PRIVACY POLICY

1. Introduction

La Derma Skin & Laser Clinic (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store and protect personal data relating to you when you:

• Use our website

• Contact us (via website form, email, phone, or in person) to enquire about or book treatments

• Receive treatments from us

• Provide any other personal data as part of our services.

​

We comply with UK GDPR and the Data Protection Act 2018.

​

​

2. Data We May Collect

We may collect and process the following categories of personal data:

• Identity & contact data: name, title, date of birth (if relevant), postal address, email address, phone number.

• Health / clinical data: details necessary for provision of treatments, medical history, skin/health information, treatment records — when you use our clinic services. (Such data is “special category data” under GDPR.) 

• Technical / usage data (website-level): IP address, browser type, pages visited, resources accessed, time & date of visit, and other standard web log data.

• Communications data: any information you provide when you communicate with us, for example by email, phone, forms, or during appointments. 

• Optional marketing/consent data: if you sign up for marketing — e.g. newsletters, offers, promotions — your preferences, consent status, and any relevant contact details.

​

​

3. How and Why We Use Your Data (Purposes & Legal Basis)

We use your personal data for the following purposes:

• To respond to enquiries, provide information, and manage bookings and appointments.

• To provide treatment and skincare/laser services, including maintaining medical records, planning treatments, follow-up care and aftercare.

• To comply with our legal and regulatory obligations (e.g. health & safety, medical record-keeping, legal compliance).

• To manage our clinic operations, administrative tasks, billing, and internal record-keeping.

• If you consent: to send marketing communications (offers, updates, newsletters).

• To improve our website and services, including analysing usage data, improving user experience, and ensuring security.

For “special category data” (health / clinical data), we will only process when necessary for medical care, treatment and related services — and with your explicit consent where required.

​

​

4. Data Sharing and Disclosure

We will not share your personal data with third parties for marketing purposes without your explicit consent.

We may disclose your data if required by law — for example, to comply with legal obligations, regulatory authorities, or in the context of medical emergencies or public health.

​

If the clinic’s business is sold, reorganised or merges, personal data may be transferred to the new entity, subject to equivalent data protection standards.

​

​

5. Cookies & Tracking

When you use our website, we may use cookies and similar tracking technologies to:

• Collect usage data (pages visited, resources accessed, time of visit, etc.), to improve and optimise the website.

• Remember preferences if you provide them (e.g. language, booking preferences).

You can control or disable cookies through your browser settings. However, please note that disabling cookies may affect the functionality of the website.

​

​

6. Data Storage & Security

We take appropriate technical and organisational measures to ensure your data is stored securely and protected against unauthorised or unlawful processing, accidental loss, destruction or damage.

​

Paper records (if used) are stored in locked filing systems. Electronic records are stored on secure systems, with access restricted to authorised staff only.

​

​

7. Data Retention

We will retain your personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory or professional obligations (e.g. medical record retention), or as long as you remain a patient/client. Once no longer needed, data will be securely deleted or anonymised.

​

Where you have given consent for marketing communications, we will retain your contact and consent data until you withdraw consent.

​

​

8. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data

• The right to be informed about how your data is used and processed.

• The right of access: you can request a copy of the data we hold about you.

• The right to rectification: you can ask us to correct any inaccurate or incomplete personal data.

• The right to erasure (“right to be forgotten”), in certain circumstances (e.g. data no longer necessary, consent withdrawn, unlawful processing).

• The right to restrict processing.

• The right to data portability (where applicable).

• The right to object to processing (e.g. for direct marketing).

• Rights in relation to automated decision-making and profiling (if we employ such methods) — though currently we do not.

If you wish to exercise any of these rights, please contact us at the contact details above. We will respond within the timeframes required by law.

​

​

9. Your Responsibilities

If you provide personal data about someone else (for example, as an emergency contact), you confirm you have the right to do so and that the individual is aware of this Privacy Policy and how their data will be used.

​

​

10. Changes to this Policy

We may update this Privacy Policy from time to time (e.g. due to changes in our services or legal/regulatory requirements). We will post any changes on our website. We recommend you check this page occasionally to stay informed.

​

​

11. Contact Us / Complaints

If you have any questions about this Privacy Policy or how we handle your data, or if you wish to make a complaint about data handling, please contact our Data Protection Officer or Clinic Manager at:

• Email: ladermaplymouth@gmail.com

• Address: 235 Union Street, Office 2, Stonehouse, Plymouth, PL1 3HN

• Phone: 07983 570049

If you remain unhappy with our response, you have the right to contact the Information Commissioner's Office (ICO) — the UK data protection supervisory authority.

​

​

Notes for Implementation

• Be sure to insert your clinic’s full contact details (address, email, phone), and — if applicable — the name / role of your Data Protection Officer.

• If you collect additional kinds of data (e.g. photos, payment card info, marketing subscriptions), update the “Data We Collect” and “Purposes” accordingly.

• If you use third-party tools (analytics, marketing, booking platforms), mention those and explain how data is shared/used — or explicitly state you don’t share data with third parties.

• Consider including a separate Cookie Policy or Cookie Notice / Banner if you use non-essential cookies.