Privacy Policy
Introduction
Welcome to the Privacy Policy of Groves Aesthetics. We are committed to protecting your personal information and respecting your privacy. This policy explains how we collect, use, and safeguard your data when you visit our website (www.grovesaesthetics.co.uk) or use our services.
1. Data Controller
1.1 Groves Aesthetics is the data controller responsible for your personal data.
1.2 If you have any questions about this policy or how we handle your data, please contact us:
Email: dr.rana@grovesaesthetics.co.uk
2. Data We Collect
We may collect and process the following types of personal data:
Identity Data: Name, date of birth, gender.
Contact Data: Address, phone number, email address.
Health Data: Medical history, allergies, medications, and other details necessary for treatments (sensitive data).
Payment Data: Billing address, payment details (processed via secure third-party payment providers).
Technical Data: IP address, browser type, device information, and usage data collected via cookies.
3. How We Collect Your Data
We collect data in the following ways:
Directly from you: When you complete forms, book appointments, or contact us.
Automatically: Through cookies and similar technologies when you use our website.
From third parties: Such as payment processors or referral partners.
4. How We Use Your Data
We use your personal data to:
Provide and manage our services, including consultations and treatments.
Contact you regarding appointments or inquiries.
Process payments and invoices.
Comply with legal and regulatory obligations.
Improve our website and user experience.
Send you marketing communications (if you have opted in).
5. Legal Bases for Processing
We process your data under the following legal bases:
Consent: For marketing communications and processing sensitive health data.
Contract: To provide the services you have requested.
Legal Obligation: To comply with regulatory requirements and tax laws.
Legitimate Interests: For business operations and website functionality.
6. Data Sharing
We only share your personal data:
With third-party service providers (e.g., IT support, payment processors) for business operations.
With regulatory bodies or legal authorities if required by law.
With your consent, e.g., sharing treatment details with other healthcare providers or insurers.
7. International Data Transfers
We do not transfer your personal data outside the UK or European Economic Area (EEA). If this changes, we will ensure compliance with applicable data protection laws.
8. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law.
Medical records: Retained for at least 10 years in compliance with UK medical guidelines.
Financial records: Retained for 6 years to meet tax obligations.
9. Your Rights
Under UK GDPR, you have the following rights:
Access: Request a copy of your personal data.
Rectification: Correct inaccuracies in your data.
Erasure: Request deletion of your data (subject to legal exceptions).
Restriction: Limit processing of your data.
Portability: Receive your data in a portable format.
Objection: Object to processing based on legitimate interests or for marketing purposes.
Withdraw Consent: Withdraw consent at any time for processing based on your consent.
To exercise these rights, please contact us using the details provided above.
10. Cookies
Our website uses cookies to enhance your experience. For more details, see our Cookie Policy.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction.
12. Complaints
If you have concerns about how we handle your data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Phone: 0303 123 1113
13. Changes to This Policy
We may update this Privacy Policy from time to time.