Privacy Policy

1. Introduction

London and Glow Ltd. (“London & Glow”, “we”, “us”, or “our”) operates the website at londonandglow.ca and provides physician-led aesthetic medicine services in Edmonton, Alberta.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website, contact us, or receive services from us. We are committed to compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

2. Information We Collect

We collect personal information only to the extent necessary to provide our services and communicate with you effectively.

Personal Information

When you book a consultation, fill out a contact form, or register on our site, we may collect: your full name, email address, phone number, and date of birth.

Health Information

As a medical aesthetics clinic, we collect health-related information necessary for safe treatment, including your responses to our medical questionnaire, information about allergies, current medications, previous aesthetic treatments, and your menopause status (pre-menopause, perimenopause, menopause, or post-menopause). This information is treated with the highest level of sensitivity.

Payment Information

Deposit and payment processing is handled by Stripe, a PCI DSS-compliant payment processor. We do not store your credit card number, CVV, or full card details on our systems. We retain only the transaction record and Stripe customer identifier.

Website Usage Data

We collect standard website analytics data, including pages visited, time on page, browser type, device type, and approximate geographic location. This is collected via cookies and analytics tools. No individually identifiable data is collected through analytics unless you have submitted a form.

3. How We Use Your Information

We use your personal information for the following purposes:

• Appointment booking and management — to schedule, confirm, remind, and follow up on consultations and treatments.
• Treatment planning — to design safe, personalised aesthetic treatments appropriate for your health status and individual skin needs.
• Communication — to respond to your enquiries, send appointment reminders, and provide post-treatment care instructions.
• Payment processing — to collect consultation deposits and treatment balances.
• Service improvement — to understand how our website is used and to improve our services over time. Analytics data is used in aggregate form.

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.

4. How We Protect Your Information

We take the security of your personal information seriously. Our protective measures include:

• Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Secure storage — personal and health data is stored in access-controlled, encrypted databases.
• Access controls — only authorised clinic staff with a legitimate need to access your data may do so. Access is logged and reviewed.
• Payment security — card data is handled exclusively by Stripe, which maintains PCI DSS Level 1 compliance.

No method of data transmission or storage is completely secure. In the unlikely event of a data breach affecting your personal information, we will notify you and the relevant authorities as required by law.

5. Sharing Your Information

We do not sell, rent, or trade your personal information. We share your data only in the following limited circumstances:

• Stripe — payment processing. Stripe's privacy policy governs how they handle payment information: stripe.com/privacy.
• Resend — transactional email delivery (booking confirmations, appointment reminders). Resend receives your name and email address for the purpose of delivering messages on our behalf.
• Legal requirements — we may disclose information where required by law, court order, or government authority, or where necessary to protect the rights, property, or safety of London and Glow Ltd., our clients, or the public.

6. Your Rights Under PIPEDA

As a resident of Canada, you have the following rights regarding your personal information:

• Right of access — you may request a copy of the personal information we hold about you at any time.
• Right of correction — if any information we hold is inaccurate or incomplete, you may request that we correct it.
• Withdrawal of consent — you may withdraw your consent to our collection or use of your personal information at any time, subject to legal or contractual restrictions. Note that withdrawal may affect our ability to provide services to you.
• Right to complain — if you believe your privacy rights have been violated, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these rights, please contact us at privacy@londonandglow.ca. We will respond within 30 days.

7. Cookies

Our website uses cookies — small text files stored on your device — for the following purposes:

• Essential cookies — necessary for the website to function, including session management and security. These cannot be disabled.
• Analytics cookies — used to understand how visitors use our site so we can improve it. This data is collected in aggregate.

You can control or disable non-essential cookies through your browser settings. Please note that disabling cookies may affect your experience on our website. For instructions, refer to your browser's help documentation.

8. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, subject to the following:

• Client health records— retained for a minimum of 10 years following your last treatment, as required under Alberta's Health Professions Act.
• Financial records — retained for 7 years as required by the Canada Revenue Agency.
• Marketing communications — retained until you unsubscribe or request deletion.
• Enquiry and contact data — retained for 2 years unless converted into a client record.

When data is no longer required, it is securely deleted or anonymised.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes acceptance of the revised policy.

10. Contact

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Privacy Officer at: