1. Introduction

Welcome to DermaVeritas. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you visit our clinic, use our services, or interact with our website.

DermaVeritas is the data controller for the personal information we collect about you. We are registered in the United Kingdom and operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect different types of information depending on how you interact with our services:

Personal Information

• Name, address, telephone number, and email address
• Date of birth and age
• Emergency contact information
• Payment and billing information
• Communication preferences

Medical and Treatment Information

• Medical history relevant to aesthetic treatments
• Current medications and allergies
• Treatment records and consultation notes
• Before and after photographs (with your consent)
• Treatment outcomes and progress notes

Website and Digital Information

• IP address and browser information
• Website usage patterns and preferences
• Cookies and tracking data
• Information from contact forms and online bookings

3. How We Use Your Information

We use your personal information for the following purposes:

Treatment and Care

• Providing aesthetic and skincare treatments
• Conducting consultations and assessments
• Monitoring your progress and treatment outcomes
• Ensuring your safety and wellbeing
• Following up on treatments and addressing concerns

Administrative Purposes

• Scheduling and managing appointments
• Processing payments and managing accounts
• Communicating about treatments and services
• Handling enquiries and providing customer support
• Maintaining accurate treatment records

Marketing and Communication

• Sending promotional materials about our services (with your consent)
• Providing updates about new treatments and special offers
• Conducting satisfaction surveys and feedback collection

4. Legal Basis for Processing

Under UK GDPR, we must have a legal basis for processing your personal information. We rely on the following legal bases:

• Consent: When you provide explicit consent for specific uses of your data, such as marketing communications or treatment photographs
• Contract: When processing is necessary to fulfill our contractual obligations to provide you with treatments and services
• Legal Obligation: When we must process your data to comply with legal requirements, such as maintaining medical records
• Legitimate Interest: When processing is necessary for legitimate business purposes, such as improving our services, provided this doesn't override your rights

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Healthcare Professionals: With your consent, we may share relevant information with your GP or other healthcare providers
• Service Providers: With trusted third parties who assist us in operating our clinic, such as appointment booking systems or payment processors
• Legal Requirements: When required by law, court order, or to protect the rights and safety of our patients and staff
• Professional Bodies: If required for regulatory compliance or professional oversight

6. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal information:

• Right of Access: You can request a copy of the personal information we hold about you
• Right to Rectification: You can ask us to correct any inaccurate or incomplete information
• Right to Erasure: You can request deletion of your personal information in certain circumstances
• Right to Restrict Processing: You can ask us to limit how we use your information
• Right to Data Portability: You can request your data in a structured, commonly used format
• Right to Object: You can object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: You can withdraw consent at any time where we rely on consent for processing

To exercise any of these rights, please contact us using the details provided at the end of this policy. We will respond to your request within one month.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience and provide personalized services.

Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly
• Performance Cookies: Help us understand how visitors interact with our website
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

You can manage your cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of our website.

8. How We Store and Secure Your Data

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures

• Encrypted data transmission and storage
• Regular security assessments and updates
• Access controls and staff training
• Secure backup and recovery procedures
• Regular monitoring for security breaches

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Medical records are typically retained for 8 years after your last treatment, in accordance with professional guidelines.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "Last updated" date.

We encourage you to review this policy regularly to stay informed about how we protect your privacy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit ico.org.uk for more information.