Privacy Policy

Last updated: 2026-03-18

This Privacy Policy explains how SkinVital Clinic (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit our website, contact us, book an appointment, purchase products, subscribe to marketing communications, or receive treatment from us.

We are committed to handling your personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy and healthcare confidentiality requirements.

1. Who We Are

SkinVital Clinic
11 Woodmansterne St
Banstead SM7 3NW
United Kingdom

Email: info@skinvitalclinic.co.uk
Phone: +44 (0)7503 818961

Company number: 15437378

For the purposes of data protection law, SkinVital Clinic is the data controller of your personal data.

2. The Information We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

2.1 Identity and Contact Data

  • full name

  • date of birth

  • postal address

  • email address

  • telephone number

  • emergency contact details where relevant

2.2 Appointment and Enquiry Data

  • appointment requests

  • treatment interests

  • consultation forms

  • communications by phone, email, website form, social media, or messaging platforms

  • appointment history and follow-up records

2.3 Health and Special Category Data

Because we provide aesthetic and related clinical services, we may collect sensitive health information such as:

  • medical history

  • allergies

  • current medications

  • pregnancy or breastfeeding status

  • previous treatments and procedures

  • treatment suitability information

  • consultation notes

  • consent forms

  • clinical records

  • treatment plans

  • test results where applicable

  • prescription-related information

  • before and after photographs where relevant

2.4 Payment and Transaction Data

  • billing address

  • payment records

  • invoices and receipts

  • order history

  • product purchase details

We do not usually store full payment card details ourselves. Payments are typically processed by secure third-party payment providers.

2.5 Website and Technical Data

When you use our website, we may collect:

  • IP address

  • browser type and version

  • device type

  • operating system

  • pages visited

  • time spent on pages

  • referral source

  • cookie and analytics data

  • form submissions and on-site interactions

2.6 Marketing Data

  • your communication preferences

  • whether you have subscribed to emails, newsletters, promotions, or special offers

  • engagement with our marketing emails or campaigns

This reflects the type of data aesthetic clinics typically collect for treatment, booking, payments, clinical records, photos, prescriptions, marketing preferences, and website analytics.

3. How We Collect Your Data

We collect personal data in a number of ways, including when you:

  • visit our website

  • fill in a contact form or booking form

  • contact us by email, telephone, social media, or messaging apps

  • book, reschedule, or cancel an appointment

  • attend a consultation or treatment

  • complete medical history or consent forms

  • purchase skincare or other products

  • subscribe to receive updates or promotions

  • leave a review or feedback

  • interact with our website through cookies and analytics tools

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 To Provide Services and Treatment

  • assess your suitability for treatment

  • deliver aesthetic, skin, wellness, and related services

  • maintain accurate clinical records

  • provide follow-up care

  • manage prescriptions where applicable

  • communicate relevant treatment information

4.2 To Manage Appointments and Administration

  • book and confirm appointments

  • send reminders

  • reschedule or cancel appointments

  • respond to enquiries

  • provide customer support

  • maintain internal records

4.3 To Process Orders and Payments

  • process payments

  • manage orders

  • issue invoices and receipts

  • detect or prevent fraudulent transactions

4.4 To Improve Our Website and Services

  • analyse website traffic and usage

  • improve user experience

  • monitor service quality

  • develop our treatments, communications, and website functionality

4.5 To Send Marketing Communications

  • send newsletters, offers, updates, or promotional communications

  • inform you about products, services, or clinic news that may interest you

We will only send marketing communications where permitted by law or where you have consented, and you can opt out at any time.

4.6 To Meet Legal, Professional, and Regulatory Obligations

  • comply with applicable laws and regulations

  • respond to complaints or legal claims

  • maintain appropriate healthcare records

  • cooperate with regulators, insurers, advisors, or law enforcement where required

These are standard lawful clinic purposes used across UK aesthetic clinic privacy notices.

5. Our Lawful Bases for Processing

Under UK GDPR, we rely on one or more of the following lawful bases:

5.1 Contract

Where processing is necessary to take steps at your request before entering into a contract, or to provide services you have booked or purchased.

5.2 Legal Obligation

Where processing is necessary for compliance with legal or regulatory obligations.

5.3 Legitimate Interests

Where processing is necessary for our legitimate interests, provided your rights and interests do not override those interests. This may include service administration, fraud prevention, website security, service improvement, and internal business management.

5.4 Consent

Where you have given consent, such as for certain marketing communications or the use of before-and-after photographs for promotional purposes.

5.5 Healthcare / Special Category Processing

Where we process health-related information to assess treatment suitability, provide treatment, maintain clinical records, or otherwise deliver healthcare or treatment-related services in accordance with applicable law.

UK clinic privacy policies commonly rely on contract, legal obligation, legitimate interests, consent, and Article 9 healthcare-related grounds for health data.

6. Special Category Data

Because we offer treatments and consultations, we may process special category data, including health and medical information.

We only collect and use this information where it is necessary for:

  • assessing your suitability for treatment

  • delivering safe and effective treatment

  • maintaining clinical records

  • meeting healthcare, insurance, legal, or regulatory obligations

  • protecting your vital interests

  • or where you have given explicit consent, where required

We handle such data with an increased level of confidentiality and security.

7. Clinical Photographs

We may take clinical photographs before, during, or after treatment for:

  • medical records

  • treatment planning

  • monitoring progress

  • documenting outcomes

  • continuity of care

We will only use your images for marketing, website, social media, training, or promotional purposes where you have separately agreed to this.

8. Sharing Your Personal Data

We do not sell your personal data.

We may share your information where necessary with:

  • healthcare professionals involved in your care

  • prescribers, pharmacies, or laboratories where relevant

  • payment service providers

  • IT, hosting, website, booking, CRM, and email service providers

  • accountants, legal advisors, insurers, and professional advisers

  • delivery or fulfilment providers for product orders

  • regulators, courts, law enforcement, or public authorities where required by law

Any third-party providers we use are expected to process personal data securely and only for appropriate purposes.

This matches standard UK clinic practice, especially around sharing with healthcare professionals, payment/IT providers, and regulators where needed.

9. International Transfers

Some of our service providers may store or process data outside the United Kingdom.

Where personal data is transferred internationally, we will take reasonable steps to ensure that appropriate safeguards are in place and that your data remains protected in accordance with UK data protection law.

10. Data Security

We take appropriate technical and organisational measures to protect your personal data against accidental loss, misuse, unauthorised access, alteration, or disclosure.

These measures may include:

  • restricted access to records

  • password protection

  • secure systems and software

  • encrypted or protected devices and storage 

  • confidential handling of medical records

  • staff confidentiality and data protection procedures 

  • use of trusted service providers

Aesthetic clinics are expected to apply stronger protections because they often handle sensitive health and treatment data.

11. How Long We Keep Your Data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, regulatory, tax, insurance, accounting, clinical, and record-keeping requirements.

This means different categories of data may be retained for different periods. For example:

  • enquiry data may be kept for a limited administrative period

  • order and transaction data may be kept for accounting and tax purposes

  • clinical records may be retained for longer in line with legal, insurance, and professional requirements

When data is no longer required, it will be securely deleted or anonymised.

12. Cookies and Analytics

Our website may use cookies and similar technologies to:

  • help the website function properly

  • remember your preferences

  • analyse traffic and usage patterns

  • improve performance and user experience

  • support marketing and advertising activities where applicable

You can control or disable cookies through your browser settings. If we use a cookie banner or cookie management tool, you can also manage preferences there.

A separate Cookie Policy may be provided where appropriate.

13. Marketing Communications

If you subscribe to our newsletter, request updates, or otherwise agree to receive marketing, we may contact you by email, SMS, or other relevant channels with offers, clinic updates, product launches, or service news.

You can withdraw your consent or unsubscribe at any time by:

  • clicking the unsubscribe link in our emails

  • contacting us directly

  • updating your preferences where available

14. Your Rights

Under UK data protection law, you may have the right to:

  • request access to your personal data

  • request correction of inaccurate or incomplete data

  • request erasure of your personal data in certain circumstances

  • request restriction of processing

  • object to processing in certain circumstances

  • request transfer of your data where applicable

  • withdraw consent where processing is based on consent

  • object to direct marketing at any time

These rights are not absolute and may be limited where we are legally entitled or required to retain certain information, especially clinical or regulatory records.

15. How to Exercise Your Rights

If you would like to exercise any of your data protection rights, please contact us at:

Email: info@skinvitalclinic.co.uk
Address: 11 Woodmansterne St, Banstead SM7 3NW, United Kingdom

We may need to verify your identity before responding to your request.

We will aim to respond within the timeframe required by law.

16. Children’s Privacy

Our services are generally intended for adults. We do not knowingly collect personal data from children through the website except where this is necessary for a lawful and clinically appropriate purpose and with suitable consent arrangements.

17. Third-Party Links

Our website may contain links to third-party websites, booking tools, payment providers, or social media platforms. If you follow those links, please note that those websites have their own privacy policies and we are not responsible for their content or privacy practices.

18. Complaints

If you have concerns about how we use your personal data, please contact us first and we will try to resolve the matter.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters. UK clinic privacy policies commonly direct users to the ICO for unresolved privacy complaints.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, our systems, or how we use personal data.

The latest version will always be published on our website with the updated date shown at the top of this page.

20. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

SkinVital Clinic
11 Woodmansterne St
Banstead SM7 3NW
United Kingdom

Email: info@skinvitalclinic.co.uk
Phone: +44 (0)7503 818961