top of page

PRIVACY POLICY

This Privacy Policy explains how Emily Self Aesthetic Skin Clinic (“we”, “us”, “our”, “the Clinic”) collects, uses, stores, and shares your personal data when you contact us, book an appointment, attend for consultation/treatment, or purchase products/services.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1) Data Controller / Contact 

Emily Self Aesthetic Skin Clinic
Data protection and medical record contact: Emily Grief, Medical Aesthetician
Email: emilyselfaesthetics@outlook.com

If you have questions about this policy or how your data is used, please contact us using the details above.

2) The personal data we collect

We may collect and process the following categories of personal data:

a) Identity and contact data

  • Name

  • Email address

  • Telephone number

  • Address (where relevant for invoicing or product supply)

b) Booking and communication data

  • Appointment details and booking history

  • Messages and correspondence (email, telephone notes, social media messages where used for communication)

  • Enquiry details and information you provide when requesting advice about appointment suitability (non-emergency)

c) Clinical data (special category data)

To provide aesthetic and skin services safely, we may collect:

  • Medical history and health information you provide

  • Current medications and supplements

  • Allergies

  • Treatment assessments, clinical notes, and consent records

  • Records of advice given and aftercare provided

d) Photographs

We may take or store clinical photographs:

  • For your medical record (e.g., documenting baseline and treatment outcomes)

  • For audit and service improvement

  • For marketing purposes only with your explicit written consent (this is optional and not a condition of treatment)

e) Payment data

We may store:

  • Deposit/payment status, invoice references, and payment amounts
    We do not require or store full card details if payments are processed by third-party providers (where applicable).

3) How we use your personal data (purposes)

We use your personal data for purposes including:

  • Creating and maintaining your client/medical record

  • Booking, confirming, rescheduling, and administering appointments

  • Providing consultations, treatments, advice, and aftercare

  • Assessing suitability and ensuring safe treatment delivery

  • Responding to enquiries and ongoing clinical communications where relevant

  • Record keeping for clinical governance, audit, insurance, and legal obligations

  • Managing complaints and responding to incidents or adverse events

  • Sending marketing communications only if you have consented (you can withdraw consent at any time)

4) Lawful bases for processing (UK GDPR)

We process personal data under one or more lawful bases, depending on the context:

a) Contract

Where processing is necessary to provide services you have requested (e.g., managing bookings and delivering paid services).

b) Legal obligation

Where we must comply with legal/regulatory duties (e.g., record keeping, responding to lawful requests from regulators).

c) Legitimate interests

Where it is necessary for running and improving the Clinic (e.g., administrative communications, quality improvement, audit), provided your rights do not override these interests.

d) Consent

Where required (e.g., marketing communications; use of photographs for marketing). You may withdraw consent at any time.

Special category (health) data

When we process health-related information, we do so because it is necessary for healthcare and treatment provision and/or for reasons of substantial public interest in line with applicable UK GDPR conditions, and with appropriate safeguards.

5) How we share your data

We only share your personal data where necessary and appropriate, including with:

a) Pharmacies

When a prescription order is necessary for the product or medicine you require, we may share relevant information with a pharmacy to support that process.

b) Payment providers (where applicable)

If you choose to use a payment plan or third-party payment option (e.g., Klarna, subject to eligibility), we may share necessary information to administer payment.

c) Regulators and authorities

We may share information with regulators or government authorities if required by law, or where an authority requests it and we regard that request to be reasonable.

d) Professional advisers / insurers (where necessary)

 

We may share relevant information with professional advisers (e.g., indemnity/insurance providers or legal advisers) where necessary to establish, exercise, or defend legal claims, or to support clinical governance.

We do not sell your personal data.

6) Communications: email, social media, and telephone

If you contact us:

By email

You should be aware that emails you send or receive may not be protected in transit.

Via social media

You should be aware that messages you send or receive may not be protected in transit. Where possible, we may suggest moving sensitive clinical information to more secure channels.

By telephone

If you make an enquiry by telephone and you are not known to us, we may request basic contact information for the purposes of:

  • making an appointment for you

  • creating/populating a new record

  • sending directions, appointment confirmations, and treatment information if requested

You may unsubscribe from non-clinical communications once you have received requested information, if you do not wish to hear from us again.

We may retain records of communication where the information exchanged needs to be included in your medical record and/or where required to establish, exercise, or defend legal claims.

7) Marketing communications

We will only send you marketing communications if you have opted in/consented.
You can withdraw consent at any time by:

Withdrawing marketing consent does not affect essential service communications related to your appointment(s) or care.

8) Photograph consent

  • Clinical photographs for your medical record are used for documentation, monitoring, and clinical governance.

  • Any use of photographs for marketing (website/social media) will only occur with your explicit written consent.

  • You can withdraw marketing photo consent at any time. This will stop future use; it may not be possible to remove images already printed or already shared by third parties, but we will act reasonably and promptly to remove content under our control.

9) How we store and protect your data

Your medical record and personal data are maintained securely with appropriate technical and organisational measures. Access is restricted to authorised persons only.

10) How long we keep your data (retention)

Your medical record and personal data will be maintained securely and archived securely after 2 years, and will be stored for a period of 10 years as advised by insurance providers. It is our lawful duty to retain medical records for appropriate periods.

11) Your rights

You have rights under UK GDPR, including (subject to certain conditions):

  • The right to access your personal data

  • The right to request rectification of inaccurate or incomplete data

  • The right to request erasure of your personal data without undue delay on certain grounds (e.g., where it is no longer necessary for the purpose it was collected, or where you withdraw consent and there is no other lawful basis)

Withdrawing consent

Where we rely on your consent (e.g., marketing), you have the right to withdraw it at any time by emailing emilyselfaesthetics@outlook.com.

Important: If you request erasure, please note we may still need to retain certain information where required to:

  • comply with legal obligations, and/or

  • establish, exercise, or defend legal claims, and/or

  • meet clinical governance and insurance requirements for medical records.

Requests

You have the right to request a copy of your personal data held by us. To make a request, please email emilyselfaesthetics@outlook.com.

12) Complaints

If you have concerns about how your data has been handled, please contact us first so we can address the issue.

You also have the right to complain to the UK regulator: Information Commissioner’s Office (ICO)
(You can find their contact details on the ICO website.)

13) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The version published on our website is the current version.

bottom of page