top of page

PRIVACY POLICY

Last Updated: 06/05/2025

​

1. Introduction
Welcome to Thames Aesthetics Clinic ("we," "us," "our"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and disclose your personal information when you visit our website https://www.thamesaesthetics.co.uk/, book an appointment, receive treatments, or otherwise interact with us.
We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

​

2. Who We Are
Thames Aesthetics Clinic is the Data Controller responsible for your personal data.

  • Clinic Name: Thames Aesthetics Clinic

  • Registered Address: 4 Church St, Twyford, Reading RG10 9DR, United Kingdom

  • Contact Email for Data Protection Queries: admin@thamesaesthetics.co.uk (or info@thamesaesthetics.co.uk if you prefer to use your general email, though a dedicated one is good practice)

  • Contact Telephone: +44 118 334 3736

​

3. Information We Collect About You
We may collect and process the following types of personal data:

  • Identity Data: Full name, title, date of birth, gender.

  • Contact Data: Billing address, delivery address, email address, telephone numbers (including +44 118 334 3736, +44 748 554 4699 if provided by clients for contact).

  • Health and Medical Data (Special Category Data):

  • Information about your medical history, allergies, medications, and general health relevant to your treatments.

  • Details of consultations, treatments you have received or are interested in.

  • "Before and after" photographs and videos related to your treatments (with your explicit consent for specific uses).

  • Financial Data: Payment card details (typically processed securely by our third-party payment processors and not stored by us directly), transaction history.

  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Usage Data: Information about how you use our website, products, and services.

  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.

  • Enquiry Data: Information you provide when you contact us (e.g., via info@thamesaesthetics.co.uk or phone) with an enquiry or to request information.

​

4. How We Collect Your Information

  • We collect information in the following ways:

  • Direct Interactions:

  • When you fill in forms on our website (e.g., contact forms, booking forms).

  • When you correspond with us by post, phone (e.g., +44 118 334 3736, +44 748 554 4699), email (e.g., admin@thamesaesthetics.co.uk), or otherwise.

  • During consultations and treatments at our clinic (4 Church St, Twyford, Reading RG10 9DR).

  • When you subscribe to our newsletter or marketing communications.

  • When you provide feedback or participate in surveys.

  • Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy [Link to Your Cookie Policy, if separate] for further details.

  • Third Parties: We may receive personal data about you from various third parties, such as:

  • Technical data from analytics providers (e.g., Google Analytics).

  • Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services.

  • Referrals from other medical or aesthetic practitioners (with your consent).

​

5. How We Use Your Information and Our Legal Basis for Processing

  • We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Purpose/ActivityType of DataLawful Basis for Processing

  • To register you as a new patient/clientIdentity, ContactPerformance of a contract with you

  • To provide consultations and aesthetic treatmentsIdentity, Contact, Health/MedicalPerformance of a contract with you; Explicit Consent (for Special Category Health Data); Our legitimate interests (to provide safe and effective treatments)

  • To manage your appointmentsIdentity, Contact, TransactionPerformance of a contract with you

  • To process paymentsIdentity, Contact, Financial, TransactionPerformance of a contract with you

  • To manage our relationship with you (e.g., notifications, feedback)Identity, Contact, Marketing & CommunicationsPerformance of a contract with you; Our legitimate interests (to keep our records updated and to study how customers use our services)

  • To send you marketing communications (e.g., newsletters, special offers)Identity, Contact, Marketing & CommunicationsYour explicit consent (you can withdraw consent at any time)

  • To use your "before and after" photos/videos for marketing (e.g., website, social media)Identity, Health/Medical (Photos/Videos)Your explicit written consent (detailing where and how images will be used; you can withdraw consent)

  • To administer and protect our business and this websiteIdentity, Contact, TechnicalOur legitimate interests (for running our business, provision of administration and IT services, network security)

  • To use data analytics to improve our website, products/services, marketing, customer relationships and experiencesTechnical, UsageOur legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant)

  • To comply with legal or regulatory obligationsIdentity, Contact, Health/Medical, Financial, TransactionCompliance with a legal obligation (e.g., medical record keeping, financial reporting)

  • Special Category Data (Health/Medical Data): We process your health and medical data, including "before and after" photographs, only where necessary for the provision of healthcare and aesthetic treatments, and on the basis of your explicit consent for specific uses (such as marketing). You have the right to withdraw this consent at any time for future processing.

​

6. Sharing Your Information

  • We do not sell your personal data. We may share your personal data with trusted third parties where necessary, including:

  • Service Providers: Who provide IT and system administration services, payment processing, booking systems, marketing and communication services. [Consider naming key types, e.g., "our booking platform provider"]

  • Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

  • Regulatory Authorities: Such as HMRC, the Care Quality Commission (CQC) if applicable, and other regulators where required by law.

  • Medical Professionals: In an emergency or if required for your continued care (e.g., your GP), with your consent or where it is in your vital interests.

  • Law Enforcement: If required by law or to protect our rights, property, or safety, or that of our patients or others.

  • We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

    Some of our external third parties may be based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are in place (e.g., by using specific contracts approved for use in the UK which give personal data the same protection it has in the UK, such as the UK Addendum to the EU Standard Contractual Clauses).

 

7. Data Security
We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. These measures include:

  • Restricting access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

  • Ensuring staff are trained on data protection and confidentiality.

  • Using secure servers and encryption where appropriate.

  • Procedures to deal with any suspected personal data breach, and we will notify you and any applicable regulator of a breach where we are legally required to do so.

 

8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Medical records (including consultation notes and treatment details) are typically retained for a minimum period as required by medical and insurance guidelines (e.g., [State your typical retention period, e.g., 8 years after last treatment for adults, or for children until their 25th birthday, or 26th if 17 at conclusion of treatment, or 8 years after death if sooner]). You must confirm this with your professional body/insurer.

  • For marketing purposes, we retain your data as long as you continue to consent to receive communications from us.

  • Basic information about our customers (Identity, Contact, Financial, Transaction Data) is kept for [e.g., six years plus current] after they cease being customers for tax purposes.

  • We will securely anonymise or delete your data when it is no longer required.

  • 9. Your Data Protection Rights

    Under data protection law, you have rights including:

  • Right of Access: To request access to your personal data.

  • Right to Rectification: To request correction of inaccurate personal data.

  • Right to Erasure (Right to be Forgotten): To request erasure of your personal data, under certain conditions.

  • Right to Restrict Processing: To request the restriction of processing of your personal data, under certain conditions.

  • Right to Data Portability: To request the transfer of your personal data to you or a third party, in a structured, commonly used, machine-readable format.

  • Right to Object: To object to processing of your personal data where we are relying on a legitimate interest (or those of a third party).

  • Right to Withdraw Consent: To withdraw consent at any time where we are relying on consent to process your personal data (e.g., for marketing or use of photos).

  • To exercise any of these rights, please contact us at privacy@thamesaesthetics.co.uk (or your chosen contact email) or by post at Thames Aesthetics Clinic, 4 Church St, Twyford, Reading RG10 9DR, United Kingdom.

    You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

  • You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

​

10. Cookies
Our website (https://www.thamesaesthetics.co.uk/) uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy [Link to Your Cookie Policy, if separate, otherwise add a brief explanation here or integrate more fully, e.g., "We use [Type of cookie, e.g., essential, analytical, marketing] cookies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly."]

 

11. Children's Privacy
Our services are generally not directed to individuals under the age of [e.g., 18]. We do not knowingly collect personal data from children under this age without verifiable parental or guardian consent where treatments are appropriate and legally permissible for minors. If we become aware that we have collected personal data from a child without such consent for services they are not eligible for, we will take steps to delete that information.

 

12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website (https://www.thamesaesthetics.co.uk/) and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

 

13. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Lead:

  • Email: admin@thamesaesthetics.co.uk (or your chosen contact email)

  • Postal Address: Data Protection Lead, Thames Aesthetics Clinic, 4 Church St, Twyford, Reading RG10 9DR, United Kingdom

  • Telephone: +44 118 334 3736

bottom of page