Privacy policy

Last Updated: Sunday 25th January

Introduction

This Privacy Policy outlines how Lakes Aesthetic Clinic ("we", "us", or "our") collects, uses, and protects your personal data when you visit our website or use our services. We are committed to ensuring that your privacy is protected and that we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Lakes Aesthetic Clinic is the "data controller" responsible for your personal data.

  • Email: ella@lakesaestheticclinic.co.uk

  • Phone: 07532 198324

  • Postal Address: Albion Buildings, Kendal LA9 4LL

If you have any questions about this policy or our privacy practices, please contact us using the details above.

The type of personal information we collect

We currently collect and process the following information:

  • Identity Data: Name, date of birth, and gender.

  • Contact Data: Email address, phone number, and home address.

  • Medical & Health Data: Medical history, allergies, current medications, and records of previous aesthetic procedures.

  • Visual Data: Before and after photographs (for clinical records and, with specific consent, marketing).

  • Financial Data: Payment card details (processed securely via Stripe).

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • To book an appointment or consultation.

  • To conduct a clinical assessment and ensure a treatment is safe for you.

  • To carry out the aesthetic treatment itself.

Legal Bases for Processing: Under the UK GDPR, the lawful bases we rely on for processing this information are:

  1. Contractual obligation: To provide the services you have purchased.

  2. Consent: For marketing or using your photos on social media.

  3. Legal obligation: To keep medical and financial records for insurance and tax purposes.

  4. Special Category Data (Health): We process health data under the basis of "Provision of Health or Social Care" (Article 9(2)(h)).

How we store your personal information

Your information is securely stored.

  • Retention: We keep medical records for [e.g., 7 or 10 years] following your last treatment, as required by our insurance provider and clinical guidelines.

  • Disposal: We will then dispose of your information by permanently deleting digital files or shredding physical documents.

Sharing your information

We may share your information with:

  • Medical Professionals: If required for your safety (e.g., your GP).

  • Insurance Providers: If necessary for professional indemnity purposes.

  • Software Providers: Secure platforms used for booking and clinical notes.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access: You can ask us for copies of your personal information.

  • Your right to rectification: You can ask us to correct information you think is inaccurate.

  • Your right to erasure: You can ask us to erase your personal information in certain circumstances.

  • Your right to withdraw consent: You can withdraw consent for marketing or photo usage at any time.

How to complain

If you have any concerns about our use of your personal information, you can contact ella@lakesaestheticclinic.co.uk