1. Introduction

At Posh Skin Clinic, we are committed to protecting your privacy and ensuring that your personal data is handled securely and responsibly. This Privacy Policy outlines how we collect, use, store, and protect your personal information in compliance with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

By accessing our services, visiting our clinic, or using our website, you agree to the practices described in this policy.

2. Personal Data We Collect

We collect and process personal data in several ways, including but not limited to:

a. Data You Provide to Us

• Identity Data: Name, date of birth, gender.
• Contact Data: Address, email, phone number.
• Medical Data: Relevant health information for treatments (with explicit consent).
• Payment Data: Card details and transaction history (processed securely through third-party payment providers).
• Communication Data: Records of your interactions with us, including emails, messages, and feedback.

b. Data We Automatically Collect

• Technical Data: IP address, browser type, device information.
• Usage Data: Information on how you use our website and services.
• CCTV Footage: We operate 24-hour CCTV surveillance in our reception and waiting areas for safety and security.

3. Legal Basis for Processing Data

We process your personal data based on the following lawful grounds:

• Contractual Obligation: When processing is necessary to fulfill a service you have requested.
• Legal Compliance: To meet legal obligations (e.g., record-keeping, fraud prevention).
• Legitimate Interests: When processing is necessary for business operations, customer service, and security.
• Consent: Where you have given explicit consent (e.g., for marketing communications or medical history processing).

4. How We Use Your Data

We use your personal data for the following purposes:

• Providing Services: Booking appointments, conducting consultations, performing treatments.
• Processing Payments: Securely handling transactions.
• Marketing & Promotions: Sending promotional offers (with your consent).
• Customer Support: Handling inquiries, complaints, and feedback.
• Security & Safety: Monitoring CCTV footage for security and incident resolution.

We do not sell or share your data with unauthorized third parties.

5. Data Sharing and Third-Party Access

We may share your data with:

• Service Providers: Payment processors, booking platforms, IT support services.
• Law Enforcement Authorities: If required by law or in cases of security incidents.
• Professional Advisors: Accountants, lawyers, or insurers where necessary.

All third parties are required to comply with strict data security measures and privacy standards.

6. Data Retention

We only retain your personal data for as long as necessary:

• Client records: Retained for up to 7 years for legal and regulatory purposes.
• CCTV footage: Stored for 30 days unless required for investigations.
• Marketing data: Retained until you opt out.

Once the retention period expires, data is securely deleted or anonymized.

7. Your Rights

You have the following rights under UK GDPR:

• Right to Access: Request copies of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data (subject to legal obligations).
• Right to Restrict Processing: Limit how we use your data in certain circumstances.
• Right to Data Portability: Request a transfer of your data.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for marketing communications.

To exercise these rights, contact us at [email protected].

8. Data Security Measures

We take strict measures to safeguard your personal data:

• Encryption: Secure storage of sensitive data.
• Access Controls: Restricted access to personal information.
• Firewall & Security Systems: Protection against cyber threats.
• Regular Audits: Ensuring compliance with data protection laws.

9. Marketing Communications

With your explicit consent, we may send marketing emails or SMS promotions. You can opt out at any time by:

• Clicking the “unsubscribe” link in emails.
• Contacting us at [email protected].

We do not engage in excessive marketing or spam communications.

10. CCTV & Security Monitoring

For the safety of our clients and staff, Posh Skin Clinic operates 24-hour CCTV monitoring in reception and waiting areas. Footage is used solely for security, crime prevention, and dispute resolution. We comply with UK privacy laws regarding CCTV use.

For more information, refer to our CCTV Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted with an updated Last Revised date. We encourage you to review this policy regularly.

12. Contact Us

For questions, concerns, or data protection inquiries, contact us:

📍 Posh Skin Clinic
📍 33 Saint Georges Walk, Croydon, CR0 1YL
📞 020 8681 2121
✉️ [email protected]
🌍 Website: www.poshclinic.co.uk

For complaints, you may also contact the UK Information Commissioner’s Office (ICO):
🔗 www.ico.org.uk