top of page

Aesthetics By Dr Rhea is committed to protecting and respecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

As a medical aesthetics clinic, we process personal and special category data (including health information) to provide safe and appropriate treatments.

Data We Collect

Personal Data

  • Full name

  • Contact details (email, phone number)

  • Date of birth

Special Category Data (Health Information)

  • Medical history

  • Medications and allergies

  • Previous treatments

  • Photographs (with consent)

This data is essential to ensure safe, appropriate and effective treatment.


How We Collect Your Data

We collect data when you:

  • Submit an enquiry or booking form

  • Attend a consultation or treatment

  • Communicate with us via email, phone, or social media

  • Use our website (via cookies and analytics tools)


Purpose of Processing

We use your data to:

  • Assess your suitability for treatments

  • Provide safe medical and aesthetic services

  • Maintain accurate medical records

  • Communicate regarding appointments and follow-ups

  • Comply with legal and regulatory obligations

  • Improve our services and website

We will only use your data for marketing purposes where you have provided explicit consent.


Legal Basis for Processing

Under UK GDPR, we rely on:

  • Article 6(1)(b) – Contractual necessity (providing services)

  • Article 6(1)(c) – Legal obligation (medical record keeping)

  • Article 6(1)(f) – Legitimate interests (running the clinic)

  • Article 9(2)(h) – Provision of health care (for processing medical data)

  • Consent – for marketing and use of images

 

Medical Records Retention

As a medical provider, we are required to retain patient records in line with professional guidance.

  • Adult records are typically retained for 8 years
     

Data Sharing

We will never sell your data.

We may share your data with:

  • Other regulated healthcare professionals (if required for your care)

  • Secure third-party providers (e.g. booking systems, payment processors)

  • Regulatory bodies such as the Information Commissioner’s Office (ICO) if required

  • Legal authorities where necessary

All third parties are required to handle your data securely and in compliance with UK GDPR.


Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Secure digital systems

  • Restricted access to sensitive data

  • Confidential handling of medical records


Your Rights

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where legally applicable)

  • Restrict or object to processing

  • Withdraw consent at any time

Please note: medical records cannot always be deleted due to legal obligations.

To exercise your rights, contact: aesthetics.dr.rhea@gmail.com

​

Marketing

We will only send marketing communications if you have opted in. You may withdraw consent at any time.

​

Complaints

If you have concerns about how your data is handled, you can contact us directly.

You also have the right to lodge a complaint with the:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk

 

Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website.

 

Contact Details

Aesthetics By Dr Rhea
Email: aesthetics.dr.rhea@gmail.com

bottom of page