Privacy Policy

KLNIK Privacy Policy

This privacy policy sets out how KLNIK uses and protects any information that you give KLNIK when you use this website, or use the name @klnikofficial on Facebook, Twitter and Instagram. This also applies when you make an appointment, and become a KLNIK patient.

KLNIK is committed to ensuring that your privacy is protected. We will not ask you to provide any information on the website or social media which you can be identified.

When asking to provide personal information for an appointment you can be assured that it will only be used in accordance to this privacy statement.

KLNIK will amend this policy in keeping with legal obligation. This policy is written in accordance to the Data Protection Act 1988 and The General Data Protection Regulation 2016/679.

This policy is effective from 24 April 2018

KLNIK is committed to respecting your privacy and the confidentiality of your personal information. You have the right to be informed that as a wellness facility KLNIK will process your personal information for legitimate interest only. This includes special category information which may include medical information, biometric, genetic and ethnic information depending on service use. KLNIKs intended purpose for this information is for health promotion and safe medical practice, marketing, auditing and research purposes. Voice calls may be recorded for training and monitoring purposes. Anonymization and psedonymization are implemented regularly as a culture to ensure your information is protected. KLNIK will never share your information with an undisclosed third party.

The full extent of your data is managed in accordance with our Privacy Policy.

We collect

  • Personal data and special category information.
  • Questions, queries or feedback you leave, including your email address if you make contact with any of KLNIK platforms.
  • Your email address and subscription preferences when you sign up to our email alerts, and how you use our emails – for example whether you open them and which links you click on
  • Your Internet Protocol (IP) address, and details of which version of web browser you used
  • Information on how you use the site, using cookies and page tagging techniques
  • This data can be viewed by authorised people in KLNIK, supplier website organisation:Tim Marner ( and Pabau (

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons.

  • Improve the site by monitoring how you use it
  • Gather feedback to improve our services, for example our email alerts
  • Respond to any feedback you send us, if you’ve asked us to
  • Send email alerts to users who request them
  • Allow you to access KLNIK services
  • Provide you with information about KLNIK services if you want it by periodically sending promotional, new products, and marketing email or other information that we think you may be interested in using the contact details that you have provided.
  • Internal record keeping
  • Service Audits

Where your data is stored

Patient data is stored within Pabau systems.

Pabau data is always backed up daily. Backups are redundantly stored in multiple physical locations.

We choose our partners carefully. Pabau has achieved the following accreditations and certifications:

– PCI DSS Level 1
– ISO 27001 (Information Security Management System)

Pabau is also ISO 9001 accredited & registered with the ICO.

Should a catastrophic loss occur, Pabau design provides the ability to rapidly restore all services, ensuring availability of systems should we encounter a serious problem at our primary data center, where tests are regularly run.

Pabau performs real-time file replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center. Disaster recovery tests verify our projected recovery times and the integrity of customer data.

The Pabau networks are monitored to protect our perimeter against potential threats. Possible threats include hackers, data breaches, adware, spyware, pop-ups, browser exploits and phishing attempts.

All secure servers are protected by layer 7 firewalls, best-of-class router technology, TLS encryption, file integrity monitoring and network intrusion detection that identifies malicious traffic and network attacks. Network security scanning helps us quickly identify out-of-compliance systems.

All networks are monitored using a Security Incident Event Management (SIEM) system that gathers logs from all network systems and creates alert triggers based on correlated events.

In addition to our own capabilities, and those of our hosting providers, we contract with on-demand Distributed Denial of Service (DDoS) scrubbing providers that allow us to mitigate DDoS attacks.

Intrusion detection sensors throughout our internal network report events to the SIEM system for logging, alerts and reports.

Our patient database and file attachments are encrypted at rest, using the industry standard AES-256 encryption algorithm.

GDPR Compliance

KLNIK is GDPR compliant, Some points from our side include:

  • Database encryption at storage level.
  • Having full breach policies in place.
  • Ability for auditing specific circumstances such as a patient record being accessed.
  • Permissions surrounding user groups and what they can access on a client card.
  • Hosted within the EU.
  • Ability to pull out a record in its entirety if a patient was to request.
  • Date and audit stamps for most activity.

Keeping your data secure

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard the information we collect on line, over the phone and when in KLNIK.

Sending information over the internet is generally not completely secure, and we can’t guarantee the security of your data while it’s in transit.

Any data you send is at your own risk.

We have procedures and security features in place to keep your data secure once we receive it.

The confidentiality of your information is of paramount concern to KLNIK

KLNIK fully complies with Data Protection Legislation and Medical Confidentiality Guidelines. Please note that information submitted to KLNIK over this website is normally unprotected until it reaches us. Users should not send confidential details by email, unless specifically requested by KLNIK

Disclosing your information

We may pass on your personal information if we have a legal obligation to do so. This includes exchanging information with government departments for legal reasons.

We won’t share your information with any other organisations for marketing, market research or commercial purposes, and we don’t pass on your details to other websites.


How we use cookies

A cookie is a small file which asks permission to be placed on your computers hard drive. Once you agree the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor your needs, likes and dislikes by gathering and remembering information about your preferences. We use cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you. , other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.

This privacy policy only applies to and doesn’t cover any other companies/services that we link to. These businesses, have their own terms and conditions and privacy policies. You should exercise caution and look at the privacy statement applicable to the website in question.

Following a link to from another website

If you come to from another website, we may receive information from the other website. We don’t use this data. You should read the privacy policy of the website you came from to find out more about this.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, such as where we are obliged by law, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. An example of this may be where we have obligations to process your Financial data for the purposes of complying with our tax obligations.

Use of personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you and to provide you with the information, products and services that you request from us.
  • To provide you with information about other goods or services we offer that are similar to those that you have already purchased or enquired about.
  • To provide you, or carefully selected third parties to provide you, with information about goods or services we feel may interest you. We will only contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of sale to you).
  • Where we or a third party have a legitimate interest and your interests and fundamental rights do not override those interests.
  • To comply with a legal or regulatory obligation, including exchanging information with other companies and organisations for the purposes of fraud protection.
  • To administer, operate and improve our site and ensure it is presented in the most effective manner; as part of our efforts to keep our site safe and secure; to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
  • We may combine information we receive from other sources with information you give to us and information we collect about you and use it for the purposes set out above.

Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Lawful Basis

Legitimate interest – means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Further rights

You can find out what information we hold about you and ask us not to use any of the information we collect.

If you’ve signed up for email alerts, you can unsubscribe or change your settings at any time by selecting the ‘unsubscribe’ link that appears in every email.

Controlling your personal information. You may choose to restrict the collection or use of your personal information in the following ways:

Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us. You may request details of personal information which we hold about you under the Data Protection Act 1998, and General Data Protection Regulation (2016/679). If you would like a copy of the information held on you please write to Operations Director, KLNIK, The Colony, Wilmslow, Cheshire, SK9 4LY, Greater Manchester, United Kingdom, or alternatively email, [email protected]

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.

KLNIK will deactivate inactive files (those exceeding 36 months) accordingly to lawful guidance. If you wish to close your KLNIK file before this time, please email [email protected] requesting your information to be deleted and removed from our systems. All of our staff are DBS certified and are knowledgeable for safeguarding you and your data from harm and are happy to support this process. You have the right to seek all information held about your at KLNIK by requesting subject access in writing to, Operations Director: Sarha Thornton-Brooks, KLNIK, The Colony, Wilmslow, SK9 4LY.