consultation or treatment
You complete medical questionnaires or consent forms
You provide before-and-after image consent or testimonial consent
You purchase a service
You leave feedback, a review, or a complaint
You subscribe to marketing updates

We may also collect certain information automatically through cookies, analytics tools, website logs, and similar technologies.

In some cases, we may receive personal data from third parties such as payment providers, website analytics providers, booking systems, professional advisers, or social media platforms where you choose to interact with us there.

WHY WE USE YOUR PERSONAL DATA

We may use your personal data for one or more of the following purposes:

To respond to your enquiries
To arrange, confirm, manage, or change appointments
To assess your suitability for BBL-related consultations and treatments
To provide treatment-related services and aftercare
To keep accurate medical and business records
To process payments and issue invoices or confirmations
To communicate with you about your appointments or treatment journey
To improve our services, website, and client experience
To manage reviews, complaints, and support requests
To detect, prevent, or investigate fraud, misuse, or security issues
To comply with legal, regulatory, insurance, clinical, and accounting obligations
To send marketing communications where we are lawfully permitted to do so
To understand how users interact with our website and advertising

OUR LEGAL BASES FOR PROCESSING

We only process your personal data where we have a valid legal basis. Depending on the circumstances, this may include:

Consent
Where you have clearly agreed to a specific use of your personal data, including certain marketing activities and, where required, the use of special category data.

Contract
Where processing is necessary in order to take steps at your request before entering into a contract, or to perform a contract with you, such as arranging consultations, bookings, payments, and related services.

Legal obligation
Where we must process your personal data to comply with legal, tax, regulatory, medical, or insurance obligations.

Legitimate interests
Where processing is reasonably necessary for running, protecting, and improving our business, services, systems, communications, and website, provided your rights and interests are not overridden.

Health and medical data
Where we process health-related information, we do so only where a lawful condition also applies, such as explicit consent, medical care purposes, or another basis permitted by applicable law.

WHO WE MAY SHARE YOUR DATA WITH

We do not sell your personal data.

We may share your personal data with trusted third parties where this is necessary for legitimate business, medical, legal, technical, or operational reasons, including:

Booking and appointment software providers
Payment processors
Website hosting and cloud service providers
IT and security providers
Analytics and cookie providers
Email and communication platforms
Professional advisers such as lawyers, accountants, insurers, and auditors
Medical professionals, where necessary for your care, safety, or treatment administration
Regulators, government bodies, courts, law enforcement, or fraud prevention services where we are legally required or reasonably permitted to do so

Any third party processing personal data on our behalf should only process it for authorised purposes and with appropriate safeguards in place.

MARKETING COMMUNICATIONS

We may send you service-related communications when needed for your booking, treatment, follow-up, or account administration.

Where permitted by law, we may also send you marketing communications about our services, updates, and offers.

You can opt out of marketing at any time by using the unsubscribe option in our emails, adjusting your settings where available, or contacting us directly.

Opting out of marketing will not affect essential service messages relating to an existing booking, treatment, or transaction.

COOKIES AND ANALYTICS

Our website may use cookies and similar technologies to:

Help the website function properly
Remember your preferences
Improve performance and user experience
Understand how visitors use the website
Measure the effectiveness of website content and advertising

You can manage cookies through your browser settings and, where available, through our cookie preference tools.

Some cookies are necessary for core website functions, while others are optional and help us analyse traffic or improve marketing relevance.

THIRD-PARTY LINKS

Our website may contain links to other websites, platforms, or services. If you follow a link to a third-party website, please note that their privacy practices are separate from ours. We are not responsible for the content, privacy notices, or data handling of third-party websites.

INTERNATIONAL DATA TRANSFERS

Some of our service providers may store or process data outside the UK or outside the country where you are located.

Where personal data is transferred internationally, we aim to ensure that appropriate safeguards are in place, such as contractual protections, recognised adequacy mechanisms, or other lawful transfer methods required by applicable data protection law.

HOW LONG WE KEEP YOUR DATA

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including:

To provide our services
To maintain treatment and business records
To respond to complaints or disputes
To comply with legal, regulatory, tax, accounting, insurance, or clinical obligations
To protect our legal rights and interests

Retention periods may vary depending on the type of data, the nature of the service, whether treatment took place, and our legal obligations.

When personal data is no longer needed, we aim to delete it, anonymise it, or securely destroy it.

HOW WE PROTECT YOUR DATA

We use appropriate technical, organisational, and administrative measures designed to protect your personal data against unauthorised access, misuse, loss, disclosure, alteration, or destruction.

These measures may include secure systems, restricted access, encrypted communications where appropriate, staff confidentiality controls, and careful selection of service providers.

However, no internet-based transmission or storage system can ever be guaranteed to be completely secure, so you share information with us at your own risk.

YOUR PRIVACY RIGHTS

Depending on the law that applies to you, you may have the right to:

Be informed about how your personal data is used
Request access to the personal data we hold about you
Request correction of inaccurate or incomplete data
Request deletion of your personal data in certain circumstances
Request restriction of processing in certain circumstances
Object to certain types of processing
Request portability of certain personal data
Withdraw consent where processing is based on consent
Object to direct marketing at any time
Request review of certain automated decisions, where applicable

These rights are not absolute and may be subject to legal or regulatory exceptions.

If you would like to exercise any of your rights, please contact us using the contact details at the end of this page. We may ask for proof of identity before acting on your request.

COMPLAINTS

If you have concerns about how Bananiana Factory handles your personal data, we encourage you to contact us first so we can try to resolve the issue.

If you are not satisfied, you may also have the right to complain to the relevant data protection authority, including the Information Commissioner’s Office in the UK where applicable.

CHILDREN

Our BBL-related services are intended for adults. We do not knowingly collect personal data from children in connection with treatment bookings. If you believe personal data has been submitted to us in error for a minor, please contact us so we can review and, where appropriate, remove it.

AUTOMATED DECISION-MAKING

We do not generally make decisions about clients solely by automated means where those decisions produce legal or similarly significant effects.

If this changes, we will update this notice and explain the safeguards available to you.

CHANGES TO THIS PRIVACY CENTRE

We may update this Privacy Centre from time to time to reflect changes in law, regulation, technology, our services, or our data practices.

The latest version published on our website will apply.

CONTACT US

If you have any questions about this Privacy Centre or want to make a privacy request, please contact:

Bananiana Factory
Email: office@bananinia-factory.com
Address: 89-91 Wardour Street, Soho, London W1F 0UB
Phone: +44 7570 275888