Why do you use my data?

To assess suitability, deliver safe nurse-led treatments, manage bookings and payments, provide aftercare, comply with legal/insurance obligations, improve our website (analytics) and—if you opt in—send service updates.

What is your lawful basis under UK GDPR?

We rely on: (1) Consent (e.g., for certain medical details and marketing); (2) Contract (to provide booked services); (3) Legal obligation (records, tax, insurance); (4) Legitimate interests (site security, service improvement). Special category data (health) is processed with your explicit consent and for provision of health-related care.

How long do you keep my data?

We keep clinical records for the period required by law/insurers (often up to 7 years from last treatment, or longer in specific circumstances). Booking and financial records are retained for tax/audit. We minimise retention wherever possible.

Do you share my data with anyone?

We do not sell your data. We may share with essential service providers (booking forms, payment processors, insurers, IT/hosting) under data-processing agreements, or with regulators/authorities where legally required. Limited information may be shared with pharmacies/suppliers for prescription products, where applicable.

What are my UK GDPR rights?

You can request access, rectification, erasure, restriction, portability, and object to processing. You can withdraw consent at any time where we rely on consent. You also have the right to complain to the ICO.

Do you use cookies or analytics?

Yes. We use essential cookies for site functionality and Google Analytics for anonymous usage insights. You can control cookies via your browser and any consent tools provided.

PDC Aesthetics | Privacy Policy (UK GDPR) | How We Use & Protect Your Data

Q: What information do you collect?

We collect contact details (name, email, phone), booking details, health information relevant to treatment (medical history, medications, allergies), consents, payment records and basic usage data (cookies/analytics). We only process what is necessary for safe treatment and running our service.

Reviewed by: PDC Aesthetics data & clinical team • Last updated

Who We Are & How to Reach Us

PDC Aesthetics provides nurse-led, mobile aesthetic treatments in and around Stone, Staffordshire. For privacy questions or to exercise your rights, please contact us via our Contact page or WhatsApp on +44 7368 923639.

Controller: PDC Aesthetics (Stone, Staffordshire, ST15). We are responsible for deciding how and why your data is processed.

Data We Collect

Identity & Contact: name, email, phone, address (for home visits).
Clinical & Health: medical history, medications, allergies, suitability screening, consent forms, treatment notes and photographs (if you consent).
Booking & Payment: appointment details, communications, payment confirmations (we do not store full card details).
Website & Device: IP, pages viewed, time on page, referrers, basic device/browser info (via cookies/analytics).
Marketing Preferences: your choices about receiving updates, reminders or offers.

Providing accurate health information is essential to assess suitability and deliver treatments safely.

How We Use Your Data (Purposes)

Clinical care: assess suitability, deliver treatments, provide aftercare and follow-up support.
Operations: bookings, reminders, record-keeping, insurance, tax and regulatory compliance.
Customer support: respond to queries, service updates and changes to policies.
Improvements: site performance, service quality, safety audits and training.
Marketing: only with your consent—news, tips, offers; you can opt out anytime.

Our Lawful Basis (UK GDPR)

Consent: for processing special category data (health), photographs and marketing communications.
Contract: to provide the services you request and manage your bookings.
Legal obligation: record retention, tax/audit, insurance and regulatory requirements.
Legitimate interests: site security, service quality, preventing fraud and improving user experience.

You may withdraw consent at any time where we rely on it.

How Long We Keep Your Data

We retain clinical records for the period required by law and our insurers (commonly up to 7 years from your last treatment, or longer in specific cases). Financial and booking records are retained for tax and audit. We minimise what we keep and review retention regularly.

Sharing & Processors

We do not sell your data. We may share limited information with:

Service providers: secure booking forms, payment processors, IT/hosting, email/SMS tools, analytics, insurers and legal advisers—under data-processing agreements.
Clinical partners: pharmacies/suppliers for prescription products where appropriate.
Authorities: regulators or law enforcement, if legally required.

Where we use processors outside the UK, we rely on appropriate safeguards (see below).

International Transfers

If personal data is transferred outside the UK (e.g., where a cloud provider stores data abroad), we use recognised safeguards such as UK adequacy regulations or standard contractual clauses. You can contact us for details of current safeguards.

How We Protect Your Data

Access controls, encryption in transit, device security and staff training.
Principle of data minimisation and role-based access to clinical information.
Regular policy reviews and incident response procedures.

No system is 100% secure, but we take appropriate steps to reduce risk and act promptly if issues arise.

Cookies & Analytics

We use essential cookies for site functionality and Google Analytics to understand how visitors use our website. Analytics provides aggregated, de-identified insights (e.g., pages visited, time on site). You can control cookies in your browser settings and through any consent tools provided on our site.

Disabling non-essential cookies may limit certain features but won’t affect booking by phone or WhatsApp.

Your UK GDPR Rights

Access: request a copy of your data.
Rectification: correct inaccurate or incomplete data.
Erasure: ask us to delete your data where applicable.
Restriction: request we limit certain processing.
Portability: receive certain data in a portable format.
Object: object to processing based on legitimate interests or to direct marketing.
Withdraw consent: where processing relies on your consent.

We may need to verify your identity before responding. Some rights may be limited by clinical, legal or insurance obligations.

Contact & Complaints

To exercise your rights or ask a question, use our Contact page or message us on WhatsApp.

If you’re unhappy with our response, you can complain to the UK Information Commissioner’s Office (ICO). We always aim to resolve issues directly first.

Changes to This Privacy Notice

We may update this notice to reflect changes in law, guidance or our services. The “Last updated” date at the top shows when it was most recently reviewed.

Privacy FAQs

What information do you collect?▾

Contact details, booking info, treatment/health information necessary for safe care, consents, payments and basic analytics data (see above for full list).

What is your lawful basis?▾

Consent (health data, photos, marketing), Contract (to provide services), Legal obligation (records/tax) and Legitimate interests (security, improvements).

Do you share my data?▾

No data sales. Limited sharing with essential processors (bookings, payments, hosting), pharmacies/suppliers where appropriate, and regulators where legally required.

How do I exercise my rights?▾

Contact us via the Contact page or WhatsApp. We’ll respond within statutory timeframes and may require ID verification.

This policy is for general information and does not constitute legal advice.