Privacy Policy
This privacy policy explains how Refined Medical Aesthetics ("we", "us", "our") collects, uses, stores and protects information about you when you visit our website, contact us, or book a treatment with us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who we are
- Data controller: Refined Medical Aesthetics, run by Rachel Storey (Nurse Rachel — NMC-registered nurse and Independent Prescriber V300).
- Address: Double Row, Seaton Delaval, Whitley Bay, NE25 0PP, United Kingdom.
- Email: [email protected]
- Phone / WhatsApp: 07583 321635
- ICO registration: If you would like to confirm our ICO registration status, please contact us using the details above.
What information we collect
Information you give us directly
- Booking information — when you book a consultation or treatment: your name, email address, phone number, date of birth, address, gender (where relevant), the treatment you're interested in, and any additional information you choose to share with the practitioner.
- Medical information — at your in-person consultation: a medical history, photographs of the treatment area (with your consent), notes about your goals, and consent forms for treatments you go on to receive. This is special-category health data and is held to a higher standard of protection.
- Marketing sign-up — when you join the VIP list or submit our pop-up form: your email address, and your consent to receive marketing communications about offers and treatments.
- Direct contact — when you email, phone, WhatsApp or DM us on Instagram: the message you send and any contact details you share.
Information collected automatically when you use the website
- Cookies and similar technologies — see our Cookie Policy for the full list. Non-essential cookies (analytics and advertising) only fire after you give consent on the cookie banner.
- Server logs — your IP address, browser type, pages visited, and timestamp. Used for security and abuse prevention only; not linked back to you.
How we use your information, and our lawful basis for doing so
| What we use it for | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Booking and delivering treatments to you | Performance of a contract (Art. 6(1)(b)) |
| Holding your medical records and consent forms | Provision of healthcare (Art. 9(2)(h)) |
| Sending you marketing emails after you opt in | Consent (Art. 6(1)(a)) — withdrawable at any time via the unsubscribe link or by emailing us |
| Running our website analytics (after consent) | Consent (Art. 6(1)(a)) via the cookie banner |
| Showing you adverts on Meta (Facebook / Instagram) and Google after you've visited our site | Consent (Art. 6(1)(a)) via the cookie banner |
| Replying to enquiries you send us | Legitimate interests (Art. 6(1)(f)) — to respond to a question you've asked |
| Keeping financial records of treatments paid for | Legal obligation (Art. 6(1)(c)) — UK tax law |
Who we share your information with
We only share your information with the third parties listed below, and only for the specific purpose noted. We don't sell your data, ever.
| Third party | What they do for us |
|---|---|
| Aesthetic Nurse Software (current booking platform — being replaced) | Hosts our online booking form. Your booking details are held on their servers. |
| Pabau (incoming booking and clinic-management system) | Will replace the above. Will hold booking details, medical notes, and marketing consent. |
| Meta (Facebook / Instagram) | Cookies + Conversions API for advertising and remarketing. Only after you give consent. Personal identifiers are hashed before being sent. |
| Google (Analytics + Ads + Tag Manager) | Cookies for analytics and advertising. Only after you give consent. Anonymised IP only. |
| FormSubmit (formsubmit.co) | Forwards email-form submissions from the website to our inbox. |
| Chatbase | Powers the on-site chat assistant. Conversations are processed to provide responses. |
| SociableKit | Embeds our public Google reviews on the website. Does not handle your personal data. |
| Klarna | Where you choose Pay-in-3, Klarna handles the payment and is the data controller for that transaction. See Klarna's own privacy notice. |
| Netlify | Hosts the website. Sees standard server logs. |
| Cloudflare | Provides DNS and content-delivery / security in front of the website. |
Some of these providers process data outside the UK, including in the EEA and the United States. Where this happens, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an applicable adequacy decision to keep your information protected to UK GDPR standards.
How long we keep your information
- Medical records and treatment consent forms — kept for 7 years from the date of your last treatment, in line with professional guidance for healthcare records in England.
- Booking records (non-medical) — kept for 6 years to meet UK tax and accounting record-keeping requirements.
- Marketing consent and communications — kept until you withdraw consent, after which your details are removed from the marketing list within 30 days.
- Website analytics data — kept for up to 14 months in Google Analytics (the shortest retention setting available).
- Server logs — kept for up to 30 days, then automatically deleted.
Your rights under the UK GDPR
You have the right to:
- Be informed about how we use your data — that's what this policy is.
- Access the personal data we hold about you (a "subject access request").
- Have inaccurate data corrected.
- Have your data erased in certain circumstances.
- Restrict how we use your data in certain circumstances.
- Object to certain uses of your data (especially marketing).
- Move your data to another provider where we hold it under consent or contract.
- Withdraw consent for marketing or analytics at any time. Withdrawing consent does not affect the lawfulness of processing we did before you withdrew it.
To exercise any of these rights, email us at [email protected]. We aim to respond within one calendar month. There is normally no charge.
Cookies and similar technologies
We use cookies and similar technologies to make the site work, to understand how it's used, and (with your consent) to advertise to you. Strictly necessary cookies are always on; everything else is opt-in via the cookie banner you saw when you arrived. You can change your choices at any time via the "Cookie preferences" link in the footer. See our Cookie Policy for the full list of cookies we use.
Children
We do not provide aesthetic treatments to anyone under 18, and we do not knowingly collect personal data from children. Our advertising is targeted only at adults aged 18 and over.
Changes to this policy
We may update this policy from time to time — for example, when we add a new platform like Pabau. The date at the top of this page tells you when it was last revised. Where the change is significant, we'll let you know directly if we hold a contact address for you.
Complaints
If you're unhappy with how we've handled your data, please contact us first — we'll always try to resolve it. If you're still not satisfied, you can complain to the UK Information Commissioner's Office:
- Website: ico.org.uk
- Phone: 0303 123 1113
For the cookies we use and how to control them, please see our Cookie Policy.