At Lumière Medical Aesthetics, your privacy is something we take seriously. This policy explains what personal information we collect, why we collect it, how we use it, and what rights you have. We never sell your personal information to third parties.
Overview
This Privacy Policy ("Policy") describes how Lumière Medical Aesthetics ("Lumière", "we", "us", or "our"), located in South Surrey, British Columbia, Canada, collects, uses, and discloses personal information through our website at lumiereaesthetics.ca (the "Site") and through the provision of our aesthetic treatment services.
We are committed to complying with the Personal Information Protection Act (PIPA) of British Columbia and the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level, as applicable.
By using our Site or Services, you consent to the collection, use, and disclosure of your personal information as described in this Policy. If you do not agree, please do not use our Site or Services.
Information We Collect
We collect personal information in several ways depending on how you interact with us:
Information you provide directly:
- Contact details: Name, email address, phone number, and any other information you provide when completing a contact form, booking request, or lead magnet opt-in on our Site.
- Medical and health information: Health history, current medications, allergies, and contraindications you provide during consultations or intake forms. This is collected solely to ensure your safety and suitability for treatment.
- Treatment records: Notes, before/after observations, products used, and outcomes from your appointments, maintained for clinical purposes.
- Payment information: We do not store full credit card numbers. Payment processing is handled by secure third-party processors. We may retain a record of transaction amounts and dates.
- Communications: Emails, text messages, or other correspondence you send us, including any questions or feedback.
Information collected automatically:
- Usage data: Pages visited, time spent on the Site, referring URLs, and browser/device type, collected via standard web server logs and analytics tools.
- Cookies and tracking: Small data files stored on your device. See Section 5 for full details.
- IP address: Your approximate geographic location may be inferred from your IP address for analytics purposes.
How We Use Your Information
We use your personal information only for the purposes for which it was collected, or for directly related purposes. Specifically, we use your information to:
- Respond to your enquiries and booking requests.
- Schedule, confirm, and manage your appointments.
- Assess your suitability for treatments and provide safe, effective care.
- Maintain clinical records of treatments received.
- Send appointment reminders, follow-up communications, and aftercare instructions.
- Send you the free resources, guides, or email sequences you opted into via our website, and follow-up educational content where you have consented.
- Process payments and maintain financial records as required by law.
- Improve our website and services through anonymised analytics.
- Comply with legal obligations, including health records retention requirements.
- Investigate and respond to complaints or safety concerns.
We will never use your personal information for purposes unrelated to your care or your relationship with Lumière without your explicit consent. We do not sell, rent, or trade your personal information to any third party.
Medical & Health Information
Medical and health information is among the most sensitive personal information we handle. We treat it with the highest level of care and confidentiality.
Health information you provide — including medical history, current medications, allergies, and treatment records — is collected solely for the purpose of providing you with safe and appropriate aesthetic treatments. It is stored securely, accessed only by your treating practitioner, and is never shared with third parties except as required by law or with your explicit written consent.
We retain clinical records for a minimum of 10 years following your last treatment, or longer if required under applicable British Columbia health regulations. You have the right to access your clinical records — see Section 10 for more information.
Health information submitted via our website contact form or lead magnet forms is handled with the same confidentiality as information provided in person.
Cookies & Tracking
Our Site uses cookies — small text files stored on your device — to improve your experience and help us understand how visitors use the Site.
We use the following types of cookies:
- Essential cookies: Required for the Site to function properly. These cannot be disabled. They include cookies that remember your cookie consent preference and form session data.
- Analytics cookies: Used to understand how visitors interact with the Site — which pages are visited, how long visitors stay, and where they came from. This data is anonymised and aggregated. Only active if Google Analytics is enabled (see Section 6).
- Marketing cookies: Used to understand the effectiveness of our lead capture tools and email opt-in forms. Only active where you have opted into our email communications.
- Preference cookies: Remember your choices on the Site such as popup dismissal and consent status, stored in your browser's localStorage.
You can control and delete cookies through your browser settings. Disabling cookies may affect some functionality of the Site. Our cookie consent banner allows you to accept or decline non-essential cookies on your first visit.
Third-Party Services
We use a small number of trusted third-party services to operate our Site and communicate with clients. Each service has its own privacy policy governing how it handles data.
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Web3Forms | Contact form and lead magnet form submission processing | Name, email, message content submitted via forms | web3forms.com/privacy |
| Google Analytics (if enabled) |
Website analytics — understanding visitor behaviour | Anonymised usage data, device/browser type, approximate location via IP | policies.google.com/privacy |
| Kit (ConvertKit) (if enabled) |
Email marketing — delivering free resources and follow-up sequences to opted-in subscribers | Name and email address of subscribers who opt in | kit.com/privacy |
| Google Fonts | Loading website typography | IP address (via font loading request to Google servers) | policies.google.com/privacy |
| Unsplash | Website imagery | IP address (via image loading request) | unsplash.com/privacy |
We do not share your personal information with any third-party advertising networks, data brokers, or social media platforms without your explicit consent.
Our Site may contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
Disclosure of Your Information
We do not sell, trade, or rent your personal information to third parties. We may disclose your personal information only in the following limited circumstances:
- With your consent: We may share information where you have given us express written permission to do so — for example, sharing a before/after photo for marketing purposes.
- Legal requirement: Where required by law, court order, or government authority, including health regulatory bodies with jurisdiction over healthcare records in BC.
- Safety: Where we believe disclosure is necessary to prevent serious harm to you or another person.
- Service providers: To trusted third-party service providers listed in Section 6 who assist us in operating our Site and services, under strict confidentiality obligations.
- Business transfer: In the event of a merger, acquisition, or sale of the business, personal information may be transferred to the acquiring party, subject to the same privacy obligations.
Data Retention
We retain your personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:
- Clinical treatment records are retained for a minimum of 10 years following your last appointment, in compliance with BC health records regulations.
- Contact form submissions are retained for up to 3 years, or until you request deletion.
- Email subscriber data is retained for as long as you remain subscribed. You may unsubscribe at any time via the link in any email we send you, after which your data is removed from our email platform within 30 days.
- Financial transaction records are retained for 7 years as required under Canadian tax law.
- Website analytics data is retained in anonymised form for up to 26 months.
When personal information is no longer required, we securely delete or anonymise it in a manner that prevents recovery or reconstruction.
Security
We take reasonable technical and organisational measures to protect your personal information from unauthorised access, use, disclosure, alteration, or destruction. These measures include:
- HTTPS encryption on all pages of our website.
- Secure, access-controlled storage of clinical and client records.
- Limited access to personal information on a need-to-know basis.
- Use of reputable, security-conscious third-party service providers.
- Regular review of our data handling practices.
No method of electronic transmission or storage is 100% secure. While we take your privacy seriously and implement reasonable safeguards, we cannot guarantee absolute security. If you have concerns about transmitting sensitive information online, please contact us by phone instead.
In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and the relevant authorities as required under PIPEDA and PIPA.
Your Rights
Under PIPA (BC) and PIPEDA, you have the following rights regarding your personal information:
- Right of access: You have the right to request access to the personal information we hold about you, including your clinical records. We will provide this within 30 days of your written request, subject to limited exceptions.
- Right to correction: If you believe any personal information we hold about you is inaccurate or incomplete, you have the right to request a correction.
- Right to withdraw consent: You may withdraw consent for non-essential uses of your personal information at any time. Withdrawal of consent does not affect our ability to retain clinical records where required by law.
- Right to unsubscribe: You may opt out of marketing emails at any time using the unsubscribe link in any email we send, or by contacting us directly.
- Right to deletion: You may request deletion of personal information we hold about you, subject to our legal obligations to retain certain records (such as clinical and financial records).
- Right to complain: If you believe your privacy rights have been violated, you have the right to file a complaint with the Office of the Information and Privacy Commissioner for BC (oipc.bc.ca) or the Office of the Privacy Commissioner of Canada (priv.gc.ca).
To exercise any of these rights, please contact us using the details in Section 13. We will respond to all privacy requests within 30 days.
Children's Privacy
Our Site and Services are not directed to individuals under the age of 19 (the age of majority in British Columbia). We do not knowingly collect personal information from minors.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at hello@lumiereaesthetics.ca and we will take prompt steps to delete the information from our records.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we do, we will update the "Last updated" date at the top of this page.
If we make material changes that significantly affect how we handle your personal information, we will make reasonable efforts to notify you — for example, by email if you are a subscribed client or by a prominent notice on our Site.
We encourage you to review this Policy periodically. Your continued use of our Site or Services after any changes constitutes your acceptance of the updated Policy.
Contact Us About Privacy
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:
- Business name: Lumière Medical Aesthetics
- Privacy contact: Sophie (Clinic Owner & Practitioner)
- Location: South Surrey, BC, Canada
- Email: hello@lumiereaesthetics.ca
- Phone: (604) 555-0192
- Contact form: lumiereaesthetics.ca/contact
We aim to respond to all privacy-related requests and enquiries within 30 days of receipt. If you are not satisfied with our response, you have the right to escalate your concern to the relevant privacy commissioner:
- BC: Office of the Information and Privacy Commissioner for BC — oipc.bc.ca
- Federal: Office of the Privacy Commissioner of Canada — priv.gc.ca