Privacy Policy

Last updated:

SRC ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This policy explains what information we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR).

1. Who We Are

SRC is an aesthetics clinic based in the United Kingdom. For any privacy-related queries, please contact us directly via the contact form on our website.

2. Information We Collect

We may collect and process the following personal data:

• Identity & contact information — name, email address, phone number
• Booking information — appointment dates, treatment preferences, consultation notes
• Health information — relevant medical history required for safe treatment (treated as special category data)
• Usage data — pages visited, browser type, IP address (collected via cookies)

3. How We Use Your Information

We use your personal data to:

• Book and manage your appointments
• Provide safe and appropriate treatments
• Send appointment reminders and follow-up communications
• Respond to enquiries submitted via our website
• Improve our website and services
• Comply with our legal and regulatory obligations

4. Legal Basis for Processing

We process your data under the following lawful bases:

• Contract — to fulfil a booking or service you have requested
• Legitimate interests — to improve our services and communicate with clients
• Legal obligation — where required by law
• Explicit consent — for special category health data and marketing communications

5. Data Retention

We retain client records for a minimum of 7 years in line with medical and regulatory requirements. Marketing consent data is held until you withdraw consent. Website usage data is retained in line with our cookie settings.

6. Sharing Your Data

We do not sell your personal data. We may share data with trusted third parties where necessary, including booking platform providers, payment processors, and our website hosting provider (Custom Launch). All third parties are required to handle your data securely and in accordance with UK GDPR.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict how we process your data
• Withdraw consent at any time (where consent is the legal basis)
• Lodge a complaint with the ICO at ico.org.uk

To exercise any of these rights, please contact us via our website.

8. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Our website is hosted on a secure platform managed by Custom Launch.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page will reflect any changes. We encourage you to review this page periodically.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please get in touch via the contact form on our website.