DG MEDICAL AESTHETICS - PRIVACY POLICY

Subtle, nurse-led aesthetics in Birmingham. Discover a personal, clinical approach to looking refreshed—never overdone. CQC registered for your peace of mind.

image of the clinic reception area (for a veterinary clinic)
image of holistic health consultations (for an acupuncturist)
image of acupuncture session
image of facial treatment being performed
image of a team meeting (for a medical clinic)
image of relaxation area with soothing art, acupuncturist
image of luxury manicure and pedicure tools
Privacy Policy for DG Medical Aesthetics and Skin Ltd
Last Updated: 11 November 2025

1. Introduction
Welcome to DG Medical Aesthetics and Skin Ltd ("we", "us", "our"). We are committed to protecting and respecting your privacy.
This policy explains what personal data we collect from you, how we use it, who we share it with, and your rights regarding your data. This applies to data we collect through our website (httpsa://dgaesthetics.uk/), our booking system, during your consultation and treatment, and any other communications with us.
We are a CQC registered clinic and take our responsibilities under UK data protection law (including the UK General Data Protection Regulation (UK GDPR)) and our medical confidentiality obligations very seriously.

2. Who We Are (The Data Controller)
For the purpose of UK data protection law, the "Data Controller" (the company responsible for your data) is:

Company Name: DG Medical Aesthetics and Skin Ltd
Company Number: 13969446
Registered Address: 2 Oakmeadow Close, Yardley, Birmingham, B26 1EE
Data Protection Lead: For any questions about this policy or your data, please contact our Data Protection Lead at contact@dgaesthetics.uk.

3. The Data We Collect and How We Use It
We collect and process different types of data for specific purposes. We will only use your data when the law allows us to. The table below outlines our main processing activities.
4. Who We Share Your Data With (Our Data Processors)
We will never sell your personal data. However, we must share your data with trusted third-party companies to provide our services. These companies are "Data Processors" and are legally bound to protect your data.
We share data with:

Booking & Patient Management: Aesthetic Nurse Software (to manage your appointments and clinical records).
Website Host: Webflow (to host and maintain our website).
Analytics: Google Analytics (to understand website traffic).
Maps: Google Maps (to provide our location map).
Email & Comms: Fasthosts (our email host) and Gmail (our email client).
Payment Processors: Stripe, Klarna, PayPal, and Clearpay (to securely process your payments. We do not see or store your full card details).
Reviews Widget: Trustindex (to display service reviews).
Legal & Regulatory Bodies: We may be legally required to share your data with regulators (such as the CQC), our insurers, or law enforcement.

5. International Data Transfers
Some of our third-party processors are based outside the UK (e.g., in the USA). This means your data may be transferred internationally.
We only use processors that provide a level of data protection equivalent to UK law. We ensure this by using mechanisms like the UK-US Data Privacy Framework or Standard Contractual Clauses (SCCs), which legally require them to protect your data to UK standards.

6. How We Protect Your Data
We have implemented robust technical and organisational security measures to protect your data. This includes:
Technical Measures: Using SSL (encryption) on our website, secure cloud storage, password protection, and access controls on all systems.
Organisational Measures: Limiting access to your personal data to staff who need it, providing data protection training, and ensuring strict confidentiality agreements are in place.

7. How Long We Keep Your Data
We only keep your data for as long as is necessary.

Patient Medical Records: In line with our legal and professional obligations, we are required to retain your medical records (including photos and consent forms) for 10 years after your last treatment.
Marketing Data: We will keep your details for as long as you have consented. If you unsubscribe, we will delete your data from our marketing lists.
Enquiries: If you enquire but do not become a patient, we will delete your data after one year.

8. Your Data Protection Rights
Under UK GDPR, you have rights over your personal data. These include:

The right to access: You can request a copy of the data we hold about you.
The right to rectification: You can ask us to correct any data that is inaccurate.
The right to erasure (the "right to be forgotten"): You can ask us to delete your data. (Note: This right is not absolute and does not apply to patient medical records that we are legally required to keep for 10 years.)
The right to restrict processing: You can ask us to stop processing your data in certain circumstances.
The right to data portability: You can ask us to transfer your data to another service.
The right to object: You can object to us processing your data (e.g., for marketing).
To exercise any of these rights, please contact our Data Protection Lead at contact@dgaesthetics.uk.

9. Cookies
Our website uses cookies. A cookie is a small file placed on your device that helps us analyse web traffic and improve our site. For full details, please see our separate Cookie Policy

10. How to Complain
We hope to resolve any query or concern you raise. However, if you are not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO).

Website: https://www.ico.org.uk

11. Changes to This Privacy Policy
We may update this policy from time to time. Any changes will be posted on this page, and the "Last Updated" date will be revised.