Privacy

Privacy notice and data protection

Credo Aesthetics provides aesthetics treatments and related services. We are the data controller for the personal information we collect and use about you

We may collect the following types of data: Contact details (name, address, phone number, email), Date of birth, Medical history relevant to treatments (e.g., allergies, medications, past treatments), Appointment and treatment records, Payment information (processed securely via Ryft Pay Ltd), Marketing preferences (if you choose to receive updates), Treatment photographs (with your consent)

We only use your information when we have a legal basis to do so: To provide the treatment or service you have booked, to keep records required by insurance or regulators, where you agree for us to send you marketing updates or process health data needed for your treatment, or for managing our business operations, such as booking systems and advertising

Because we collect health-related information, which is classed as special category data, we require your explicit consent before using it for treatments

We use your data to: Book and manage appointments, Provide safe and effective treatments, Keep medical/treatment records for legal and insurance purposes, Send reminders, updates, or aftercare advice, (With your consent) send you marketing about our services, demonstrate the quality of the treatments offered (with your consent)

We only keep your personal data for as long as necessary: Client treatment records: 7 years (in line with insurance/legal requirements), Marketing contact details and treatment photographs: until you withdraw consent, Payment records: 6 years (for tax/legal obligations). After this period, your data will be securely deleted or destroyed

We will never sell your data. We may share it with: Our booking and payment providers, Our professional insurers, if required, Regulators, if legally required, Publish treatment images (with your consent). All third parties are required to keep your information safe

We take appropriate measures to protect your data, including: Secure electronic systems with restricted access, Password protection and encryption where possible, Paper records (if used) stored in locked cabinets.

You have the right to: Access the personal information we hold about you, Request corrections if it is inaccurate, Request deletion of your data (subject to legal requirements), Withdraw consent for marketing or treatments and treatment photographs at any time, Restrict or object to certain processing.

To exercise your rights, contact us at: credoaesthetics1@gmail.com

If you are unhappy with how we handle your data, please contact us first, you also have the right to complain to the Information Commissioner’s Office (ICO):

https://ico.org.uk/make-a-complaint/

We may update this Privacy Policy from time to time. The latest version will always be available on our website