Revive Dermal Clinic 

1. Who We Are Data Controller: Revive Dermal Clinic 2. What Information We Collect We may collect and process the following types of personal data: a) Identity & Contact Data Full name Date of birth Address Phone number Email address Emergency contact (optional) b) Health & Medical Data (Special Category Data) Relevant medical history Skin conditions or concerns Allergies or sensitivities Medications GP or healthcare provider (if relevant) Treatment notes and photographs c) Financial Data Payment information (only processed via secure third-party providers) Billing address (if applicable) d) Technical & Website Data IP address Device type and browser Website usage and cookies (see section 7) 3. Lawful Bases for Processing Under the UK GDPR, we must have a lawful basis to process your personal data. We rely on: Consent – for marketing communications or where required for certain treatments Contractual necessity – to provide you with requested treatments or services Legal obligation – for record-keeping and regulatory compliance Vital interests – in the case of a medical emergency Legitimate interests – for business administration and service improvement Provision of health or social care – to deliver appropriate dermal/clinical treatments (Article 9(2)(h) UK GDPR) 4. How We Use Your Data We use your personal data to: Provide safe and appropriate treatments Maintain accurate medical and treatment records Communicate with you about appointments and follow-ups Send relevant reminders, updates, or consent forms Comply with our legal and regulatory obligations Process payments Improve services and client experience Respond to legal requests or emergencies 5. How We Share Your Data We will never sell your personal data. We may share your data with: Medical professionals (with your consent or in an emergency) Regulatory bodies if legally required Third-party service providers (e.g. booking systems, payment processors, secure data storage) Our professional advisers (e.g. legal, insurance) IT service providers for secure systems management All third-party providers are required to respect the security of your personal data and to treat it in accordance with the law. 6. Data Retention We retain your personal data only as long as necessary for the purposes outlined in this policy, including: Medical and treatment records – retained for a minimum of 7 years (or until the patient is 25 years old if treated as a minor), in line with UK medical record-keeping standards Marketing data – retained until you withdraw consent or unsubscribe When data is no longer needed, it will be securely destroyed or anonymised. 7. Cookies and Website Tracking If you use our website, we may use cookies to enhance your experience and analyse traffic. These may include: Session cookies (for site functionality) Analytics cookies (e.g. Google Analytics) Marketing cookies (if you have opted in) You can control cookies through your browser settings. For more details, refer to our Cookie Policy [link to cookie policy]. 8. Your Rights Under UK GDPR You have the right to: Access your personal data (Subject Access Request) Request correction of incorrect or incomplete data Request deletion of your data (in certain circumstances) Object to or restrict processing Withdraw consent at any time (e.g. for marketing) Data portability (where applicable) Lodge a complaint with the Information Commissioner’s Office (ICO) ICO Contact Details: Website: https://ico.org.uk Helpline: 0303 123 1113 To exercise any of your rights, please contact us using the details provided in Section 1. 9. Data Security We take appropriate technical and organisational measures to protect your personal data, including: Secure electronic record systems Password-protected devices Staff confidentiality agreements and training Regular data audits and access controls Physical safeguards for any paper records 10. Changes to This Policy We may update this policy from time to time. Any changes will be posted on our website, and where appropriate, we will notify you directly. 11. Contact Us For questions, concerns, or to make a data rights request, please contact: Phone: +44 7824466513 Email: Revive.dermal.cardiff@gmail.com