1. Introduction

At Best Skincare Clinic Limited (BSC), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018 (DPA 2018)
  • The Privacy and Electronic Communications Regulations 2003 (PECR)

It applies to our clients, prospective clients, website visitors, and anyone who interacts with our services.

By using our services or website, you agree to the collection and use of your personal data as described in this Privacy Policy.

2. Data Controller & Contact Information

Data Controller: Best Skincare Clinic Limited
Company Number: 12403880
Registered Address: 64c Roseville Road, Leeds, LS8 5DR, United Kingdom

Data Protection Officer (DPO): Isobel Bates
DPO Contact Email: information.governance@bestskincareclinic.co.uk
Telephone: +44 7414 599992

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

3. Personal Data We Collect

We may collect the following types of personal data:

  1. Identity Data: Name, title, date of birth, gender, usernames, NHS number, social media handles.
  2. Contact Data: Email, phone numbers, billing & delivery addresses, emergency contacts.
  3. Financial Data: Payment card details, bank account info, credit references, salary or expenditure details.
  4. Transaction Data: Purchases, bookings, service usage, invoices.
  5. Technical Data: IP address, browser type, operating system, device info, cookies, log-in data.
  6. Profile Data: Account information, preferences, survey feedback.
  7. Usage Data: Website interactions, service usage, engagement metrics.
  8. Marketing & Communication Data: Opt-in preferences for promotions, newsletters, and advertising.
  9. Health/Treatment Data: Medical history, treatments received, progress notes, images for clinical records (special category data requiring extra protection).

Special Category Data: Health-related information is processed under strict confidentiality and legal safeguards.

4. How We Collect Your Data

We collect personal data via:

  • Direct interactions (appointments, surveys, account creation, competitions)
  • Healthcare practitioner referrals
  • Third-party services and partners (payment processors, technical providers, Experian, publicly available registers)
  • Website tracking tools (cookies, analytics)

Failure to Provide Data: If required data is not provided, we may be unable to deliver services or process your requests.

5. How We Use Your Personal Data

We process personal data based on one or more of the following legal bases:

PurposeData UsedLegal Basis
Registering new clientsIdentity, ContactPerformance of contract
Providing servicesIdentity, Contact, Financial, Transaction, HealthPerformance of contract, necessary for healthcare provision, legitimate interests
Marketing & PromotionsIdentity, Contact, Profile, UsageConsent or legitimate interests (soft opt-in)
Customer support & complaintsIdentity, Contact, TransactionPerformance of contract, legal obligation
Website improvementTechnical, UsageConsent, legitimate interests
Legal obligations & complianceIdentity, Contact, TransactionCompliance with legal/regulatory obligations
Prize draws & surveysIdentity, Contact, Profile, UsagePerformance of contract, legitimate interests
Data analytics & personalised recommendationsTechnical, Usage, ProfileConsent

Health Data Processing: Health data is processed only as necessary for treatment, healthcare provision, or compliance with UK/EU law.

6. Marketing Communications

You have full control over marketing preferences:

  • You may opt-out at any time via links in emails, SMS, or by contacting us.
  • We do not sell your data to third parties for marketing.
  • Third-party promotions will only be sent with your explicit consent.

7. Cookies and Web Tracking

Types of Cookies Used:

  • Necessary Cookies: Essential for site functionality
  • Performance Cookies: Analytics and website performance
  • Functional Cookies: Remembering user preferences
  • Advertising Cookies: Targeted adverts (Google Ads, Facebook, DoubleClick, Hotjar, Optimizely, Intercom, Pingdom, Affilinet)

Managing Cookies: You can configure your browser to reject or delete cookies. Certain features may not function if cookies are blocked.

8. Sharing & Disclosures

We may share your personal data with:

  • IT Providers & Processors: Hosting, maintenance, system support
  • Professional Advisors: Lawyers, auditors, insurers
  • Authorities: HMRC, regulatory bodies, or where required by law

Third-party partners are required to adhere to strict confidentiality and data protection standards.

9. International Transfers

We do not transfer personal data outside the EEA. If international transfers occur, they are only made with appropriate safeguards (e.g., Standard Contractual Clauses).

10. Data Security

We implement industry-standard security measures:

  • Encryption of sensitive data
  • Secure access controls and authentication
  • Staff training and confidentiality agreements
  • Data breach response protocols

11. Data Retention

We retain personal data only as long as necessary to:

  • Provide services
  • Meet legal obligations
  • Resolve disputes
  • Improve services

Specific retention periods are available on request.

12. Your Rights Under UK GDPR

You have the following rights:

  1. Access: Request a copy of your personal data
  2. Correction: Update inaccurate or incomplete data
  3. Erasure: Request deletion where lawful
  4. Object: Challenge processing on legitimate interest or marketing grounds
  5. Restrict Processing: Temporarily limit use of your data
  6. Data Portability: Receive data in a structured, machine-readable format
  7. Withdraw Consent: At any time without affecting lawful processing before withdrawal

Requests are generally processed within one month, extended to three months for complex requests.

13. Data Protection Glossary

  • Legitimate Interest: Business reason that balances the rights of individuals
  • Performance of Contract: Processing necessary to deliver contractual obligations
  • Legal Obligation: Required by law to process data
  • Special Category Data: Sensitive data, such as health, requiring extra safeguards

14. Changes to This Privacy Policy

We may update this policy periodically. Changes will be posted with an updated “Last Updated” date. Please check regularly.

15. Complaints

If you have concerns about our handling of your data, please contact our DPO first. If unresolved, complaints may be made to the ICO: https://ico.org.uk/

16. Disclaimer

Individual results may vary due to age, medical history, and lifestyle factors. All treatments are assessed case-by-case, and progress is monitored for safety and effectiveness.

17. Contact Us

UK Clinic:
64c Roseville Road, Leeds, LS8 5DR, UK
+44 7414 599992
info@bestskincareclinic.co.uk

Pakistan Clinic:
384 B, B Block Faisal Town, Lahore, Pakistan
+92 332 4265366
info@bestskincareclinic.co.uk

Opening Hours:

UK: Mon–Sat, 09:30–17:30