GDPR Privacy Policy for Visage by Rachael
Effective Date: 13/07/2025
Last Updated: 13/07/2025
1. Introduction
At Visage By Rachael, we are committed to protecting and respecting your privacy. This policy outlines how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.
2. Who We Are
Clinic Name: Visage By Rachael
Address: Warwick Close, Carterton, Oxfordshire
Email: hello@visagebyrachael.co.uk
Phone: 07879707831
Data Controller: Clinic Owner
3. What Data We Collect
We may collect and process the following types of personal data:
Identity Information: Full name, date of birth, gender
Contact Information: Address, phone number, email
Medical Information: Medical history, current medications, allergies, treatment records
Photographs: Before-and-after photos (with consent)
Payment Information: Billing details and payment method
Marketing Preferences: Consent for newsletters, offers, and promotions
4. How We Use Your Data
We use your data for the following purposes:
To provide safe and effective aesthetic treatments
To assess suitability for treatments based on medical history
To contact you about appointments, follow-ups, and results
To process payments and manage invoices
With your consent, to send promotional materials and clinic updates
For legal and regulatory obligations
5. Legal Basis for Processing
We process your data based on one or more of the following legal bases:
Consent: You have given clear consent to process your personal data
Contract: The processing is necessary for a contract with you
Legal Obligation: We are legally required to process your data
Legitimate Interests: The processing is necessary for our legitimate interests, and does not override your rights
6. How Long We Keep Your Data
We retain your personal data only as long as necessary:
Medical records: 8 years from the date of your last treatment (as required by clinical regulations)
Marketing data: Until you withdraw your consent
We regularly review our data retention practices.
7. Sharing Your Data
We do not sell or rent your personal data. We may share your data with:
Health professionals working within our clinic
Payment processors (e.g. Stripe, Square)
IT service providers for data storage and booking systems
Regulatory bodies, when legally required
All third parties are GDPR-compliant and required to keep your data secure.
8. Your Rights
You have the right to:
Access the personal data we hold about you
Request correction of inaccurate data
Request erasure of your data (where legally possible)
Object to or restrict processing
Withdraw consent at any time
Lodge a complaint with the Information Commissioner’s Office (ICO)
9. Data Security
We take data protection seriously and have appropriate technical and organizational measures in place to safeguard your information, including:
Secure electronic systems with encrypted data
Access limited to authorized personnel
Locked cabinets for physical records
Regular staff training on data protection
10. Marketing Communications
With your explicit consent, we may send emails or SMS about offers, new treatments, or clinic updates. You can unsubscribe at any time by clicking the link in our emails or by contacting us directly.
11. Changes to This Policy
We may update this policy from time to time to reflect changes in the law or our business practices. Any updates will be posted on our website, and where appropriate, notified to you via email.
12. Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact: