Privacy Policy

Introduction

Derma Beauty Clinic (“we,” “our,” or “us”) is committed to safeguarding your privacy and ensuring that your personal information is protected. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services or visit our websites, whether you are located in the United Kingdom or the United States.

1. Information We Collect

• Identity & Contact Data: Name, address, phone number, email address.
• Medical & Treatment Data: Information shared during consultations, health history relevant to treatments, treatment notes, and before/after photographs (with consent).
• Transaction Data: Payment details and booking history.
• Technical Data: IP address, browser type, device data, and cookies.
• Marketing & Communications: Preferences regarding communications and promotions.

2. How We Use Your Information

• Provide safe, high-quality treatments.
• Manage bookings, billing, and payments.
• Maintain accurate patient and medical records.
• Communicate appointment reminders and important updates.
• Send marketing communications (where permitted and with consent).
• Improve our services, websites, and patient experience.
• Comply with legal and regulatory obligations.

3. Legal Basis for Processing (UK & EU Visitors)

If you are located in the UK or EU, we process your personal data under the UK GDPR / Data Protection Act 2018 based on the following legal grounds:
• Consent (e.g., marketing or photographs).
• Performance of a contract (e.g., bookings, treatments).
• Legal obligations (e.g., record keeping).
• Legitimate interests (e.g., clinic management, service improvements).

4. US Visitors – Patient Privacy

If you are located in the USA, we follow strict confidentiality practices similar to HIPAA principles. Your medical and treatment information is:
• Only shared with authorised staff involved in your care.
• Not disclosed to third parties without your consent, unless required by law. • Protected by secure systems to prevent unauthorised access.

5. Sharing of Information

We do not sell your data. We may share information with:
• Licensed medical professionals or staff directly involved in your care.
• Payment providers for secure transactions.
• IT, hosting, and booking software providers under strict confidentiality agreements. • Regulators, insurers, or legal authorities where legally required.

6. Data Retention

• Medical Records: Retained for a minimum of 7 years (UK healthcare standard). Financial Records: Retained for 6 years (tax/accounting compliance).
• Marketing Data: Retained until you withdraw consent.

7. International Data Transfers

Because we operate in both the UK and USA, your data may be transferred between these regions. We ensure that adequate safeguards (such as Standard Contractual Clauses) are in place to protect your information.

8. Cookies & Website Tracking

Our websites use cookies to:
• Enable core functionality.
• Analyse site traffic and performance.
• Personalise your experience.
You can manage or disable cookies in your browser settings.

9. Your Rights

Depending on your location, you may have the right to:
• Access the information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your data (subject to legal/medical obligations).
• Restrict or object to certain processing.
• Withdraw consent at any time.
• In the UK/EU: lodge a complaint with the ICO (Information Commissioner’s Office). • In the US: raise concerns with your state’s consumer protection authority.

10. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us:
■ Email (UK): londonappointments@derma-beauty-clinic.com
■ Email (US): miamiappointments@derma-beauty-clinic.com
■ UK Phone: [Insert number]
■ US Phone: 786-557-8985