logo

Privacy Policy

Privacy Policy

Last Updated: [19/06/2026]

Cardiff Aesthetics Privacy Policy

Cardiff Aesthetics is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Cardiff Aesthetics
111-113 Crwys Road
Cardiff
CF24 4NG

Email: hello@cardiffaesthetics.co.uk
Website: www.cardiffaesthetics.co.uk

Cardiff Aesthetics is the data controller responsible for your personal information.

2. Information We Collect

We may collect and process the following information:

Contact Information

  • Full name
  • Address
  • Email address
  • Telephone number
  • Date of birth

Medical and Treatment Information

  • Medical history
  • Health questionnaires
  • Consultation records
  • Treatment records
  • Clinical notes
  • Consent forms

Photographs

We may take clinical photographs before, during, and after treatment to:

  • Assess treatment suitability
  • Monitor treatment progress
  • Maintain accurate clinical records

These photographs form part of your confidential medical record.

Website Enquiries

When you submit an enquiry through our website contact form, we collect:

  • Name
  • Email address

Information submitted through our contact form is used solely to respond to your enquiry and is not added to marketing mailing lists.

3. How We Use Your Information

We use your information to:

  • Provide consultations and treatments
  • Maintain accurate clinical records
  • Assess treatment suitability and safety
  • Comply with legal and regulatory requirements
  • Communicate with you regarding appointments and treatment plans
  • Respond to enquiries submitted through our website
  • Protect the health, safety, and wellbeing of our clients

We only process personal data where we have a lawful basis to do so under UK GDPR.

4. Lawful Basis for Processing

We process your information under one or more of the following lawful bases:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests
  • Explicit consent (where required)
  • Provision of health care and treatment services

5. Sharing Your Information

Cardiff Aesthetics does not sell, rent, or share your personal information with third parties for marketing purposes.

Information may be shared only when necessary with:

Prescribing Professionals

Where required to facilitate the safe prescribing of prescription-only medicines.

Insurance Providers

Where necessary for the investigation or handling of complaints, claims, or incidents.

Regulatory Authorities

Where disclosure is required by law or regulatory obligations, including requests from the Nursing and Midwifery Council (NMC) or other authorised bodies.

All information shared is limited to what is necessary for the specific purpose.

6. Client Management Software

We use AesthetiDocs, a GDPR-compliant client management system, to securely store and manage client records.

Appropriate technical and organisational measures are in place to protect your information from unauthorised access, loss, misuse, or disclosure.

7. Data Security

We take the security of your personal information seriously and implement appropriate safeguards to protect it.

These measures include:

  • Secure electronic record storage
  • Password-protected systems
  • Restricted access to client records
  • Secure storage of clinical photographs
  • Regular review of security procedures

8. Data Retention

Client records, including treatment records, consultation notes, consent forms, and photographs, are retained for a minimum period of eight years following your last treatment in accordance with legal and professional record-keeping requirements.

After this period, records will be securely deleted or destroyed unless a longer retention period is required by law.

9. Cookies

Our website may use essential cookies necessary for the operation of the website.

We do not currently use:

  • Google Analytics
  • Facebook Pixel
  • Advertising or remarketing tracking technologies

Should this change in the future, this Privacy Policy will be updated accordingly.

10. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate information
  • Request deletion of your data where applicable
  • Restrict processing in certain circumstances
  • Object to processing in certain circumstances
  • Request transfer of your data where applicable
  • Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the details provided below.

11. Complaints

If you are unhappy with how we handle your personal information, please contact us first so that we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: www.ico.org.uk

12. Contact Us

If you have any questions regarding this Privacy Policy or how your personal information is processed, please contact:

Cardiff Aesthetics
111-113 Crwys Road
Cardiff
CF24 4NG

Email: hello@cardiffaesthetics.co.uk

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business operations, or services.

Any updates will be published on this page and will take effect immediately upon publication.

© 2025 Cardiff Aesthetics. All rights reserved.