Register for my Obagi online shop. Use discount code OBAGI20 for 20% off. Register Now

Privacy Policy

How we collect, use, and protect your personal data

Last updated: 27 March 2026

1. Introduction

Dr Clare Aesthetics ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website www.drclareaesthetics.co.uk, use our services, or communicate with us.

We are a doctor-led aesthetic clinic based at Vera Avenue, Grange Park, London N21 1RN. For the purposes of applicable data protection legislation, we are the data controller.

2. Information We Collect

We may collect and process the following categories of personal data:

Information you provide to us

  • Contact details – name, email address, telephone number, and postal address when you enquire or book an appointment.
  • Medical information – health and medical history provided during consultations or via consent forms to enable safe treatment.
  • Payment information – card details processed securely through our payment provider (Stripe). We do not store your full card details on our servers.
  • Correspondence – any messages you send us via the contact form, email, or social media.
  • Before-and-after photographs – images taken with your explicit consent for clinical records and, where separately consented, for our gallery.

Information collected automatically

  • Technical data – IP address, browser type and version, operating system, and device information.
  • Usage data – pages visited, time spent on pages, and referral sources.
  • Cookies – see our Cookie Policy for full details.

3. How We Use Your Information

We use your personal data for the following purposes:

  • To provide and manage your aesthetic treatments and consultations.
  • To respond to your enquiries and communicate with you.
  • To process payments and manage bookings.
  • To maintain accurate medical records as required by law.
  • To send appointment reminders and aftercare information.
  • To improve our website, services, and patient experience.
  • To comply with legal and regulatory obligations.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent – where you have given clear consent for us to process your personal data for a specific purpose (e.g. marketing communications, before-and-after photographs).
  • Contract – where processing is necessary to fulfil our contract with you or to take steps at your request before entering into a contract.
  • Legal obligation – where processing is necessary to comply with legal or regulatory requirements, including medical record-keeping.
  • Legitimate interests – where processing is necessary for our legitimate interests (e.g. improving our services) and your rights do not override those interests.

5. Sharing Your Information

We do not sell your personal data. We may share your information with:

  • Payment processors – Stripe, for secure payment processing.
  • Booking platforms – AestheDocs, for appointment management.
  • IT and hosting providers – who help us operate our website and systems.
  • Professional advisors – accountants, lawyers, or insurers where necessary.
  • Regulatory bodies – where required by law or professional obligations.

All third parties are required to process your data securely and in accordance with applicable data protection law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Medical records – retained for a minimum of 10 years after your last treatment, in line with NHS and professional guidance.
  • Contact enquiries – retained for up to 2 years.
  • Payment records – retained for 7 years for tax and accounting purposes.
  • Website analytics data – retained in accordance with our cookie settings.

7. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (SSL/TLS), secure payment processing via Stripe, and restricted access to personal data.

8. Your Rights

Under UK data protection law (UK GDPR), you have the following rights:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data where there is no compelling reason for continued processing (subject to legal retention requirements).
  • Right to restrict processing – to request that we limit how we use your data.
  • Right to data portability – to request transfer of your data in a structured, commonly used format.
  • Right to object – to object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details below.

9. Cookies

Our website uses cookies to improve your experience. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

10. Third-Party Links

Our website may contain links to third-party websites (e.g. Google Maps, Instagram, Stripe). We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):