Regener8 Aesthetics is committed to protecting your personal data. This policy explains what information we collect, why we collect it, how we use it and your rights under UK GDPR and the Data Protection Act 2018.
1. Who We Are
Regener8 Aesthetics is the data controller for the personal information you provide to us. We are a small aesthetics clinic operating in England.
Contact details:
Email: bookings@regener8aesthetics.com
WhatsApp: WhatsApp: 07800 935568
If you have any questions about how we handle your data, or wish to exercise any of your rights, please contact us using the details above.
2. What Personal Data We Collect
Information you provide directly
- Full name, email address and telephone number
- Date of birth (where required for treatment suitability)
- Medical history, current medications and health conditions relevant to your treatment
- Details of previous aesthetic treatments
- Messages and enquiries submitted via our website contact form
- Booking details and appointment preferences
- Consent and medical history forms completed via the Faces Consent platform
Information collected automatically
- Browser type, device type and operating system
- Pages visited and time spent on our website
- IP address and approximate geographic location
- Referring website or search terms used to find us
We do not collect automatically collected data in a way that identifies you personally without your knowledge.
3. Why We Collect Your Data and Our Lawful Basis
We only process your personal data where we have a lawful basis to do so under UK GDPR.
To provide our services (Contract performance — Article 6(1)(b))
- Processing your booking and consultation appointment
- Carrying out your treatment and maintaining a record of it
- Sending appointment reminders and aftercare instructions
Health data — special category (Explicit consent — Article 9(2)(a))
- Recording your medical history, health conditions and medications
- Assessing your suitability for treatments
- Maintaining clinical treatment records
You will be asked to provide explicit consent for us to process this health data before your consultation. You may withdraw consent at any time, though this may affect our ability to provide treatment.
To respond to enquiries (Legitimate interests — Article 6(1)(f))
- Responding to messages submitted via our contact form
- Following up on enquiries where you have initiated contact with us
Legal and regulatory obligations (Legal obligation — Article 6(1)(c))
- Retaining clinical records as required by applicable guidance
- Cooperating with regulatory authorities where required by law
4. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purpose for which it was collected.
- Clinical records (including treatment history and medical history): minimum 8 years from the date of last treatment, in line with NHS and aesthetic industry guidance. For clients who were under 18 at the time of treatment, records are retained until the client's 25th birthday or for 8 years, whichever is longer.
- Enquiry and contact form data: up to 2 years from the date of your last contact, unless you have become a client.
- Website analytics data: in line with the retention period set by the relevant analytics tool (typically 14–26 months).
After the applicable retention period, data is securely deleted or anonymised.
5. Who We Share Your Data With
We do not sell your personal data. We share it only where necessary and with appropriate safeguards in place.
Faces Consent
We use Faces Consent, a UK-based aesthetic booking and digital consent platform, to manage appointment bookings, medical history forms and consent documentation. Faces Consent processes your data as a data processor on our behalf. Their own privacy policy governs their handling of your data.
Service providers
- IT and website hosting providers
- Email service providers used to send appointment confirmations
All third-party processors are required to process your data only in accordance with our instructions and under appropriate data processing agreements.
Legal disclosure
We may disclose your data where required to do so by law, court order or regulatory authority.
6. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
- Right of access — you may request a copy of the personal data we hold about you (Subject Access Request).
- Right to rectification — you may ask us to correct inaccurate or incomplete data.
- Right to erasure — you may ask us to delete your data in certain circumstances, subject to our legal and clinical record-keeping obligations.
- Right to restrict processing — you may ask us to restrict the processing of your data in certain circumstances.
- Right to data portability — where processing is based on consent or contract, you may ask us to provide your data in a structured, machine-readable format.
- Right to object — you may object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at bookings@regener8aesthetics.com. We will respond within one calendar month.
7. Data Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. These include secure data storage, restricted access to client records, and the use of reputable third-party platforms with appropriate security certifications.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Transfers Outside the UK
We aim to keep your personal data within the UK and European Economic Area (EEA). Where any third-party service providers are based outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements before any transfer takes place.
9. Complaints
If you are unhappy with how we have handled your data, please contact us in the first instance so that we can try to resolve your concern.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.
- Website: ico.org.uk
- Helpline: 0303 123 1113
10. Changes to This Policy
We may update this Privacy Policy from time to time. The most current version will always be published on this page with the date it was last updated. We encourage you to review this page periodically.