+44 794 359 6063contact@teclinic.london

Privacy Policy

Traitements Esthétiques (TE Clinic) is committed to protecting the privacy and confidentiality of all personal information we collect from our clients and website visitors. This Privacy Policy explains how we collect, use, store, and protect your data in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

1. Information We Collect

We may collect and process the following types of personal data:

  • Personal identification information including full name, date of birth, gender, and proof of age documentation.
  • Contact details including address, telephone number, and email address.
  • Medical history, current medications, allergies, and details of previous aesthetic treatments.
  • Payment and billing information including card details and transaction records.
  • Photographs taken before and after treatment for clinical records (with your consent).
  • Website usage data including IP address, browser type, device information, and pages visited for analytics purposes.
  • Communication records including emails, messages, and phone call notes.

2. How We Use Your Information

Your personal information is collected and used for the following purposes:

  • To provide safe, appropriate, and effective aesthetic treatments tailored to your needs.
  • To manage appointments, bookings, payments, and billing processes.
  • To maintain accurate medical and treatment records as required by healthcare regulations.
  • To send appointment confirmations, reminders, and aftercare instructions.
  • To respond to enquiries, requests, and complaints.
  • To improve our services, website functionality, and customer experience.
  • To comply with legal, regulatory, and professional obligations.
  • To prevent fraud and ensure the security of our systems.

3. Legal Basis for Processing

We process your personal data under the following legal grounds: (a) Contractual necessity - to fulfil our agreement with you when providing treatments and services; (b) Legitimate interests - to operate our business effectively, improve our services, and prevent fraud; (c) Legal obligation - to comply with healthcare regulations and professional indemnity requirements; (d) Consent - for marketing communications and the use of photographs for promotional purposes, which you can withdraw at any time.

4. Marketing and Communication Preferences

With your explicit consent, we may use your contact details to send you promotional materials, special offers, newsletters, and updates about our services. You have the right to opt out of marketing communications at any time by clicking the unsubscribe link in our emails, replying 'STOP' to SMS messages, or contacting us directly. Opting out of marketing will not affect essential communications related to your appointments or treatments.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data with third parties for marketing purposes. We may share limited information with trusted service providers who assist us in operating our business, including:

  • Booking and practice management systems (e.g., Pabau, Fresha, or Cliniko).
  • Payment processors and merchant services for secure transaction handling.
  • Email and SMS communication platforms for appointment reminders and updates.
  • Cloud storage and IT service providers for secure data management.
  • Professional indemnity insurers when required for claims or compliance purposes.
  • Regulatory bodies, law enforcement, or legal authorities when required by law.

All third-party service providers are contractually obligated to handle your data securely and in full compliance with GDPR and UK data protection laws.

6. Data Storage and Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, misuse, or disclosure. All data is stored securely using password-protected systems, encrypted databases, and secure cloud storage with restricted access. Payment information is processed through PCI-DSS compliant payment gateways and is not stored on our systems. While we strive to use commercially acceptable means to protect your data, no method of electronic storage or transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy and to comply with legal and regulatory requirements. Medical records, treatment notes, and before/after photographs are retained for a minimum of seven years from the date of last treatment, in accordance with healthcare and professional indemnity requirements. Marketing consent records are retained until consent is withdrawn. After the required retention period, personal data is securely deleted, anonymised, or destroyed in accordance with our data retention schedule.

8. Your Data Protection Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

  • Right of access - You can request a copy of the personal data we hold about you.
  • Right to rectification - You can request correction of inaccurate or incomplete information.
  • Right to erasure - You can request deletion of your personal data where legally permissible (subject to regulatory retention requirements).
  • Right to restrict processing - You can request that we limit how we use your data in certain circumstances.
  • Right to data portability - You can request a copy of your data in a structured, machine-readable format.
  • Right to object - You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent - Where processing is based on consent, you can withdraw it at any time.
  • Right to complain - You can lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been mishandled.

9. Photography and Clinical Images

Before and after photographs may be taken for clinical record purposes and to monitor treatment progress. These images are stored securely as part of your medical record. Separate explicit written consent will be obtained before any clinical photographs are used for marketing, educational, or promotional purposes on our website, social media, or printed materials. You have the right to refuse consent for marketing use while still receiving treatment. Marketing consent can be withdrawn at any time by providing written notice, although images already published may not be immediately removable from all platforms or third-party shares.

10. Cookies and Website Tracking

Our website uses cookies and similar tracking technologies to enhance user experience, analyse website traffic, and improve functionality. Cookies are small text files stored on your device that help us remember your preferences and understand how you use our site. We use both essential cookies (necessary for website operation) and non-essential cookies (for analytics and marketing). You can control or delete cookies through your browser settings, though disabling certain cookies may affect website functionality. For detailed information about the cookies we use, please refer to our Cookie Policy.

11. Children's Privacy

Our services are strictly for individuals aged 18 years and over. We do not knowingly collect or process personal data from anyone under the age of 18. If we become aware that we have inadvertently collected information from a minor, we will take immediate steps to delete such data from our systems.

12. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom. In some cases, data may be transferred to or processed by service providers located outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the UK authorities, to protect your data in accordance with UK GDPR requirements.

13. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. All treatment decisions and client assessments are made by qualified medical professionals based on individual consultations and medical evaluations.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we protect your information. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

15. Contact Information and Complaints

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is handled, please contact us through the contact details provided on our website. We aim to respond to all enquiries within 30 days.

If you are not satisfied with our response or believe we have not complied with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. Visit www.ico.org.uk or call 0303 123 1113 for more information.

Last Updated: October 2025