top of page

Privacy Policy

Effective Date: June 20, 2025

​

1. Introduction

Welcome to Optimal Skin Limited. We are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy outlines how Optimal Skin Limited ("we," "us," or "our") collects, uses, stores, shares, and protects your personal data when you visit our website at https://www.optimalmedispa.com.hk, use our services, or interact with us.

We adhere to the principles of data protection and privacy under the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") of Hong Kong, and other applicable privacy laws.

​​

2. Information We Collect

We collect various types of information from and about you, including:

  • Personal Identifiable Information (PII): Information that can be used to identify you directly or indirectly. This may include:

    • Contact Details: Name, postal address, email address, phone number.

    • Demographic Information: Date of birth, gender, marital status.

    • Health-Related Information (Sensitive Data): Medical history (e.g., existing conditions, allergies, medications, past treatments), lifestyle details, aesthetic concerns, consultation notes, treatment plans, progress photos (with explicit consent), and any other health information relevant to your treatments.

    • Payment Information: Billing address, credit/debit card details (processed securely by third-party payment processors; we do not store full card numbers on our servers).

    • Identification Information: Copy of HKID/passport (if required for specific regulatory purposes or identity verification for certain treatments).

    • Appointment Details: Dates and times of appointments, service history.

  • Non-Personal Identifiable Information (Non-PII): Information that cannot be used to identify you directly. This includes:

    • Website Usage Data: IP address, browser type, operating system, referring website, pages viewed, time spent on our website, and other clickstream data.

    • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7 for more details).

  • How We Collect Information:

    • Directly from You: When you book an appointment, fill out consultation forms, register for an account, subscribe to our newsletter, make inquiries, or communicate with us via phone, email, or in person.

    • Automatically: As you navigate through our website, via cookies and analytics tools.

    • From Third Parties: From payment processors (confirming successful transactions), or referral partners (with your consent).

 

3. How We Use Your Information

We use your personal data for the following purposes:

  • To Provide Services: To schedule and manage appointments, deliver your requested treatments, and provide post-treatment care and advice.

  • To Personalize Your Experience: To tailor treatment plans and recommendations to your specific needs and preferences.

  • For Communication: To send appointment confirmations, reminders, follow-up messages, and respond to your inquiries.

  • For Marketing and Promotional Purposes: To send you updates, newsletters, special offers, and information about new services that may be of interest to you, but only with your explicit consent. You can opt-out of marketing communications at any time.

  • For Billing and Payment Processing: To process payments for services rendered and manage your account.

  • For Internal Operations: For record keeping, administrative purposes, data analysis, research, and improving our services, website content, and marketing efforts.

  • For Legal and Regulatory Compliance: To comply with applicable laws, regulations, professional obligations, or respond to lawful requests from public authorities.

  • For Security: To protect against fraud, unauthorised transactions, claims, and other liabilities, and to manage risk exposure.

 

4. How We Share Your Information

We understand the sensitivity of your personal information and share it only when necessary and under strict conditions:

  • Internal Sharing: Your information may be accessed by our staff (doctors, nurses, therapists, receptionists, administrative personnel) on a strictly "need-to-know" basis to provide you with services and manage your care. All staff are bound by confidentiality agreements.

  • Third-Party Service Providers: We may share your data with trusted third-party vendors, consultants, and service providers who perform services on our behalf, such as:

    • Payment processing (e.g., credit card processors)

    • Appointment scheduling and management software (e.g., [mention specific software if applicable])

    • Email communication platforms

    • Website hosting and analytics providers

    • IT support and security services

    • Professional advisors (e.g., legal, accounting)

    • These providers are contractually obligated to protect your data and are only permitted to use it for the specific purposes for which we engage them.

  • Healthcare Professionals (Referrals): With your explicit consent, we may share relevant health information with other medical specialists or healthcare providers for referral or continuity of care.

  • Legal Requirements: We may disclose your information if required to do so by law, in response to a court order, subpoena, or other legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

  • Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

  • With Your Consent: We may share your information for any other purpose with your explicit consent.

​

5. Data Security

We implement robust technical, administrative, and physical safeguards designed to protect your personal data from unauthorised access, use, disclosure, alteration, or destruction. These measures include:

  • Encryption: Using Secure Socket Layer (SSL) technology for data transmission on our website.

  • Access Controls: Restricting access to personal data to authorized personnel on a "need-to-know" basis.

  • Secure Servers: Storing data on secure servers with firewalls and intrusion detection systems.

  • Data Minimization: Collecting only the data necessary for the stated purposes.

  • Staff Training: Regularly training our staff on data privacy and security best practices.

  • Regular Audits: Periodically reviewing our security measures to ensure effectiveness.

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

​

6. Your Data Rights

Under the PDPO and other applicable laws, you have certain rights regarding your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.

  • Right of Correction: You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.

  • Right to Erasure (Right to be Forgotten): In certain circumstances, you have the right to request the deletion or removal of your personal data. Please note that certain medical records may be subject to legal retention periods and cannot be immediately deleted.

  • Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing.

  • Right to Restrict Processing: You have the right to request the restriction of the processing of your personal data in certain situations.

  • Right to Data Portability: Where applicable, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the details provided in Section 11. We may require you to verify your identity before processing your request.

​

7. Cookies and Tracking Technologies

Our website uses "cookies" and similar tracking technologies to enhance your browsing experience, analyse website traffic, and personalise content.

  • What are Cookies? Cookies are small text files placed on your device by websites that you visit. They are widely used to make websites work more efficiently and to provide information to the website owners.

  • How We Use Them: We use cookies for:

    • Essential Website Functionality: To enable core features like navigation and access to secure areas.

    • Analytics: To understand how visitors interact with our website, identify popular pages, and improve website performance (e.g., Google Analytics).

    • Personalisation: To remember your preferences and provide a more customised experience.

  • Managing Cookies: You can control and/or delete cookies as you wish. Most web browsers allow you to manage your cookie preferences through their settings. However, disabling cookies may affect the functionality of our website and your user experience.

​

8. Third-Party Links

Our website may contain links to third-party websites that are not operated by us. This Privacy Policy applies only to our website. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party websites you visit.

 

9. Children's Privacy

Our services and website are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

 

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

​

11. Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or if you wish to exercise your data rights, please contact us:

Optimal Skin Limited

Address: 7th Floor, Shun Ho Tower, 24-30 Ice House Street, Central, Hong Kong

Phone: +852 2666 6300

Email: reception@optimalfamilyhealth.com.hk

​

For privacy-specific inquiries, please address your communication to our Privacy Officer.

bottom of page