Privacy Policy

Last updated: January 2025

Introduction

Dr SNA Clinic ("we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Information We Collect

Personal Information

  • Name, date of birth, and contact details (address, phone number, email)
  • Medical history and health information relevant to your treatment
  • Photographs for medical records and treatment planning
  • Payment and billing information
  • Appointment and consultation records

Automatically Collected Information

  • Website usage data (IP address, browser type, pages visited)
  • Cookies and similar technologies (see our Cookie Policy)

How We Use Your Information

We use your personal information for the following purposes:

  • To provide medical and aesthetic treatments
  • To maintain accurate medical records
  • To communicate with you about appointments and treatments
  • To process payments and billing
  • To comply with legal and regulatory obligations
  • To improve our services and website experience
  • To send you marketing communications (with your consent)

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: For marketing communications and non-essential cookies
  • Contract: To provide treatments and services you've requested
  • Legal Obligation: To comply with medical and healthcare regulations
  • Legitimate Interests: To improve our services and ensure clinic security

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Secure, encrypted storage systems
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection
  • Secure disposal of records when no longer needed

Data Retention

We retain your medical records for a minimum of 8 years from the date of your last treatment, in accordance with General Medical Council (GMC) guidelines. Marketing data is retained until you withdraw consent.

Your Rights

Under UK GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

Third-Party Sharing

We do not sell your personal data. We may share your information with:

  • Healthcare professionals involved in your care
  • CQC and other regulatory bodies (when required by law)
  • Insurance companies (with your consent)
  • Payment processors for billing purposes
  • IT service providers who support our systems

Cookies and Tracking

Our website uses cookies to improve your browsing experience. For detailed information, please see our Cookie Policy.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: privacy@drsnaclinic.com
  • Phone: +44 7955 836986
  • Address: Wimpole Street, London

Complaints

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page with the updated date at the top.