Privacy Policy

This policy explains how Aesthetic Be You collects, uses, and protects personal data when you browse this website, contact the clinic, subscribe to updates, book an appointment, pay a deposit, complete pre-treatment paperwork, attend a consultation, or receive an aesthetic treatment.

For UK data protection purposes, Aesthetic Be You is the data controller for the personal data described on this page.

• directly from you when you submit the website contact form, newsletter form, booking form, or pre-treatment questionnaire
• from Stripe when you complete a deposit payment through hosted checkout
• from Google services used by the clinic to manage the live consent form, booking emails, and calendar bookings
• automatically through normal website operation, hosting infrastructure, browser storage, and map features
• from you during consultations or follow-up communications when additional clinical or administrative information is needed

The clinic's live consent form collects sensitive health information, including medical history, medication use, allergies, reproductive status, mental health indicators, prior cosmetic work, and other suitability information relevant to treatments such as injectables, peels, microneedling, laser-based services, skin procedures, and related aesthetic treatments.

This information is collected because it is necessary to decide whether a treatment is safe and clinically appropriate. If relevant information is not provided, the clinic may not be able to proceed with treatment.

• Stripe, to process online deposits and hosted checkout payments
• Google services used by the clinic, including Google Forms, Google Calendar, and Gmail or similar Google-hosted communication tools
• Vercel and other infrastructure or hosting suppliers needed to run the website
• technical service providers who help deliver site functionality, notifications, or mailing-list workflows
• professional advisers, insurers, regulators, courts, or law-enforcement bodies where disclosure is necessary or legally required

We do not sell your personal data and we do not share health information for unrelated marketing by third parties.

Some of the suppliers used to run the website, booking, payment, and communication systems may process data outside the UK. Where that happens, we rely on the provider's contractual safeguards and other recognised transfer mechanisms to protect your information.

The website uses browser-side technologies to make the site work properly and remember limited preferences. This includes theme preference storage, map caching, and technical platform features needed for pages, forms, and secure third-party services such as Stripe checkout.

Full details are set out in the Cookie Policy.

• to ask for a copy of the personal data held about you
• to ask for inaccurate data to be corrected
• to ask for deletion where there is no lawful reason to keep the data
• to object to or restrict certain processing
• to withdraw consent where consent is the basis relied on
• to complain to the UK Information Commissioner's Office at ico.org.uk if you believe your data has been handled unlawfully

We use reasonable technical and organisational measures to protect personal data, including controlled access to systems and the use of specialist providers for hosting, payments, email, and calendar management. No internet transmission or online platform can be guaranteed to be completely secure, so please avoid sending unnecessary sensitive information through the general contact form.

We may update this policy from time to time to reflect changes to the clinic, the website, or legal requirements. The latest version will always be published on this page.