Here is the privacy policy for H L Skin Aesthetics:
PRIVACY POLICY
H L Skin Aesthetics www.hlaesthetics.co.uk Last updated: May 2026
1. Who We Are
H L Skin Aesthetics is a private aesthetic clinic operated by Hayley, a Level 4 qualified aesthetic practitioner based in Herne Bay, Kent, United Kingdom. We are committed to protecting your personal data and handling it responsibly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For any queries relating to this privacy policy, please contact us via www.hlaesthetics.co.uk.
2. What Information We Collect
We may collect and process the following personal information about you:
Your name, contact details including phone number and email address, and your address where relevant to your booking or consultation.
Health and medical information including your medical history, current medications, allergies, contraindications, and any other information relevant to the safe delivery of your treatment. This is classed as special category data under UK GDPR and is handled with the highest level of care.
Photographs taken before and after treatment for clinical records and, where you have provided explicit consent, for use in our treatment gallery or marketing materials.
Booking and appointment information including details of treatments received, dates of appointments, and any consultation notes.
Communications between us, including messages sent via WhatsApp or through our website contact form.
Payment information. Please note that we do not store card details. Payments are processed securely at the time of your appointment.
Website usage data collected via cookies. Please refer to our Cookie Policy at www.hlaesthetics.co.uk for full details.
3. How We Use Your Information
We use your personal information for the following purposes:
To manage your bookings, appointments, and consultations and to deliver your treatments safely and effectively.
To maintain accurate client records and clinical notes as required for the safe provision of aesthetic treatments.
To communicate with you regarding your appointments, aftercare, and any follow-up required.
To send you information about our treatments, offers, and news where you have given your consent to receive marketing communications. You can withdraw this consent at any time.
To comply with our legal and regulatory obligations.
To investigate and respond to any complaints or concerns.
4. Our Legal Basis for Processing Your Data
We process your personal data on the following legal grounds:
Contract—processing is necessary to fulfil your booking and deliver your treatment.
Legal obligation—we are required to retain certain records for regulatory and insurance purposes.
Legitimate interests—we may process your data where it is in our legitimate business interests to do so, provided this does not override your rights.
Consent—for marketing communications and for the use of photographs in our gallery or promotional materials, we will always ask for your explicit consent first.
For special category data such as health and medical information, we process this on the basis of it being necessary for the provision of healthcare and the management of healthcare systems.
5. How Long We Keep Your Data
We retain client records, including consultation notes and medical history, for a minimum of seven years following your last appointment in line with standard clinical record-keeping recommendations. Where records relate to a minor, they are retained until the individual reaches the age of 25.
Marketing consent records are retained until you withdraw your consent.
We will securely delete your data once it is no longer required.
6. Who We Share Your Data With
We do not sell, rent, or trade your personal data to any third party. We may share your data in the following limited circumstances:
With our insurance provider where required for clinical insurance purposes.
With third party service providers who support the running of our business, such as booking or payment platforms, where they are bound by data processing agreements and handle your data securely and in accordance with UK GDPR.
Where we are legally required to do so, for example in response to a court order or regulatory request.
7. Photographs and Marketing
We will only use before and after photographs or any other images of you for marketing, social media, or website purposes if you have given us your explicit written consent to do so. You have the right to withdraw this consent at any time. Withdrawing consent will not affect the lawfulness of any processing carried out prior to withdrawal.
8. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
The right to access the personal data we hold about you. You can request a copy of your data at any time free of charge.
The right to rectification. If any information we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.
The right to erasure. In certain circumstances, you have the right to ask us to delete your personal data. Please note that we may be unable to delete data that we are legally required to retain.
The right to restrict processing. You have the right to ask us to restrict the way we process your data in certain circumstances.
The right to data portability. You have the right to receive your personal data in a structured, commonly used format so that it can be transferred to another provider.
The right to object. You have the right to object to the processing of your data for direct marketing purposes at any time.
The right to withdraw consent. Where processing is based on your consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us via www.hlaesthetics.co.uk. We will respond to all requests within one calendar month.
9. Data Security
We take the security of your personal data seriously. We have appropriate technical and organisational measures in place to protect your data against unauthorised access, loss, destruction, or alteration. All client records are stored securely and access is restricted to authorised personnel only.
10. Third Party Websites
Our website may contain links to third party websites including our social media profiles on Facebook and Instagram. This privacy policy applies only to www.hlaesthetics.co.uk. We are not responsible for the privacy practices of any third party websites and encourage you to read their privacy policies before providing any personal information.
11. Cookies
We use cookies on our website. For full details of how we use cookies and how you can manage your preferences, please refer to our Cookie Policy at www.hlaesthetics.co.uk.
12. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated date at the top. We encourage you to review this policy periodically.
13. How to Complain
If you are unhappy with how we have handled your personal data, please contact us in the first instance via www.hlaesthetics.co.uk and we will do our best to resolve your concern.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection authority. You can contact the ICO at www.ico.org.uk or by calling 0303 123 1113.