PharmaSkin Aesthetics Clinic

Effective Date: 01st July 2025

1. Introduction

At PharmaSkin Aesthetics, we are committed to protecting your privacy and safeguarding the personal data you provide to us. This Privacy Policy explains how we collect, use, store, and share your information, and outlines your rights under applicable data protection laws.

We handle all personal information following the General Data Protection Regulation (GDPR) and other relevant legislation.

2. Who We Are

Clinic Name:                                     PharmaSkin Aesthetics
Address:                                              Room 1, Suite A13, Eagley House, The Mill, Deakins Business Park, Egerton, Bolton, BL7 9RW
Phone:                                                 07858 058 776
Email:                                                  enquiries@pharmaskin.uk
Website:                                              www.pharmaskin.uk

Data Controller: Shiraz Shaffi (SRO)

3. What Information We Collect

We may collect and process the following categories of personal data:

A. Personal Information

Full name
Date of birth
Address
Email address
Phone number
Emergency contact

B. Medical Information

Medical history
Current medications
Allergies
Prior aesthetic or surgical treatments
Photographs (before & after treatment)
Practitioner consultation notes

C. Financial Information

Payment method
Billing address
Transaction details (we do not store card details without consent)
Bank Details

D. Website Usage Data

IP address
Browser type
Device information
Pages visited
Cookies (see Section 10)

4. How We Collect Your Information

We collect your data through the following means:

Directly from you via online booking forms, consultations, phone calls, or emails
Medical history and consent forms completed before treatment
Website analytics tools (e.g., Google Analytics)
CCTV on premises (for security purposes)
Social media interactions (when contacting us or commenting)

5. Why We Collect Your Data

We process your data for the following purposes:

To provide safe and appropriate aesthetic treatments
To maintain accurate clinical records
To comply with legal, regulatory, and insurance requirements
To contact you regarding your appointments
To manage payments, invoicing, and accounting
To send you marketing communications (only with your explicit consent)
To improve our website and services

6. Legal Basis for Processing

We rely on the following lawful bases under GDPR:

Consent – for marketing or optional communications
Contractual necessity – to provide aesthetic services
Legal obligation – for regulatory compliance (e.g., medical record retention)
Legitimate interest – for customer support, service quality, and security

7. Data Sharing and Third Parties

We may share your data with:

Practitioners or clinic staff directly involved in your care
Third-party service providers (e.g., payment processors, booking platforms)
Legal or regulatory bodies if required by law
IT and software support services (under data processing agreements)

We do not sell or rent your data to any third parties.

8. Data Retention

We retain your data for as long as necessary to:

Fulfil the purposes stated in this policy
Comply with legal and insurance obligations
Medical and treatment records are typically retained for 7–10 years, or longer for younger adults (18 - 25), in accordance with healthcare regulations.

9. Data Security

We implement appropriate technical and organisational measures to safeguard your data to include:

Encrypted medical software
Password-protected systems
Physical security (e.g., locked filing cabinets, CCTV)
Regular staff training on data protection

10. Cookies and Website Tracking

Our website uses cookies to:

Enhance user experience
Analyse site traffic
Improve content and marketing efforts

You can manage your cookie preferences via your browser settings. For full details, please see our separate Cookie Policy.

11. Your Data Rights

Under GDPR, you have the right to:

Access your personal data
Request correction of inaccurate data
Request deletion of your data (subject to legal obligations)
Restrict or object to data processing
Withdraw consent at any time (for marketing)
Data portability (where applicable)
To exercise any of these rights, contact us at enquiries@pharmaskin.uk.

We may need to verify your identity before processing your request.

12. Marketing Communications

We will only contact you for promotions, events, or newsletters if you have agreed to opt in during your registration process. You can unsubscribe at any time using the link in our emails or by contacting the clinic directly.

13. CCTV Monitoring

We use CCTV within the clinic premises for safety and security. Footage is retained for a limited period unless required for investigation.

14. Children's Privacy

We do not knowingly collect or process data from individuals under the age of 18. No treatments are offered to minors under the age of 18.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law, technology, or business practices. The latest version will always be available on our website.

16. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your data, please contact:

Clinic Name:                                    PharmaSkin Aesthetics
Address:                                              Room 1, Suite A13, Eagley House, The Mill, Deakins Business Park, Egerton, Bolton, BL7 9RW
Phone:                                                 07858 058 776
Email:                                                  enquiries@pharmaskin.uk
Website:                                              www.pharmaskin.uk

If you are dissatisfied, you also have the right to lodge a complaint with your Data Protection Authority.

[TS1]Please check address for website