171 High Street, Burton-on-Trent, DE13 9GS
@AestheticandaBeauty@beyou_aesthetic_laser
Loading Circle
Loading Logo
Loading Circle
Loading Logo

Footer

Burton-on-Trent Aesthetic Clinic

Everyday creating exceptional experiences.

Services

Company

Legal

© 2026 AestheticBeYou. All rights reserved.

Powered byNext.js•Hosted using VercelVercel•Secure payments via Stripe

Privacy Policy

Aesthetic Be You – Burton upon Trent, United Kingdom

Last updated: [INSERT DATE]

Summary (plain English)

  • We only collect data we need to book, treat, and look after you safely.
  • Health information is treated as special category data and protected accordingly.
  • We never sell your data.
  • You can exercise your UK GDPR rights at any time.

1. Introduction

This Privacy Policy explains how Aesthetic Be You (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you:

  • Visit our website
  • Use our online booking system
  • Communicate with us
  • Attend consultations or aesthetic treatments

We are committed to protecting your privacy and handling personal data lawfully, fairly, and transparently in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • Guidance issued by the Information Commissioner’s Office (ICO)

2. Who we are (Data Controller)

Business name
Aesthetic Be You
Business type
Aesthetic & Beauty Treatments
Registered address
[INSERT BUSINESS ADDRESS]
Email
[INSERT CONTACT EMAIL]

For the purposes of data protection law, Aesthetic Be You is the “Data Controller”, meaning we determine how and why your personal data is processed.

ICO registration

Under UK law, most aesthetics businesses must register with the ICO and pay the data protection fee. Once registered, your ICO registration number should be displayed here:

ICO Registration Number: [INSERT ICO REGISTRATION NUMBER]

Definitions

  • Personal data means information that identifies you (e.g. name, email, phone).
  • Special category data includes health/medical information and requires extra protection under UK GDPR.
  • Processing means anything we do with data (collect, store, use, share, delete).

3. Personal data we collect

We may collect, use, store, and transfer the following categories of personal data:

a) Identity & contact data

  • Full name
  • Email address
  • Telephone number
  • Date of birth

b) Medical & health data (special category data)

This includes special category data under Article 9 UK GDPR and may include:

  • Medical questionnaires
  • Health declarations
  • Treatment history and records
  • Consultation notes
  • Consent forms and photographs (where applicable)

This data is essential to assess suitability and ensure client safety.

c) Booking & payment data

  • Appointment details
  • Payment confirmation and transaction references

Payment card details are not stored by us. Payments are processed securely via third-party payment providers (e.g. Stripe).

d) Technical data

  • IP address
  • Browser type and version
  • Device and operating system
  • Website usage and analytics data

4. How we collect your data

  • Online booking systems
  • Pre-treatment medical questionnaires
  • Consent forms completed digitally or in person
  • Email or telephone correspondence
  • Website cookies and analytics tools

5. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

a) Performance of a contract

To manage bookings, consultations, and provide treatments you request.

b) Consent

Where you have actively provided consent, including:

  • Email marketing
  • Processing of special category medical data
  • Treatment photography (where applicable)

c) Legal obligation

To comply with regulatory, insurance, and record-keeping requirements.

d) Legitimate interests

To operate and improve our business, provided your rights do not override these interests.

e) Medical purposes – explicit consent (Article 9 UK GDPR)

Special category medical data is processed only with your explicit consent for:

  • Assessing treatment suitability
  • Ensuring client safety
  • Maintaining accurate clinical records

Consent is obtained via signed consultation and consent forms and may be withdrawn at any time, subject to legal and clinical record-keeping requirements.

6. Medical data & client responsibility disclaimer

We rely on the medical information you provide to assess whether treatments are safe and appropriate.

You confirm that:

  • All medical and health information provided is accurate, complete, and truthful
  • You will notify us of any changes to your medical condition

Failure to disclose relevant medical information may compromise treatment safety or results. To the extent permitted by law, we cannot accept responsibility for adverse outcomes arising from incomplete or inaccurate disclosures.

7. How we use your data

  • Manage appointments and bookings
  • Conduct consultations and assess suitability
  • Deliver safe and appropriate treatments
  • Maintain clinical and consent records
  • Communicate regarding appointments and aftercare
  • Process payments
  • Improve our services and website performance

8. Data storage, security & retention

Security

  • Secure digital systems
  • Restricted access to medical records
  • Password-protected platforms
  • Data minimisation principles

Only authorised personnel with a legitimate need may access medical data.

Retention periods

  • Medical and treatment records: Typically retained for at least 7 years after your last treatment (or longer where clinically or legally required).
  • Booking and financial records: Retained in line with HMRC and accounting obligations.
  • Marketing data: Retained until you withdraw consent or unsubscribe.

9. Data sharing

We may share your data with trusted third parties where necessary, including:

  • Payment processors (e.g. Stripe)
  • Website hosting and infrastructure providers
  • Analytics providers
  • Professional advisers (accountants, insurers)
  • Regulatory or law-enforcement authorities where legally required

All third parties are required to handle your data lawfully and securely. We do not sell your personal data.

10. Email marketing

Where you opt in to receive marketing communications:

  • You may unsubscribe at any time
  • Every email will contain a clear unsubscribe link
  • Withdrawal of consent will not affect services already provided

11. Your data protection rights

Under UK GDPR, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure (where legally permitted)
  • Restrict or object to processing
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO contact: www.ico.org.uk

12. Third-party links

Our website may contain links to third-party websites. We are not responsible for their content or privacy practices and encourage you to review their policies separately.

13. Changes to this policy

We may update this Privacy Policy periodically. The latest version will always be available on our website, with the “Last updated” date amended accordingly.

14. Contact us

For privacy or data protection enquiries, please contact:
Email: [INSERT CONTACT EMAIL]