Privacy Policy

1. Introduction

This Privacy Policy explains how Smile Skin Sculpt collects, uses, and protects your personal data. As an aesthetics and skincare provider, we handle sensitive personal information with a high degree of confidentiality and integrity.

We are committed to protecting your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Smile Skin Sculpt is a professional aesthetic and skincare clinic providing non-surgical treatments including skin rejuvenation, dermal fillers, anti-wrinkle injections, and more. We are the data controller, which means we are responsible for deciding how we hold and use personal information about you.

3. What Personal Data We Collect

We collect the following types of data depending on your interaction with us:

a. Identity and Contact Data

• Full name
• Date of birth
• Email address
• Phone number
• Address

b. Health and Medical Data (Special Category Data)

• Medical history and current conditions
• Allergies and contraindications
• GP details
• Treatment history and photos
• Informed consent and aftercare documentation

c. Technical and Usage Data

• IP address
• Browser type and version
• Device identifiers
• Site usage (pages visited, session duration)

d. Marketing and Communication Data

• Preferences for receiving updates, offers, or promotions
• Correspondence history

4. How We Collect Your Data

We collect data in the following ways:

• Directly from you via contact forms, appointment bookings, consent forms, or consultations.
• Automatically through cookies and tracking technologies on our website.
• From third-party platforms (e.g., payment processors or booking systems) when relevant.

5. Why We Process Your Data

We only process your data when legally permitted. The primary purposes include:

6. Sharing Your Personal Data

We may share your information with the following, under strict confidentiality:

• Medical professionals (where clinically appropriate or in emergencies)
• Third-party service providers (e.g., booking software, IT support, marketing tools)
• Regulators and legal authorities (when required by law)
• Our professional advisors (accountants, insurers, solicitors)

We never sell or rent your personal data.

7. How We Store and Protect Your Data

We implement strict physical, technical, and administrative safeguards to protect your data:

• Encrypted devices and secure cloud storage
• Password-protected systems
• Role-based access for staff
• Regular data protection training

We retain your data for as long as necessary to fulfill the purposes outlined above or as required by law (e.g., medical record retention requirements — usually 8 years).

8. Your Rights Under Data Protection Law

You have rights regarding your personal data. You can:

• Access – Request a copy of the data we hold
• Rectify – Request correction of inaccurate data
• Erase – Request deletion of your data in certain circumstances
• Restrict – Ask us to suspend processing
• Object – Object to processing based on legitimate interests
• Portability – Ask for your data in a format transferable to another provider
• Withdraw Consent – Where you have given explicit consent (e.g. marketing), you may withdraw it at any time

To exercise these rights, contact us at [email protected].

9. Cookies and Tracking Technologies

Our website uses cookies to:

• Monitor traffic and browsing behavior
• Enhance user experience
• Remember preferences

You can manage cookie preferences via your browser settings.

10. Marketing Communications

With your explicit consent, we may send you emails or SMS about our services, promotions, or events. You can unsubscribe at any time by clicking the link in the message or contacting us.

11. Updates to This Policy

We may update this Privacy Policy occasionally to reflect changes in the law or our practices. The latest version will always be posted on our website with the effective date clearly noted.