1. Introduction
Perfect Look Aesthetics is committed to protecting your privacy and handling personal data with transparency. This Privacy Policy explains how we collect, use, share, and store your information, and your rights under UK GDPR, including the Data Protection Act 2018 

2. Data Controller
Perfect Look Aesthetics, 2 Station Parade, Ickenham Road, Ruislip, London.
You can contact our data protection representative at: info@perfectlookaesthetics.com

3. Information We Collect
We may collect the following personal data:

  • Contact and identity: name, email, phone, address.

  • Health & medical: medical history, treatment records, photographs, consent details 

  • Usage & technical: IP address, browser type, usage of our website.

  • Marketing preferences: whether you opt in for newsletters or promotions.

4. Legal Basis for Processing
We process your personal data based on the following lawful bases:

  • Performance of a contract—to provide your requested treatments.

  • Legal obligation—for record keeping and clinical compliance.

  • Legitimate interests—for improving services, ensuring patient safety, or marketing (when opted in).

  • Explicit consent—for sensitive processing like medical photos or marketing communications 

5. How We Use Your Information
We use your data to:

  • Deliver treatments and manage your care.

  • Communicate with you regarding bookings, updates, or follow-up.

  • Send marketing (only with your consent, and you can opt-out anytime) 

  • Improve and personalise our services.

  • Maintain website functionality and analytics.

6. Sharing Your Data
We may share your data with:

  • Healthcare professionals (e.g., your GP), if clinically necessary 

  • Service providers such as IT, booking systems, email platforms—under strict confidentiality 

  • Regulators or authorities if required by law.

7. International Transfers
If your data is transferred outside the UK/EEA, we ensure legal protections (e.g., standard contractual clauses) are in place

8. Data Retention
We will retain your personal and medical records for up to 10 years in line with industry guidelines (or longer if required) After this period, data will be securely destroyed.

9. Data Security
Your data is stored securely with access restricted to authorised staff only. We use appropriate technical and organisational measures to protect your information 

10. Your Rights
You have the right to:

  • Access your data.

  • Request correction or deletion.

  • Restrict or object to processing.

  • Request data portability.

  • Withdraw consent at any time (without affecting essential services).
    We will respond promptly and within statutory timeframes. You also have the right to lodge a complaint with the ICO 

11. Cookies & Tracking
Our website may use cookies and similar technologies to enhance user experience and analytics. You may opt-out or adjust your preferences at any time. (Refer to our Cookie Policy for more details.)

12. Policy Updates
We may update this policy occasionally; changes will be reflected here with the “Last Updated” date.

13. Contact Us
For questions about this policy or your data, please write to:
Perfect Look Aesthetics
[Your London Address]
Email: [Insert email]

14. CCTV Surveillance

  • Purpose & Legal Basis
    We use CCTV within clinic premises strictly for the safety of clients and staff, protection of property, and incident documentation. This processing is carried out under legitimate interests, balanced against individuals’ privacy rights 

  • Registration & Assessment
    As a data controller using CCTV, we are registered with the Information Commissioner’s Office (ICO) and have completed a Data Protection Impact Assessment (DPIA) to identify and mitigate privacy risks 

  • Transparency & Signage
    Clear, visible signage informs clients and visitors that CCTV is in operation, the purpose for surveillance, and whom to contact for more information 

  • Data Minimisation & Retention
    Footage is limited to necessary areas (avoiding private spaces like treatment rooms), securely stored, and retained only for a defined period (e.g., 30 days) unless needed for investigation 

  • Access & Rights
    Individuals may request access to footage of themselves via a Subject Access Request, which we will honor—providing copies while redacting other people's identities when necessary 

15. Before & After Photography

  • Consent & Purpose
    We take before-and-after images solely to document treatment outcomes and improve service quality. Images are taken only with explicit, informed consent, and clients may withdraw consent at any time.

  • Explicit Consent for Sensitive Data
    Because these images constitute special category personal data (health-related imagery), processing is conducted only with explicit consent consistent with UK GDPR standards.

  • Usage & Storage
    We will use and store these images only for the purposes specified at the time of consent (e.g., internal records, optional marketing). Storage is secure, access is limited to authorized personnel, and images are retained only as long as necessary or until consent is withdrawn.

  • Withdrawal of Consent
    Clients may ask us to delete or cease using their images at any time, and we will promptly comply.