Glasgow's Premier Aesthetic ClinicBook a Consultation
Glasgow Aesthetic Clinic

Privacy Policy

Last updated: February 2026

1. Introduction

Glasgow Aesthetic Clinic ("we", "our", "us") is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at glasgowaestheticclinic.co.uk or use our services. By using our website, you acknowledge that you have read and understood this policy.

2. Data Controller

Glasgow Aesthetic Clinic is the data controller responsible for your personal data. If you have any questions about this policy or our data practices, you may contact us at:

Email: [email protected]

3. Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by Article 6 of the UK GDPR:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to our newsletter or accepting cookies.
  • Contract: Where processing is necessary for the performance of a contract with you, such as providing aesthetic treatments you have booked.
  • Legitimate Interest: Where processing is necessary for our legitimate interests, such as improving our services and website, provided these interests do not override your fundamental rights.
  • Legal Obligation: Where processing is necessary to comply with a legal obligation, such as maintaining medical records as required by healthcare regulations.

4. Information We Collect

We may collect and process the following categories of personal data:

Identity Data

  • Full name
  • Date of birth

Contact Data

  • Email address
  • Postal address

Special Category Data

  • Medical history relevant to aesthetic treatments
  • Treatment records and clinical notes
  • Before and after photographs (with explicit consent)

Technical Data

  • IP address and browser type
  • Device information and operating system
  • Pages visited and browsing patterns
  • Referring website addresses

5. How We Use Your Information

We use your personal data for the following purposes:

  • To provide, manage, and deliver your aesthetic treatments safely and effectively
  • To respond to your enquiries and consultation requests via email
  • To send appointment reminders and aftercare information
  • To maintain accurate medical records as required by healthcare regulations
  • To improve our website, services, and client experience
  • To analyse website usage patterns through anonymised analytics
  • To comply with legal and regulatory obligations

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device when you visit our website. We use the following types of cookies:

Cookie TypePurposeDuration
EssentialRequired for the website to function properly, including cookie consent preferencesSession / 1 year
AnalyticsHelp us understand how visitors interact with our website through anonymised usage dataUp to 2 years

You can manage your cookie preferences at any time through the cookie consent banner on our website, or by adjusting your browser settings. Please note that disabling essential cookies may affect the functionality of our website.

7. Data Sharing and Third Parties

We do not sell, trade, or rent your personal data to third parties. We may share your data with:

  • Service Providers: Trusted third-party providers who assist us in operating our website and delivering our services, subject to strict data processing agreements.
  • Legal Requirements: Where we are required to disclose your data by law, regulation, or court order.
  • Professional Advisers: Including lawyers, accountants, and insurers where necessary.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Medical records are retained for a minimum of 10 years in accordance with healthcare regulations
  • Contact and enquiry data is retained for up to 3 years after your last interaction with us
  • Website analytics data is anonymised and retained for up to 2 years

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data transmission (SSL/TLS), secure server infrastructure, access controls, and regular security assessments. All medical records are stored securely in accordance with NHS and regulatory guidelines.

10. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data where we rely on legitimate interest as our lawful basis.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by law.

11. International Data Transfers

We do not routinely transfer your personal data outside the United Kingdom. In the event that any data transfer outside the UK is necessary, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO), to protect your data.

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately so that we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

14. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Website: ico.org.uk

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at [email protected].