We collect personal information that you voluntarily provide to us when you:

• Book a consultation or treatment
• Complete a consultation form
• Subscribe to our newsletter
• Contact us via email, phone, or social media
• Leave a review or testimonial
• Visit our website

Personal Information may include:

• Identity Data: Name, title, date of birth, gender
• Contact Data: Address, email address, telephone numbers
• Health Data: Medical history, skin conditions, allergies, medications, treatment history (special category data under UK GDPR)
• Financial Data: Payment card details (processed securely through our payment provider)
• Technical Data: IP address, browser type, device information, cookies
• Marketing Data: Preferences for receiving marketing communications

Before Treatment:

Before your treatment, you may complete a consultation form which includes medical history, skin details, treatment suitability checks, and patch test results. This information is essential for providing safe and effective treatments.

We use your personal information for the following purposes:

• To Provide Healthcare Services: Administering treatments, managing appointments, and maintaining treatment records
• To Ensure Your Safety: Assessing suitability for treatments, monitoring reactions, and following up on your care
• To Communicate With You: Appointment reminders, treatment information, and responding to enquiries
• To Process Payments: Processing transactions and sending invoices
• To Improve Our Services: Analyzing feedback, monitoring satisfaction, and enhancing our offerings
• For Marketing (with consent): Sending newsletters, special offers, and promotional materials
• To Comply With Legal Obligations: Meeting regulatory requirements, tax obligations, and responding to legal requests

Legal Bases for Processing:

• Contract: Processing necessary to fulfill our contract with you for treatments
• Legitimate Interests: Managing our business, improving services, and preventing fraud
• Legal Obligation: Compliance with UK law and regulations
• Consent: Marketing communications and non-essential cookies
• Vital Interests: Protecting your health and safety
• Healthcare Purposes: Processing health data under Article 9(2)(h) UK GDPR for medical treatment

We do not sell, rent, or trade your personal information. We may share your data with:

• Healthcare Professionals: GPs or specialists if referral is clinically necessary (with your consent)
• Service Providers: IT support, payment processors, email marketing platforms (under strict data processing agreements)
• Legal Authorities: When required by law or to protect our legal rights
• Professional Bodies: If required by our regulatory obligations

All third parties are required to maintain the confidentiality and security of your personal information and are only permitted to process it for specified purposes.

International Transfers:

We primarily process data within the UK and EEA. If any data is transferred outside these areas, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected:

• Treatment Records: 8 years from the date of last treatment (in accordance with healthcare guidelines)
• Financial Records: 7 years (as required by HMRC)
• Marketing Data: Until you unsubscribe or withdraw consent
• Website Analytics: 26 months
• Enquiries: 2 years from last contact (unless a booking is made)

After the retention period, your data will be securely deleted or anonymized.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal requirements)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests or for marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling

To exercise any of these rights, please contact us at [email protected]. We will respond within one month.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device.

Types of Cookies We Use:

• Necessary Cookies: Essential for the website to function (cannot be disabled)
• Analytics Cookies: Help us understand how visitors use our site (Google Analytics)
• Marketing Cookies: Used to deliver relevant advertisements
• Preference Cookies: Remember your settings and preferences

You can manage your cookie preferences through our cookie banner or your browser settings. Note that disabling certain cookies may affect website functionality.

Third-Party Services:

• Google Analytics - Website traffic analysis
• Google Maps - Location services
• Social Media Plugins - Facebook, Instagram

With your explicit consent, we may take photographs before and after treatment for:

• Clinical records to monitor treatment progress
• Marketing materials (website, social media, brochures)
• Training purposes

A separate photography consent form will be provided at your first treatment. You may withdraw consent at any time, and we will remove your images from marketing materials within a reasonable timeframe.

Images used for marketing will be anonymized unless you specifically consent to being identified.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of sensitive data
• Secure password-protected systems
• Limited access to personal data (only authorized staff)
• Regular security assessments
• Staff training on data protection
• Secure disposal of paper records
• Regular data backups

While we strive to protect your personal information, no method of transmission over the Internet is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18 without parental consent.

For clients aged 16-18, parental/guardian consent is required for all treatments. A parent or guardian must be present during consultations and sign consent forms.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notification for significant changes (if you have subscribed)

We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Phone: 07387 381121
• Address: 14 Frederick Road, Edgbaston B15 1JD, Birmingham, UK

We aim to respond to all privacy-related enquiries within 48 hours.

Data Protection Officer:

For data protection specific queries, please contact our Data Protection Officer at [email protected]