Privacy Policy

A legal disclaimer

Effective Date: [27/7/2025]
Last Updated: [27/7/2025]

This Privacy Policy outlines how BLR. Medical Aesthetics collects, uses, stores, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and industry guidelines from the JCCP and Care Quality Commission (CQC). We are committed to respecting your privacy and protecting your personal information with transparency and integrity.

1. Who We Are

BLR. Medical Aesthetics is a provider of non-surgical aesthetic and skincare treatments, operated by trained, medically registered professionals. We are committed to providing safe, ethical and personalised care, in line with JCCP and CQC best practice where relevant.

Clinic Address: The Wellness Centre, Northallerton
Contact Email: enquiries@blrmedical.co.uk
Phone Number: [Insert Phone Number]
Data Protection Lead: Billie Roulson

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

a. Basic Information

Full name
Date of birth
Contact details (address, email, phone number)

b. Health & Medical Information

Medical history and medication use
Known allergies
Previous aesthetic treatments
Photographs (before and after treatment)

c. Transactional & Appointment Data

Treatment records and consent forms
Appointment history
Payment method (we do not store card details)

d. Digital Data

Website usage data (IP address, browser type, pages visited)
Contact form submissions
Social media messages (if relevant)

3. How We Use Your Information

We process your data for the following lawful purposes:

PurposeLegal Basis under UK GDPR

To provide aesthetic treatmentConsent / Legitimate interest / Vital interests

To maintain accurate recordsLegal obligation / Legitimate interest

To contact you about appointmentsConsent / Contract

To comply with regulatory requirementsLegal obligation

To improve clinic servicesLegitimate interest

We will not use your data for automated decision-making or profiling.

4. Sharing Your Data

We only share your data when necessary, such as:

With medical professionals for clinical supervision or in case of an emergency
With regulatory bodies such as the CQC, JCCP, or General Medical Council upon lawful request
With payment processors (secure and PCI-compliant)
With our website host, booking system, or secure email provider (all GDPR-compliant)

We do not sell or rent your data to third parties.

5. Data Security

We take data protection seriously and use the following security measures:

Encrypted clinical and booking software
Password-protected devices
Locked filing systems for physical records
Staff training in data protection and confidentiality

In the event of a data breach, we will notify the ICO and affected individuals where required by law.

6. How Long We Keep Your Data

We retain patient records for a minimum of 7 years after your last appointment (or until the age of 25 if treated as a minor), in line with Department of Health guidelines and CQC standards.

After this time, your data will be securely destroyed.

7. Your Rights

Under UK GDPR, you have the right to:

Access your personal data
Correct inaccurate or incomplete data
Request deletion of your data (“right to be forgotten”)
Object to or restrict processing
Withdraw consent at any time
Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact us at [Insert Clinic Email].

8. Cookies & Website Tracking

Our website may use cookies to improve user experience and analyse traffic. You can disable cookies in your browser settings.

For more details, see our Cookie Policy [link if applicable].

9. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be available on our website. If changes are significant, we will notify you by email or notice on our site.

10. Contact Us

For any privacy-related questions or to exercise your rights, please contact us at enquiries@blrmedical.co.uk