PRIVACY POLICY

Last updated: February 2026

1. Introduction

This Privacy Policy explains how The Face Lab Ltd (“we”, “us”, or “our”) collects, uses, stores, and protects personal information when you interact with us, whether online or in person.

This includes when you:

  • visit our website at www.thefacelab.co.uk
  • contact us by email or other means
  • book or attend consultations or treatments at our clinic

This policy applies to personal data collected both online and offline, including medical records, consultation notes, consent forms, and treatment documentation created and stored as part of your care.

We are committed to protecting your privacy and handling your information in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR), and relevant professional medical confidentiality obligations.

2. What Information We Collect

Personal Information You Provide

We collect personal information that you voluntarily provide when you contact us, book appointments, or attend consultations or treatments. This may include:

  • Your name
  • Contact details (such as email address and telephone number)
  • Appointment and booking information

Medical Information

As a physician-led medical aesthetics clinic, we collect and process health-related information necessary to provide safe and appropriate care. This may include:

  • Medical history and relevant health information
  • Consultation assessments and treatment plans
  • Treatment records, including products used and procedures performed
  • Clinical photographs used for medical documentation
  • Informed consent records

Medical information is processed with your explicit consent and stored securely in accordance with UK data protection requirements and professional medical record-keeping guidance.

Information Collected via the Website

When you visit our website, we may collect limited technical information such as IP address, browser type, device information, and usage data. This information is used solely to understand website performance and improve user experience. We may use analytics tools such as Google Analytics for this purpose. This data does not identify you directly and is not used for marketing.

3. How We Use Your Information

We use personal information only where necessary and appropriate, including:

  • To provide consultations and medical aesthetic treatments safely
  • To maintain accurate and compliant medical records
  • To communicate with you about appointments or enquiries
  • To meet legal, regulatory, and professional obligations
  • To improve our website and services

We do not use medical information for marketing purposes.

4. Legal Bases for Processing

We process personal data only where we have a lawful basis to do so, including:

  • Explicit consent, particularly for medical and health-related data
  • Performance of a contract, such as providing consultations or treatments
  • Legal and regulatory obligations, including medical record retention requirements
  • Legitimate interests, where appropriate and balanced against your rights

5. Data Sharing

We do not sell personal or medical information.

Your data may be shared only:

  • With trusted service providers (such as website hosting or analytics services) where necessary
  • Where required by law or regulatory obligations

Medical information is never shared for marketing purposes.

6. Data Retention

As required by law, The Face Lab Ltd shall not retain any personal data for any longer than is necessary in light of the purpose for which that data is collected, held, and processed.

The following data retention periods apply at The Face Lab Ltd as an independent healthcare provider:

For adult patients (i.e. patients aged 18 years and over) attending The Face Lab Ltd, healthcare records will be retained for a minimum period of 8 years from the date of the last entry in the healthcare record.

This retention period is in accordance with the Records Management Code of Practice for Health and Social Care 2016 (Information Governance Alliance, July 2016), and any updated guidance that may supersede it.

7. Your Rights

Under UK data protection law, you have rights including:

  • The right to access your personal data
  • The right to request correction of inaccurate information
  • The right to request restriction or objection to processing, where applicable

Requests can be made by contacting us directly using the details below.

Please note that while we will always respect your rights, medical records must be retained for the required minimum period under UK medical and regulatory guidance and cannot be deleted before this period has elapsed.

8. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or how we operate. The most current version will always be available on our website.

9. Contact

If you have any questions about this Privacy Policy or how your information is handled, please contact:

dr.anneka@thefacelab.co.uk