GDPR

Management of Your Personal Data – UK GDPR Compliance

At Chiswick Clinic, we take data protection seriously. This section explains how we manage your personal data in compliance with the UK General Data Protection Regulation (UK GDPR). We are committed to safeguarding your privacy and only processing your personal data lawfully, fairly, and transparently.

Data Controller

The data controller for your personal data is:

Dermatic Ltd T/A Chiswick Clinic
Company Number: 08475464
GFF 46 Stamford Brook Road, London W6 0XL
📧 contact@chiswickclinic.com
📞 +44 757 211 0677

What Data We Collect

Depending on the service we provide, we may collect the following personal data:

• Basic details: Name, date of birth, address, email, phone number
• Health and medical information (e.g. treatment history, skin conditions, allergies)
• Photographs (e.g. before-and-after images for clinical reference)
• Payment and billing information
• Communication preferences
• Website usage and analytics data

Medical data is considered a special category under UK GDPR and is collected only with your explicit consent and where necessary for your care.

Why We Need Your Data

We collect and use your data for the following purposes:

• To provide you with safe, personalised medical and aesthetic care
• To comply with legal and medical obligations (e.g. medical recordkeeping, insurance)
• To communicate with you about your care, bookings, or results
• To improve patient services and clinic efficiency
• To send marketing updates (only with your consent)

We only collect the data that is necessary for each specific purpose.

Data Sharing and Storage

• All data is processed by authorised clinic staff within the UK.
• For digital systems (e.g. booking, emails, backups), your data may be stored on secure servers within the UK or European Economic Area (EEA).
• We do not sell or share your data with third parties for marketing.
• We may share your data with third parties only when:
  • It is essential for your care (e.g. referrals)
  • Required by law (e.g. legal requests, HMRC)
  • We are working with contracted service providers under strict confidentiality agreements

Retention Periods

We keep your data only as long as necessary:

• Medical records: Retained for at least 8 years, or longer in line with Department of Health guidance
• Basic contact data (for accounting purposes): Held for 6 years to comply with UK tax law
• Marketing data: Retained until you opt out or withdraw consent

Marketing Communications

If you have opted in, we may use your name and email address to send information about our services, offers, or newsletters. You can unsubscribe at any time via email, phone, or the unsubscribe link in our communications.

Your Rights

Under UK GDPR, you have rights regarding your personal data, including:

• Access – Request a copy of your data
• Rectification – Correct incorrect or incomplete data
• Erasure – Request deletion of data (where applicable)
• Restriction – Limit how we process your data
• Objection – Object to data processing in certain situations
• Withdraw Consent – Withdraw at any time (for marketing or special category data)

Medical records may not be deleted if required by law or necessary for medical history.

Complaints and Contact

If you are concerned about how we have handled your data:

• Contact our Data Protection Officer:
  Dr Bela Horvath
  📧 contact@chiswickclinic.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
🔗 ico.org.uk