Privacy Policy

1. Introduction

Beyond The Face ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, book appointments, or receive treatments at our clinic.

We are registered in England and operate from 19 Vale Road, Tunbridge Wells, Kent TN1 1BS. For any privacy-related queries, please contact us at hello@beyondtheface.co.uk or call 07717 633418.

2. Information We Collect

We may collect the following types of personal information:

• Identity Data: Name, title, date of birth
• Contact Data: Email address, telephone number, postal address
• Health Data: Medical history, skin conditions, allergies, medications, and treatment records (collected with your explicit consent)
• Transaction Data: Payment details, purchase history
• Technical Data: IP address, browser type, device information when using our website
• Marketing Data: Your preferences for receiving marketing communications
• Visual Data: Before and after photographs (only with your explicit written consent)

3. How We Use Your Information

We use your personal data for the following purposes:

• To provide aesthetic treatments and consultations
• To manage appointments and bookings
• To maintain accurate medical records as required by law
• To process payments and manage our relationship with you
• To send appointment reminders and aftercare instructions
• To send marketing communications (where you have opted in)
• To improve our website and services
• To comply with legal and regulatory obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract: To fulfil our contractual obligations when providing treatments
• Consent: For health data processing, marketing communications, and photography
• Legal Obligation: To comply with healthcare regulations and maintain medical records
• Legitimate Interest: To improve our services and manage our business effectively

5. Data Sharing

We may share your personal data with:

• Healthcare Professionals: Where necessary for your treatment or in case of emergency
• Service Providers: Booking systems (BoostKit), payment processors, and IT support providers who act on our behalf
• Legal Authorities: Where required by law or to protect our legal rights

We do not sell your personal data to third parties.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encrypted data transmission, secure storage systems, and restricted access to personal information.

7. Data Retention

We retain your personal data for:

• Medical Records: 10 years from your last treatment, or longer if clinically necessary (in line with medical record-keeping guidelines)
• Financial Records: 7 years for tax and accounting purposes
• Marketing Data: Until you withdraw consent or unsubscribe
• Website Analytics: 26 months

8. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restrict Processing: Request limitation of how we use your data
• Data Portability: Request transfer of your data to another provider
• Object: Object to processing based on legitimate interests or for marketing
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at hello@beyondtheface.co.uk.

9. Cookies

Our website uses cookies to improve your browsing experience and analyse website traffic. We use:

• Essential Cookies: Required for the website to function
• Analytics Cookies: Google Analytics and Vercel Analytics to understand how visitors use our site

You can manage cookie preferences through your browser settings.

10. Third-Party Links

Our website may contain links to third-party websites (such as Instagram or our booking system). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):