Privacy Policy

Introduction

At Brighton Aesthetic, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, store, and protect your data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. By engaging with our services, you agree to the practices described below.

Information We Collect

We collect the following types of information to provide our aesthetic treatments and manage your client experience:

  • Personal Information: Name, date of birth, contact details (email address, phone number, postal address), and identification details (e.g., for age verification).

  • Health Information: Medical history, treatment details, and any health-related data shared during consultations, which are necessary for safe treatment delivery.

  • Payment Information: Billing details, such as payment card information, for processing deposits and treatment fees.

  • Communication Data: Correspondence with us, including emails, phone calls, and messages via our website or social media.

  • Website Usage Data: Information collected via cookies and similar technologies, such as IP address, browser type, and pages visited, to improve our website functionality.

How We Use Your Information

We use your data for the following purposes:

  • To Provide Services: To schedule appointments, conduct consultations, administer treatments, and provide aftercare support.

  • To Ensure Safety: To assess your suitability for treatments by reviewing your medical history and health information.

  • To Process Payments: To handle deposits, treatment fees, and any financial transactions.

  • To Communicate: To send appointment confirmations, reminders, and updates about our services, as well as to respond to your enquiries.

  • To Improve Our Services: To analyse website usage and client feedback to enhance our offerings.

  • To Comply with Legal Obligations: To meet regulatory requirements, such as record-keeping for medical treatments and age verification.

Legal Basis for Processing

We process your data under the following legal bases:

  • Consent: For collecting and using your health data to provide treatments, and for sending marketing communications (where applicable).

  • Contractual Necessity: To fulfil our obligations under the agreement for providing aesthetic services (e.g., scheduling and delivering treatments).

  • Legal Obligation: To comply with UK laws, such as GDPR, the Data Protection Act 2018, and medical aesthetics regulations.

  • Legitimate Interests: To improve our services, manage client relationships, and ensure website functionality, where these interests do not override your rights.

How We Store and Protect Your Data

We take data security seriously and implement appropriate measures to protect your information:

  • Storage: Data is stored securely on encrypted systems, accessible only to authorised personnel.

  • Retention: We retain your personal and health data for 7 years following your last treatment, in line with medical record-keeping standards. Payment data is kept for 6 years to comply with financial regulations.

  • Access Control: Only trained staff, including our Nurse Practitioner, access your data on a need-to-know basis.

  • Security Measures: We use firewalls, encryption, and secure payment processing to prevent unauthorised access, loss, or breach of your data.

Sharing Your Information

We do not share your personal information with third parties except in the following circumstances:

  • With Your Consent: For example, if you agree to share your treatment details with a referring practitioner.

  • Service Providers: We may share data with trusted third parties, such as payment processors or IT service providers, who are contractually obligated to protect your data.

  • Legal Requirements: We may disclose data if required by law, such as in response to a court order or regulatory investigation.

  • Emergency Situations: To protect your health or safety, such as sharing medical details with emergency services if necessary.

Your Rights

Under GDPR and the Data Protection Act 2018, you have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you.

  • Rectification: Ask us to correct inaccurate or incomplete data.

  • Erasure: Request deletion of your data, where applicable (though medical records may need to be retained for legal reasons).

  • Restriction: Request that we limit the processing of your data in certain circumstances.

  • Objection: Object to processing based on legitimate interests, including marketing.

  • Data Portability: Request a copy of your data in a structured, commonly used format.

  • Withdraw Consent: If we process data based on your consent, you may withdraw it at any time.

To exercise these rights, please contact us at the details below. We will respond within one month, though complex requests may take longer.

Cookies and Website Tracking

Our website uses cookies to enhance your experience. Cookies are small files stored on your device that help us understand how you use our site. You can manage cookie preferences through your browser settings. For more details, please refer to our Cookie Policy on the website.

Marketing Communications

We may send you updates about our services, promotions, or events if you have opted in to receive marketing communications. You can unsubscribe at any time by clicking the “unsubscribe” link in emails or contacting us directly.

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these sites, and we encourage you to review their policies before sharing personal information.

Data Breaches

In the unlikely event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours, as required by GDPR, and inform affected clients promptly if there is a risk to your rights and freedoms.

Changes to This Policy

We may update this Privacy Policy to reflect changes in regulations or our practices. Updates will be posted on our website with the effective date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

  • Phone: 07534 136 351

  • Email: info@brightonaesthetic.co.uk

  • Address: Brighton Aesthetic, [Address to be provided by the business]

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled:

  • ICO Website: www.ico.org.uk

  • ICO Helpline: 0303 123 1113

Effective Date: 25 May 2025