Privacy Policy - Glow Aesthetics by Dora
1. Introduction
At Glow Aesthetics By Dora ("we", "us", or "our"), your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are committed to protecting the confidentiality and integrity of the information you share with us, especially as it may include health-related data.
​
2. Who We Are
Glow Aesthetics By Dora is a medical aesthetics clinic providing non-surgical cosmetic treatments.
Data Controller: Glow Aesthetics By Dora
3. What Data We Collect
We may collect the following categories of personal data:
a. Personal Identification Data
Full name
Date of birth
Address
Phone number
Email address
Emergency contact details
b. Medical and Health Data (special category data)
Medical history
Allergies and contraindications
Medications
Treatment records
Before and after photographs (with consent)
c. Financial Information
Payment information (processed securely via third-party providers)
Billing details
d. Technical Data
IP address
Browsing behaviour on our website (via cookies)
4. Legal Basis for Processing
We process your personal data under the following legal bases:
Consent: For marketing, photographs, or optional treatments.
Contract: To provide treatment and services.
Legal obligation: To comply with regulatory requirements.
Legitimate interests: For operational reasons, e.g. managing appointments or improving our services.
Vital interests: To protect your life in a medical emergency.
5. How We Use Your Data
We use your data to:
Schedule and manage appointments
Provide treatments and medical advice
Maintain clinical records
Comply with legal obligations (e.g., insurance and audit)
Process payments
Communicate about your care or clinic updates
Send marketing materials (only with your explicit consent)
6. Sharing Your Data
We do not sell your personal data. We may share it with:
Qualified staff and practitioners
Payment providers (e.g., Stripe, Square)
Regulatory or insurance bodies (as required by law)
IT service providers (who help us manage our website or booking systems)
Emergency services (if necessary for your care)
All third parties are subject to strict confidentiality and data protection obligations.
7. Data Retention
We retain medical records and treatment data for a minimum of 8 years (or until a child patient turns 25), in accordance with healthcare regulations.
Other data (e.g., marketing consents) are retained for as long as is necessary or until you withdraw consent.
8. Your Rights
Under UK GDPR, you have the right to:
Access your personal data
Correct inaccurate or incomplete data
Request erasure (right to be forgotten)
Restrict or object to certain processing
Data portability (in some cases)
Withdraw consent at any time (for marketing or photography)
To exercise any of these rights, contact us at [Insert Contact Email].
9. Data Security
We use secure systems and appropriate technical and organisational measures to protect your data from unauthorised access, loss, or disclosure.
10. Cookies
Our website uses cookies to improve user experience. You can control cookie settings through your browser. See our [Cookie Policy] for more information.
​
11. Children’s Privacy
We only collect children’s data with parental or guardian consent and only when necessary for treatment.
​
12. Complaints
If you’re unhappy with how we use your data, please contact us first.
You can also complain to the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113
​
13. Updates to This Policy
We may update this Privacy Policy occasionally. The latest version will always be available on our website or in-clinic.
​