PHARMASKIN AESTHETICS

GDPR Compliance Policy

1. Introduction

This GDPR Policy outlines how PharmaSkin Aesthetics collects, processes, stores, and protects personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU GDPR. We are committed to respecting the privacy and confidentiality of our patients and website users.

 

We ensure that all personal data is handled lawfully, transparently, and securely.

 

2. Who We Are

Clinic Name:                                      PharmaSkin Aesthetics
Address:                                              Room 1, Suite A13, Eagley House, The Mill, Deakins Business Park, Egerton, Bolton, BL7 9RW
Phone:                                                 07858 058 776
Email:                                                  enquiries@pharmaskin.uk 
Website:                                              www/pharmaskin.uk

 

Data Controller SRO: [Shiraz Shaffi]
 

The SRO controller of personal data is responsible for ensuring compliance with data protection law on behalf of PharmaSkin Aesthetics.

 

3. What Personal Data We Collect

We may collect the following types of personal data:

 

A. General Personal Information

  • Full name
  • Date of birth
  • Home address
  • Email address
  • Phone number
  • Emergency contact details

B. Medical and Treatment Data

  • Health and medical history
  • Current medications
  • Allergies or contraindications
  • Treatment records and progress notes
  • Consent forms
  • Before & after photographs (with explicit consent)

C. Financial & Transactional Data

  • Payment method (card provider, not card details)
  • Invoicing and billing details
  • Appointment records

D. Website Usage Information

  • IP address
  • Browser type
  • Device and usage information
  • Cookies and analytics data

4. How We Collect Your Data

We collect your personal data through:

  • Online booking systems and intake forms
  • In-clinic registration and consultation forms
  • Email and phone communications
  • Website contact forms and analytics
  • Direct messages via social media
  • Payment transactions or invoicing platforms
  • CCTV (for clinic security, where applicable)

5. Lawful Basis for Processing

Under the GDPR, we must have a lawful reason to process your data. We rely on:

  • Legal Basis
  • Purpose
  • Consent
  • Marketing emails, photo use, optional treatments
  • Contractual obligation
  • Providing agreed treatments and services
  • Legal obligation
  • Retaining medical records, complying with CQC, HMRC, or insurance rules
  • Vital interests
  • Emergency medical disclosures
  • Legitimate interest
  • Clinic management, fraud prevention, and security (e.g. CCTV)

 

6. Why We Process Your Data

We use your personal data to:

  • Deliver safe and appropriate aesthetic and cosmetic treatments
  • Maintain clinical records for legal and regulatory compliance
  • Contact you regarding appointments, results, or follow-up care
  • Take and store photos (only with explicit written consent)
  • Process payments and manage accounts
  • Improve our services and maintain safety (e.g. CCTV)
  • Communicate updates, offers, or news (with marketing consent)

7. Marketing and Consent

We will only send promotional emails, texts, or newsletters if you have actively opted in. You can withdraw consent at any time by:

  • Clicking the “unsubscribe” link in emails
  • Replying to opt-out of SMS
  • Contacting us directly

8. Sharing Your Personal Data

We do not sell your data. We only share it with trusted third parties where necessary, and only under strict data processing agreements.

These may include:

  • Aesthetic practitioners or nurses working at the clinic
  • Booking or practice management software providers (e.g. Fresha, Pabau, Cliniko)
  • Payment processors (e.g. Stripe, Square, GoCardless)
  • IT and cloud hosting services
  • Legal, regulatory, or insurance bodies if required by law

9. Data Retention

We retain data only as long as necessary for legal, regulatory, and clinical purposes:

  • Medical records: Kept for 7–10 years after last treatment or until patient turns 25 (whichever is later)
  • Photographs: Retained with consent until withdrawn
  • Financial records: Kept for 6 years minimum in accordance with tax law
  • Emails and messages: Retained as per clinic communication policy

10. Your GDPR Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify incorrect or incomplete data
  • Erase your data (in certain cases)
  • Restrict processing of your data
  • Object to data use in certain situations
  • Data portability (receive your data in a transferable format)
  • Withdraw consent at any time
  • Complain to the UK’s Information Commissioner’s Office (ICO)

To exercise your rights, please contact:
📧 enquiries@pharmaskin.uk

 

11. Data Security

We take security seriously. Your data is protected by:

  • Secure, encrypted cloud storage systems
  • Access controls and password protection
  • Regular data audits and security reviews
  • Staff confidentiality training and policies
  • Physical controls (locked cabinets, restricted access)

12. Cookies and Website Tracking

Our website uses cookies for analytics and functionality. Cookies may collect:

  • Your IP address
  • Time and date of visit
  • Pages viewed and session duration

You can manage or disable cookies in your browser settings. See our Cookie Policy for full details.

 

13. CCTV Monitoring

Our clinic may use CCTV for premises safety and security. Video footage is stored securely and retained for a limited period unless required for investigation or legal purposes.

 

14. Children’s Privacy

We do not provide treatments to individuals under 18 without explicit parental/guardian consent. We do not knowingly collect data from minors unless part of a documented treatment plan with guardian involvement.

 

15. Policy Updates

We may update this policy from time to time to reflect changes in law or clinic practices. The most current version will always be published on our website.

 

16. Contact Us

If you have questions about this policy or how we use your data, please contact us:

Clinic Name:                                     PharmaSkin Aesthetics
Address:                                             Room 1, Suite A13, Eagley House, The Mill, Deakins Business Park, Egerton, Bolton, BL7 9RW
Phone:                                                07858 058 776
Email:                                                 enquiries@pharmaskin.uk 
Website:                                             www.pharmaskin.uk
 

If you are not satisfied with how we handle your personal data, you may file a complaint with the ICO (Information Commissioner’s Office).

 [TS1]Please check address for website

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.