Privacy Policy
Effective Date: 04 June 2026
Welcome to Aesthetics Loft Limited. We are committed to protecting your privacy and handling your personal information with transparency, care and confidentiality. This Privacy Policy explains how we collect, use, store and protect your personal information when you visit our website, contact us, book consultations or receive treatments. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable UK privacy laws.
Who We Are
Aesthetics Loft Limited is the Data Controller responsible for your personal information.
Contact Details
Address: 36 Bridge Street, Morpeth, Northumberland, NE61 1NL
Telephone: 01665497669
Email: judith@aestheticsloftuk.com
Information We Collect :
Personal Information
We may collect: - Name - Postal address - Email address - Telephone number - Date of birth - Emergency contact details
Health and Medical Information
As part of providing aesthetic treatments safely, we may collect: - Medical history - Current medications - Allergies - Treatment suitability assessments - Consultation notes - Treatment records - Clinical photographs (with your consent)
Health information is classified as Special Category Data under UK GDPR and receives additional legal protection.
Website Information When you visit our website, we may automatically collect: - IP address - Browser type and version - Device information - Website usage information - Cookie data
How We Use Your Information
We use your personal information to: - Respond to enquiries - Arrange consultations and appointments - Assess treatment suitability - Provide safe and effective treatments - Maintain clinical records - Communicate regarding appointments and aftercare - Process payments and refunds - Comply with legal and regulatory obligations - Improve our services and website - Send marketing communications where consent has been provided
Lawful Basis for Processing Under UK GDPR
We process your information using one or more of the following lawful bases: Personal Data - Consent - Performance of a contract - Legal obligation - Legitimate interests Special Category Health Data. We process health information because: - It is necessary for the provision of healthcare and treatment. - It is necessary for medical assessment and patient safety. - We have obtained your explicit consent where required.
Confidentiality
We recognise that patients expect complete discretion regarding aesthetic treatments. All information disclosed during consultations, assessments and treatments is treated as strictly confidential. We will: - Restrict access to patient records to authorised personnel only. - Store information securely using appropriate technical and organisational safeguards. - Train staff in confidentiality and data protection requirements. - Never disclose your personal or medical information to third parties without lawful justification. - Protect all consultation records, treatment notes and photographs from unauthorised access. Clinical photographs will only be used for treatment records, monitoring progress, or other purposes for which you have specifically consented.
Patient information will never be used for marketing, testimonials, case studies, social media content or before-and-after images without obtaining your explicit consent in advance.
Sharing Your Information
We will only share your information when necessary and lawful. This may include: - Medical professionals involved in your care - Regulatory authorities where legally required - Professional indemnity insurers - Legal advisers - Payment processors - Software providers used to manage appointments and clinical records All third parties are required to maintain appropriate security measures and confidentiality obligations.
Data Retention
We retain records only for as long as necessary to fulfil legal, regulatory, insurance and professional obligations. Retention periods may vary depending on the nature of the treatment provided and applicable legal requirements. When information is no longer required, it will be securely deleted or destroyed.
Third-party service providers
To help us manage appointments, consultations, treatment records, consent forms, communications and other aspects of our clinic operations, we use trusted third-party service providers.
This includes the use of Pabau, a clinic management and patient record system. Information stored within Pabau may include personal details, appointment history, consultation records, treatment notes, consent forms, photographs and other information relevant to your care.
Pabau acts as a Data Processor on our behalf and processes information in accordance with applicable data protection laws. We take reasonable steps to ensure that any third-party providers handling personal data maintain appropriate security measures and comply with UK GDPR requirements.
Further information about how Pabau processes personal information can be found in Pabau's Privacy Policy.Data Security We take the security of your information seriously and implement appropriate measures including: - Password-protected systems - Secure clinical record storage - Restricted access controls - Staff training - Secure website technologies where applicable While no internet transmission is completely secure, we take reasonable steps to protect your information from loss, misuse or unauthorised access. ## Cookies Our website uses cookies and similar technologies to improve functionality and understand website usage. Cookies may include: Essential Cookies Necessary for the operation of the website, Analytics Cookies Used to help us understand how visitors use our website and improve performance. Marketing Cookies Used only where applicable and with your consent. When you first visit our website, you will be given the opportunity to accept or reject non-essential cookies through our cookie consent banner. You can also manage cookie preferences through your browser settings.
Marketing Communications.
We will only send marketing emails, newsletters or promotional information where: - You have consented to receive them; or - We are otherwise permitted to do so under applicable laws. You may withdraw your consent at any time by contacting us or using the unsubscribe option in marketing emails.
Your Rights Under UK GDPR.
You have the right to: - Request access to your personal information. - Request correction of inaccurate information. - Request erasure of information where applicable. - Request restriction of processing. - Object to processing. - Request data portability. - Withdraw consent at any time where processing relies on consent. - Lodge a complaint with the Information Commissioner's Office (ICO).
Making a Complaint.
If you have concerns about how we handle your personal information, please contact us first so that we can attempt to resolve the issue. You also have the right to complain to: Information Commissioner's Office (ICO) Telephone: 0303 123 1113 , website ico.org.uk
Third-Party Websites.
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of external websites and encourage you to review their privacy policies.
Changes to This Policy.
We may update this Privacy Policy from time to time. Any changes will be posted on this page and become effective immediately upon publication.
Contact Us If you have any questions regarding this Privacy Policy or how your information is handled, please contact: Aesthetics Loft Limite, 36 Bridge Street, Morpeth, Northumberland, NE61 1NL Telephone: 01665497669 Email: judith@aestheticloftuk.com