The London Aesthetic Clinic ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at thelondonaestheticclinic.co.uk, contact us by email, or receive treatments at our clinic.
We are the data controller for the personal information we process. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about this policy or how we handle your data, please contact us at [email protected].
1. What Personal Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity Data | Name, title, date of birth |
| Contact Data | Email address, postal address |
| Health Data | Medical history, treatment records, consultation notes |
| Communication Data | Enquiries, correspondence, feedback |
| Technical Data | IP address, browser type, device information, pages visited |
| Marketing Data | Preferences regarding receiving marketing from us |
Health data is classified as special category data under UK GDPR and is afforded additional protections. We only collect and process health data where it is necessary for the provision of aesthetic medical treatments, and we do so on the basis of your explicit consent.
2. How We Collect Your Personal Data
We collect personal data through the following means:
Direct interactions — when you contact us by email, complete a consultation form, or attend our clinic
Automated technologies — when you browse our website, we may collect technical data via cookies and similar technologies (see our Cookie Policy)
Third parties — such as referrals from other healthcare professionals or review platforms
3. How We Use Your Personal Data
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| To provide aesthetic treatments and consultations | Contract performance; Explicit consent (health data) |
| To respond to your enquiries and communications | Legitimate interests |
| To maintain clinical records | Legal obligation; Explicit consent |
| To send appointment reminders | Contract performance; Legitimate interests |
| To send marketing communications (with your consent) | Consent |
| To improve our website and services | Legitimate interests |
| To comply with legal and regulatory obligations | Legal obligation |
4. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. In particular:
Clinical records are retained for a minimum of 8 years following your last treatment, in accordance with NHS and professional guidance
Marketing data is retained until you withdraw your consent or request erasure
General correspondence is retained for 3 years
Technical/website data is retained for up to 12 months
5. Sharing Your Personal Data
We do not sell your personal data. We may share your data with the following categories of third parties, strictly as necessary:
IT service providers and website hosting companies who process data on our behalf under data processing agreements
Professional advisers (lawyers, accountants) under obligations of confidentiality
Regulatory authorities (e.g., the ICO, CQC) where required by law
Other healthcare professionals where you have consented to a referral
We do not transfer your personal data outside the United Kingdom or the European Economic Area unless appropriate safeguards are in place.
6. Your Rights Under UK GDPR
Under UK GDPR, you have the following rights in relation to your personal data:
Right of Access
You may request a copy of the personal data we hold about you (a Subject Access Request).
Right to Rectification
You may ask us to correct inaccurate or incomplete personal data.
Right to Erasure
You may ask us to delete your personal data in certain circumstances.
Right to Restriction
You may ask us to restrict the processing of your data in certain circumstances.
Right to Data Portability
You may request your data in a structured, machine-readable format.
Right to Object
You may object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time.
Right to Complain
You have the right to lodge a complaint with the ICO (ico.org.uk) at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month.
7. Security
We take the security of your personal data seriously. We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include encrypted email communications, secure data storage, and restricted access to personal data on a need-to-know basis. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by UK GDPR.
8. Cookies
Our website uses cookies and similar technologies to improve your browsing experience and to analyse website traffic. For full details of the cookies we use and how to manage your preferences, please read our Cookie Policy.
9. Third-Party Links
Our website may contain links to third-party websites, including social media platforms. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data to them.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last reviewed" date at the top of this page will be updated accordingly. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:
Data Controller
The London Aesthetic Clinic
Within Fitness First, Coram Street, London WC1N 1HB
[email protected]You also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at ico.org.uk or by calling 0303 123 1113.
Related Policies