PRIVACY NOTICE

(UK GDPR & Data Protection Act 2018 Compliant)

Effective Date: 27/02/2026
Review Date: 27/02/2027

1. WHO WE ARE

The Aesthetics Collective is an independent medical aesthetics clinic based in Lanarkshire, Scotland.

For the purposes of data protection law, we are the Data Controller of your personal data.

Data Controller:
The Aesthetics Collective
106 Hamilton Road, Motherwell
Email: mail@theaestheticscollective.com
Telephone: 01698 537353

If you have any questions about this notice, please contact us using the details above.

2. WHAT INFORMATION WE COLLECT

Because we provide medical treatments, we collect both personal data and special category health data.

Personal Information

  • Name

  • Address

  • Date of birth

  • Contact details (phone/email)

  • Emergency contact details

  • GP details

  • Payment information (processed securely via third-party provider)

Special Category Data (Health Information)

  • Medical history

  • Medications

  • Allergies

  • Treatment history

  • Photographs (clinical documentation)

  • Psychological screening information (where relevant)

3. WHY WE COLLECT YOUR DATA

We collect your information to:

  • Assess your suitability for treatment

  • Deliver safe medical care

  • Maintain accurate clinical records

  • Communicate appointment details

  • Manage complications or follow-up care

  • Comply with legal and regulatory obligations

  • Meet Healthcare Improvement Scotland standards

  • Process payments

We will never collect unnecessary data.

4. LAWFUL BASIS FOR PROCESSING

Under UK GDPR, we process your data under:

Article 6 (Lawful Basis)

  • 6(1)(b) – Contract (to provide your treatment)

  • 6(1)(c) – Legal obligation (healthcare regulation)

  • 6(1)(f) – Legitimate interest (clinic administration)

Article 9 (Special Category Data)

  • 9(2)(h) – Provision of health care and treatment

  • 9(2)(a) – Explicit consent (for clinical photography if used beyond record keeping)

5. HOW YOUR DATA IS STORED

We take data security extremely seriously.

Your information is stored:

  • On encrypted, password-protected systems

  • In secure clinical software (if applicable)

  • In locked cabinets (if paper records)

  • With restricted staff access

  • With role-based permissions

  • With audit trails (where digital systems allow)

We comply with NHS Scotland and ICO best-practice standards for healthcare data security.

6. HOW LONG WE KEEP YOUR DATA

In accordance with Scottish health record retention guidance:

  • Adults: Minimum 8 years after last treatment

  • Children: Until age 25 (or 8 years after last entry, whichever is longer)

After this period, records are securely destroyed.

7. WHO WE SHARE YOUR DATA WITH

We only share your data when necessary:

  • Your GP (with consent or where clinically necessary)

  • Emergency services (if required)

  • Healthcare Improvement Scotland (if legally required)

  • Our professional indemnity insurers (if claim arises)

  • Secure third-party booking or payment providers

We never sell your data.

8. CLINICAL PHOTOGRAPHY

Photographs may be taken:

  • For clinical documentation

  • To monitor treatment progress

These are stored securely as part of your medical record.

If we wish to use images for:

  • Marketing

  • Social media

  • Training

We will obtain separate written consent, and you may withdraw this at any time.

9. YOUR RIGHTS UNDER GDPR

You have the right to:

  • Access your data (Subject Access Request)

  • Request correction of inaccurate information

  • Request erasure (where legally permissible)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent (where applicable)

Requests must be made in writing. We will respond within one month.

10. COMPLAINTS

If you are unhappy with how your data is handled, please contact us first.

You also have the right to complain to:

Information Commissioner's Office
Website: www.ico.org.uk
Telephone: 0303 123 1113

11. DUTY OF CANDOUR

In accordance with Scottish law, if a serious adverse event occurs, we have a legal duty to inform you openly and transparently. This may involve documentation sharing where appropriate.

12. WEBSITE & COOKIES

If you use our website:

  • Cookies may collect anonymised usage data

  • Analytics tools may track traffic patterns

  • Online booking platforms process your data securely

You can manage cookie settings in your browser.

13. CHANGES TO THIS NOTICE

We review this notice annually or when regulations change. The latest version will always be available in clinic and on our website.