Skip to main content

Privacy Policy

Effective date: 19 August 2025

 

Who We Are

The Site is owned and operated by Dr D.E. Houghton. Dr D.E. Houghton is the data controller and can be contacted at drdeborahclientmail@gmail.com

Purpose

The purpose of this privacy policy (the “Privacy Policy”) is to inform users of our Site of the following:

  1. The personal data we will collect;
  2. Use of collected data;
  3. Who has access to the data collected;
  4. The rights of Site users;
  5. The Site’s cookie policy

This Privacy Policy applies in addition to the terms and conditions of our Site.

GDPR

For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018. For the purposes of the GDPR and the UK GDPR, the data controller is Dr D.E. Houghton, trading as Dr Deborah Houghton, of 15 St Mary’s Hill, Stamford, PE9 2DP.

Consent

By using our Site users agree that they consent to the conditions set out in this Privacy Policy.

Legal Basis for Processing

We collect and process personal data about users in the EU only when we have a legal basis for doing so pursuant to Article 6 of the GDPR.

We rely on the following legal bases to collect and process the personal data of users in the EU pursuant to the GDPR and users in the UK pursuant to the Data Protection Act 2018:

  1. Consent for marketing communications;
  2. Performance of contract in order to provide treatment once engaged;
  3. Legal obligations including but not limited to medical record-keeping requirements;
  4. Legitimate interests including but not limited to running the practice and ensuring security on-premises;
  5. Explicit consent for processing the special category data in the course of normal business operations relevant to the Clinic, including but not limited to medical/health information.

Personal Data We Collect

We only collect data that helps us to achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

When you visit and use our Site, we may automatically collect and store the following information:

  1. Internet Provider Address;
  2. Browser type and version;
  3. Device type and operating system;
  4. Date, time and duration of visits;
  5. Referring website or search terms used;
  6. Click-stream data, meaning navigation through the site; and
  7. Cookie identifiers.

We may also collect the following data when you perform certain functions on our Site. This data may be collected using the following methods:

  1. Email;
  2. Phone.

We collect the following data:

  1. Name;
  2. Contact details including but not limited to Email, Phone and address;
  3. Medical information voluntarily submitted in the course of normal business operations relevant to the Clinic including but not limited to concerns, photographs and health history if requested in forms;
  4. Technical data including but not limited to Internet Provider Address and cookies.

Why We Collect This Data

We collect this data in the course of normal business operations relevant to the Clinic for the following reasons:

  1. To respond to enquiries and appointment requests;
  2. To provide medical consultations and treatment;
  3. To maintain records pursuant to governing law and associated regulatory bodies; and
  4. For Site analytics.

How We Use Personal Data

Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.

The data we collect automatically is used for the following purposes:

  1. To maintain regular operation of the Site;
  2. To maintain security of the Site and its users against fraud, malicious activity and unauthorised access or any other reason specified in our provision relating to a breach of terms and conditions on grounds of illegality or otherwise misuse of the Site;
  3. To improve performance and user experience via analytics including but not limited to pages visited, time spent and navigation paths;
  4. For any other analytics and/or statistical reporting;
  5. To manage cookies and similar technologies including but not limited to remembering user preferences and/or upholding cookies consent choices;
  6. To comply with legal and regulatory obligations where necessary to demonstrate compliance with any data protection legislation including but not limited to the GDPR and UK GDPR.

We stress that the Site does not collect health-related special category data automatically; the user must provide this special category data via contact form or other correspondence. The Clinic will not be held liable for any failure to correctly address any correspondence to the Clinic that leads to an unauthorised data breach.

The data we collect when the user performs certain functions on our Site may be used for the following purposes:

  1. Assessing medical records pursuant to the Clinic’s remit as a licensed medical aesthetician;
  2. Any contact information including but not limited to Email or Phone required to contact the contracting party in the normal course of negotiating a contract as a sole trader;
  3. Any special considerations the client deems relevant of which to inform the Clinic.

Who We Share Personal Data With

Under the Clinic’s present remit as a sole trader the Clinic does not at present, but may in future hire employees. We may disclose user data to any future employee of the Clinic who reasonably requires access to user data to achieve the purposes set out in the Privacy Policy.

We may disclose user data to any independent contractors who reasonably require access to user data to achieve the purposes set out in this Privacy Policy throughout the duration of the contract with the Clinic. We require that independent contractors destroy any personal data after the contract is complete.

We will not sell or share your data with third parties, except in the following cases:

  1. Under the independent contractors’ provision;
  2. Where necessary, with third parties including but not limited to payment providers, IT hosting and regulatory authorities;
  3. If the law requires it;
  4. If it is required for any legal proceeding;
  5. To prove or protect our legal rights; and
  6. To buyers or potential buyers or to any successor company, organisation or partnership of the Clinic in such an event.

If you follow hyperlinks from our Site to a third party website, please note that we are not responsible for and have no control over their privacy policies and practices.

How Long We Store Personal Data

User data will be stored until the purpose for which the data has been collected has been achieved. The data retention policy is 11 years to date for medical records and 2 years to date for enquiries.

You will be notified if your data is kept for longer than this period.

How We Protect Your Personal Data

We protect your data under the legislation pertaining to your jurisdiction with full open transparency of your rights to:

  1. Be informed about how your data is being used;
  2. Access your personal data;
  3. Have incorrect data updated and/or rectified;
  4. Have data erased;
  5. Stop or restrict the processing of your data;
  6. Move or transfer your data should you desire to reuse it for different services; and
  7. Object to how your data is processed.

You may at any time withdraw your consent for the Clinic to process your data which may within reason affect the outcome of any contracted service the Clinic is in the process of completing or in the process of scheduling.

You have the right to request advice and/or lodge a complaint with the Information Commissioner’s Office (the “ICO”).

We guarantee that your data is not being used for the following purposes except within the remit of the normal business operations relevant to the Clinic:

  1. Any automated decision-making process with or without human involvement; and
  2. Profiling including but not limited to predicting your behaviour or interests.

We protect personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. This includes special category data relating to health, which we process only with your explicit consent or where necessary for the provision of medical care and treatment.

Children

We do not knowingly collect or use personal data from children under 18 (eighteen) years of age pursuant to the Age Restriction provision of the terms and conditions. If we learn that we have collected personal data from a child under the age of 18 years, the personal data will be destroyed as soon as reasonably possible. If a child under 18 years of age has provided us with personal data, their parent or legal guardian may contact our data controller.

International Transfers

In the event of the transfer of data to a jurisdiction outside the UK, we can reasonably ensure protection via appropriate data protection adequacy regulations or in their stead, we can reasonably ensure protection under appropriate safeguards in the UK GDPR.

Cookies

A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

The purpose of cookies is to ensure the correct functioning of the Site and to collect relevant data pursuant to this Privacy Policy and the data protection legislation pursuant to the jurisdiction of the users of the Site.

Modifications

The Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the “Effective Date” at the top of our Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by Email of changes to this Privacy Policy.

Contact

In the event of privacy concerns, the data controller may be contacted by Email at drdeborahclientmail@gmail.com

Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales. All amounts, indications and references to money are given in GBP.