Legal

Privacy Policy

Last updated 2026-05-09

Aesthetic Clinique ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect about you, how we use it, who we share it with, how long we keep it, and the rights you have under the UK GDPR and the Data Protection Act 2018. It applies to our website at aestheticclinique.co.uk and to the consultation, treatment and aftercare services we provide at our West Hampstead clinic.

Who is the data controller?

Aesthetic Clinique London is the data controller for the personal information we collect about you. You can contact us about any aspect of this policy at info.babeautyaesthetic@gmail.com or by post in West Hampstead, London NW6 2LU.

Information we collect

We collect personal information so we can deliver safe, individualised aesthetic care and respond to your enquiries. The categories of information we may collect include:

  • Identity & contact details — name, date of birth, email address, phone number and postal address.
  • Health and medical information — medical history, medications, allergies, prior aesthetic and surgical procedures, lifestyle factors and any other clinical information relevant to assessing suitability for treatment.
  • Consultation and treatment records — consultation notes, written treatment plans, signed informed-consent forms, photographs taken with your consent for clinical record-keeping, and aftercare communications.
  • Booking, payment and transactional information — appointment details, deposits taken and payment confirmations. We do not store full card numbers; payments are processed by regulated third-party providers.
  • Marketing preferences — whether you have asked to receive (or stop receiving) emails or messages from us.
  • Website usage data — IP address, browser type, device information, pages visited and referring URL, collected via cookies and analytics tools. See our Cookie Policy.

Health and medical information is treated as special category data under the UK GDPR and is held to a higher standard of protection.

How we use your information

We use your personal information to:

  • Respond to your enquiries and arrange consultations or appointments.
  • Provide aesthetic and medical-aesthetic treatments safely, including assessing suitability and identifying contraindications.
  • Maintain clinical records to the standard required by professional, regulatory and insurance requirements.
  • Take, store and (where you have consented) review clinical photographs to monitor treatment outcomes.
  • Communicate with you about appointments, follow-up reviews and aftercare.
  • Process payments, deposits and refunds.
  • Send you marketing communications you have requested, and stop them when you ask us to.
  • Improve our website, content and services through anonymised analytics.
  • Meet our legal and regulatory obligations.

Lawful basis for processing

Under the UK GDPR we rely on the following lawful bases:

  • Consent — for marketing communications and the use of clinical photographs beyond clinical records.
  • Performance of a contract — to deliver the treatment and aftercare you have booked.
  • Legitimate interests — to operate the clinic, secure our website and prevent fraud, balanced against your rights and freedoms.
  • Legal obligation — to keep clinical records and respond to lawful regulatory or legal requests.
  • Vital interests — in rare situations where processing is necessary to protect someone's life or health.

For special category (health) data, we additionally rely on processing for the purposes of preventive or occupational medicine and the provision of health care under Article 9(2)(h) of the UK GDPR, by appropriately qualified clinical staff.

Sharing your information

We do not sell your personal information. We may share it, on a strict need-to-know basis, with the following categories of recipient:

  • Regulated technology providers acting as our processors — for example, our booking system, email provider, secure cloud storage and payment processors.
  • Other healthcare providers, where this is necessary for your safe care and where you have agreed to it (for example, contacting your GP about a complication).
  • Professional indemnity insurers and legal advisers, where required to manage a claim or potential claim.
  • Regulators and law enforcement, where we are legally required to do so.

All processors are bound by written agreements that require them to protect your information to a standard at least equivalent to ours.

International transfers

Some of our service providers may host data outside the United Kingdom — typically in the European Economic Area or the United States. Where this happens, we rely on UK adequacy regulations, the International Data Transfer Agreement, or Standard Contractual Clauses (with the UK Addendum where required) to safeguard your information.

How long we keep your data

We keep clinical records for the length of time required by professional, insurance and legal requirements — typically a minimum of 8 years from your last treatment for adults, longer for children. Other personal data is retained only for as long as necessary for the purposes for which it was collected, after which it is securely deleted or anonymised.

How we keep your data secure

We use technical and organisational measures designed to protect your information from loss, unauthorised access and disclosure. These include access controls on clinical record systems, encryption of data in transit, secure backups, staff confidentiality agreements and regular review of supplier security.

Your rights

Under the UK GDPR you have the right to:

  • Be informed about how we use your data (this policy).
  • Request access to the personal data we hold about you (a "subject access request").
  • Have inaccurate data corrected.
  • Have data erased where there is no good reason to keep it ("right to be forgotten").
  • Restrict or object to processing in certain circumstances.
  • Request data portability for data you have provided.
  • Withdraw consent at any time, where consent is the basis for processing.
  • Make a complaint to the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, please contact us at info.babeautyaesthetic@gmail.com. We will respond within one calendar month and may need to verify your identity before releasing information.

Cookies

Our website uses cookies to support essential functionality and to understand how visitors use the site. See our Cookie Policy for details and how to manage your cookie preferences.

Children

We do not knowingly collect personal information from children under 18 for marketing purposes. We do not provide aesthetic treatments to under-18s. If you believe a child has provided us with personal data, please contact us so we can delete it.

Changes to this policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will reflect any changes. Material changes will be brought to your attention where it is reasonable to do so.

Contact

For privacy enquiries, please contact us at info.babeautyaesthetic@gmail.com or by post in West Hampstead, London NW6 2LU. You also have the right to complain to the UK Information Commissioner's Office at any time.