logo

Privacy Policy

Aesthetidocs Limited ("Aesthetidocs") is committed to protecting your personal information and respecting applicable data protection laws around the world. This privacy policy explains how we do this, and it applies to your use of our websites, products, and services.

How we use your personal information

We use personal information in order to promote and provide the Aesthetidocs software service, to ensure the security of our websites, and to run our business. We have set out below more information on the categories of personal information that we collect, the specific ways in which that personal information is processed by us, the legal bases which permit us to do this, and the types of partners with whom we share your personal information.

What information does Aesthetidocs collect?

  • Your name, username, and password
  • Your address, email address, and phone number
  • Your payment details
  • Your marketing preferences, including any consents you have given us
  • Information related to the browser or device you use to access our websites
  • Records of your use of Aesthetidocs services
  • Any personal medical information you submit to us when completing any of our forms, documentation or otherwise provided by you as part of booking and managing your appointment with your chosen clinic

How does Aesthetidocs use your information?

We use your information as follows:

  • To fulfil a contract with you or take steps at your request before this:
    • When you use our platform to create and manage a booking with a clinic
    • Providing information and technical support if you ask for this
    • Contacting you with information about changes to services
    • Handling credit card information provided through our websites using PCI-compliant payment services
    • Storing and analysing your information in order to review and progress your job application if you apply to work with us
  • As required by Aesthetidocs to conduct our business and pursue our legitimate interests, in particular:
    • Giving you access to our products or services
    • Providing you with different content within a product or service, depending on how you use that product or service
    • Letting you know about Aesthetidocs products and services by post, email, and phone in accordance with your marketing preferences and laws relating to direct marketing
    • Analysing how you use Aesthetidocs products and services so we can improve our levels of service and develop future products and services, including through the use of surveys
    • Ensuring the security of Aesthetidocs websites and information technology systems and protecting our rights.
  • Where you give us consent:
    • Where we need your consent to process your medical and other sensitive personal information
    • If we need your consent in order to send marketing for Aesthetidocs products and services to you
  • For purposes which are required by law:
    • Sharing your personal information in order to comply with legal obligations to which Aesthetidocs is subject.

How will Aesthetidocs share your information?

We share your personal details:

  • Within Aesthetidocs in order to carry out the processing described above
  • With such clinics or treatment providers with whom you are seeking to make and manage a booking or appointment
  • With third party service providers who process your information on Aesthetidocs’s behalf for the purposes above – such as payment processors, or IT service providers

We will also share your personal information:

  • If we think this is necessary to in order to protect the rights, property, or safety of Aesthetidocs, our employees, our commercial partners, or our customers. This includes sharing information for the purposes of fraud protection and credit risk reduction
  • With government authorities and/or law enforcement officials if required by law.

Giving and withdrawing your consent, and updating your personal information

Where your consent is required for us to process your personal information, we will ask for your consent at the point at which you provide your data. You have the right to withdraw that consent at any time. You can also update your personal information at any time. If you wish to do either, contact us at support@aesthetidocs.com .

Storing your personal information

Your personal information may be stored and processed outside of the country where it is collected, including outside of the United Kingdom or the European Economic Area. When transferring information to others, within the UK, the EEA or otherwise, we ensure that appropriate and suitable safeguards and technical measures are in place to protect your personal data. To do this, we make use of standard contractual clauses that have been approved by the UK authorities and the European Commission with our suppliers, or we implement other similar measures required by laws around the world.

We will only keep records of your personal information for as long as is reasonably necessary for the purposes for which we have collected it, and in order to comply with any statutory or regulatory obligations in relation to retention of records. We respect requests to stop processing your personal data for marketing purposes. This includes keeping a record of your request indefinitely so that we can respect your request in future.

Your rights

You have the right to request access to and rectification or erasure of personal information, the right to restrict processing of your personal information, and the right to object to processing of your personal information. You have the right to object to your personal information being processed on the grounds of Aesthetidocs’s legitimate interests. You have the right to object to us sending you direct marketing and profiling you for the purposes of direct marketing. You have the right to lodge a complaint regarding our processing of your personal information with a data protection supervisory authority in a country where you live, work, or where you believe a breach may have occurred.

Contacting us

The data controller for our websites, products and services is Aesthetidocs Ltd of Lockview House, 49 Lockview Road, Belfast, Northern Ireland, BT9 5FJ.

You can contact us by email at support@aesthetidocs.com .

If you wish to contact our Data Protection Officer, please email dataprotection@aesthetidocs.com .

Privacy Policy

Azfi Medical Aesthetics

Effective Date: 02/06/2025



1. Introduction

1.1 Azfi Medical Aesthetics ("we", "us", "our") is committed to protecting your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

1.2 This Privacy Policy outlines how we collect, use, store, share, and protect your personal data, as well as your rights concerning that data.



2. Definitions

2.1 "Data Subject" means the individual whose personal data is processed by the Clinic (i.e., the Patient).

2.2 "Personal Data" means any information relating to an identified or identifiable natural person.

2.3 "Processing" means any operation performed on Personal Data, including collection, storage, transmission, or deletion.

2.4 "Data Controller" means the system or entity (Azfi Medical Aesthetics) that determines the purposes and means of Processing Personal Data.

2.5 "Data Processor" means any third party that processes Personal Data on behalf of the Data Controller.



3. Information We Collect

3.1 Identifiers: Full name, date of birth, gender, contact details (address, email, phone number).

3.2 Medical and Health Information: Medical history, allergies, medications, previous treatments, PRP results, DOPS outcomes, and clinical photographs.

3.3 Financial Information: Payment and billing details (processed by secure third-party providers; not stored on our servers).

3.4 Device and Usage Data: IP addresses, device identifiers, browser type, operating system, pages visited on our website, appointment scheduling data.

3.5 Marketing Preferences: Consent status for receiving promotional communications and details of any marketing interactions.

3.6 Communication Data: Notes and recordings (where consented) from consultations, emails, telephone calls, and chat logs.



4. Lawful Basis for Processing

4.1 We rely on the following lawful bases under UK GDPR:

  • Consent: For marketing communications and non-essential data processing where explicit consent is obtained.

  • Contractual Necessity: To provide Services to Patients, including consultations, Treatments, and follow-up care.

  • Legal Obligation: To comply with healthcare regulations, reporting requirements, and record-keeping obligations.

  • Vital Interests: To protect the health and wellbeing of the Patient or others in emergencies.

  • Legitimate Interests: To improve our services, ensure patient safety, manage clinical governance, and prevent fraud.



5. How We Use Your Information

5.1 The primary purposes for which we use Personal Data include:

  • Providing and managing clinical Treatments and consultations.

  • Scheduling and confirming appointments, sending reminders, and aftercare instructions.

  • Processing payments, invoicing, and managing financial records.

  • Maintaining accurate medical records for ongoing clinical care and compliance with regulatory requirements.

  • Conducting audit, clinical governance, and quality assurance activities.

  • Communicating with regulatory bodies, insurance providers, and legal authorities as required by law.

  • Sending marketing communications (only if the Patient has opted in; Patients can withdraw consent at any time).

  • Handling complaints, disputes, and legal claims.

  • Performing anonymized research or statistical analysis to improve our Services (where data is fully anonymized).

6. Data Sharing and Third-Party Processors

6.1 We do not sell, rent, or trade Personal Data. However, we may share Personal Data with:

  • Healthcare Professionals: Other clinicians or specialists for referrals, co-management of cases, or laboratory analysis.

  • Regulatory Bodies: CQC, GMC, or other authorities for compliance, audits, or in response to legal requests.

  • Professional Indemnity Insurers and Legal Advisors: When necessary to defend or investigate claims, complaints, or legal actions.

  • Third-Party Service Providers: Appointment scheduling systems, billing processors, email service providers, and IT support under written data processing agreements.

  • Emergency Services: In the event of a medical emergency where disclosure is necessary to protect vital interests.

6.2 All third-party processors are required to implement appropriate technical and organizational measures to ensure data security and confidentiality.



7. International Transfers

7.1 Personal Data is stored and processed primarily within the UK. If any data is transferred outside the UK or European Economic Area (EEA), we will ensure that equivalent safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect the data.



8. Data Security and Breach Notification

8.1 We implement a range of technical and organizational measures to protect Personal Data, including:

  • Secure Electronic Health Record Systems: Access restricted to authorized personnel via unique logins and two-factor authentication where possible.

  • Encryption: Personal Data encrypted at rest and in transit.

  • Physical Security: Controlled access to clinical and data storage areas.

  • Staff Training: Regular training on data protection, confidentiality, and information security policies.

  • Regular Security Audits and Risk Assessments to identify and mitigate vulnerabilities.

8.2 In the event of a Personal Data breach, we will:

  • Contain and assess the breach promptly.

  • Notify the Information Commissioner’s Office (ICO) within 72 HOURS if the breach is likely to result in a risk to individuals’ rights and freedoms.

  • Notify affected Data Subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

9. Data Retention

9.1 We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal, regulatory, or professional obligations.

9.2 Medical records and treatment documentation are retained for a minimum of 7 YEARS following the last patient interaction, in line with medical guidelines.

9.3 Personal Data no longer required for the above purposes will be securely deleted or anonymized.



10. Cookies and Website Analytics

10.1 Our website uses cookies and similar tracking technologies to enhance user experience and analyze website traffic.

10.2 We use:

  • Essential Cookies: Required for basic site functionality (e.g., session management).

  • Analytical/Performance Cookies: To collect anonymized information on website usage, traffic sources, and page performance.

  • Marketing/Targeting Cookies: To deliver relevant advertisements (only with explicit consent).

10.3 Users can manage cookie preferences through browser settings or via the cookie consent banner on our website. Disabling certain cookies may affect website functionality.



11. Data Subject Rights

11.1 Under the UK GDPR and Data Protection Act 2018, Data Subjects have the following rights:

  • Right to Access: Obtain confirmation of whether Personal Data is being processed and access to that data.

  • Right to Rectification: Request correction of inaccurate or incomplete data.

  • Right to Erasure ("Right to be Forgotten"): Request deletion of Personal Data when there is no lawful basis for continued processing.

  • Right to Restrict Processing: Limit how Data is used if the accuracy is contested or processing is unlawful.

  • Right to Data Portability: Receive Personal Data in a structured, commonly used, and machine-readable format.

  • Right to Object: Object to processing based on legitimate interests or direct marketing.

  • Right not to be subject to Automated Decision-Making: Where decisions have legal or significant effects.

  • Right to Withdraw Consent: If Processing is based on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.

11.2 To exercise these rights, please submit a written request to [Insert Contact Email]. We will respond within 30 DAYS of receipt.

12. Marketing Communications and Opt-In/Opt-Out

12.1 We will only send marketing communications (e.g., newsletters, promotional offers) with explicit consent from the Data Subject.

12.2 Each marketing email will include an easy-to-use unsubscribe link. Alternatively, Data Subjects may email [Insert Contact Email] to withdraw consent.



13. Transfers of Business

13.1 In the event that the Clinic is sold, merged, or undergoes corporate restructuring, Personal Data will be one of the transferred assets. Any new owner will continue to be bound by this Privacy Policy.



14. Changes to This Privacy Policy

14.1 We may update this Privacy Policy to reflect changes in our practices, legal requirements, or services offered.

14.2 Significant changes will be communicated via email, website notice, or in-clinic notice at least 30 DAYS before implementation. Continued use of our Services after changes indicates acceptance of the updated policy.



15. Contact Information

15.1 If you have any concerns about how we handle your data, please contact us first at info@azfiaestheticsclinic.co.uk and we’ll do our best to resolve them.

15.2 If you're not satisfied with our response or believe your data has been handled unfairly or unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns