GDPR / PRIVACY POLICY

Manchester Medical Aesthetics – Privacy Policy

Manchester Medical Aesthetics is committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Manchester Medical Aesthetics is the data controller responsible for your personal information.

What Information We Collect

We may collect and process the following data:

Personal Information

  • Name, date of birth, contact details

  • Address, email, phone number

Medical Information

  • Medical history and health conditions

  • Treatment records and consultation notes

  • Photographs (with consent)

Technical Data

  • Website usage data (via cookies, analytics tools)

How We Use Your Information

We use your data to:

  • Provide safe and appropriate treatments

  • Maintain accurate medical records

  • Communicate with you about appointments and aftercare

  • Comply with legal and regulatory obligations

  • Improve our services

Legal Basis for Processing

We process your data under the following lawful bases:

  • Consent (e.g. for treatment and photography)

  • Contractual obligation (to provide services)

  • Legal obligation (medical record keeping)

  • Legitimate interests (service improvement and communication)

Medical data is treated as special category data and handled with additional safeguards.

How We Store Your Data

  • Data is stored securely using password-protected systems

  • Paper records (if any) are stored in locked cabinets

  • Access is restricted to authorised personnel only

We retain medical records in line with legal requirements (typically 7–8 years).

Sharing Your Data

We will never sell your data.

Your information may be shared with:

  • Regulatory bodies if required

  • Medical professionals (where necessary for your care)

  • Secure software providers (e.g. booking or CRM systems)

All third parties are required to comply with GDPR.

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (where applicable)

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

To exercise your rights, contact us at: [Insert Email]

Cookies

Our website may use cookies to improve user experience and track performance. You can manage cookie preferences via your browser settings.

Complaints

If you have concerns about how your data is handled, please contact us first.

You also have the right to lodge a complaint with the
Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk

Policy Updates

This policy may be updated periodically. The latest version will always be available on our website.