Legal
Privacy Policy
This policy explains what personal information Radiance Aesthetics & Wellness collects, how it's used, how it's looked after, and the rights you have over your data under UK data protection law.
Who we are
Radiance Aesthetics & Wellness is a sole-practitioner clinic operated by April Waterman. April is the data controller responsible for personal information processed in connection with the clinic.
You can reach the clinic at aprilwaterman81@gmail.com or 07872 028436.
What information we collect
To provide treatments safely we collect:
- Contact details — name, telephone number, email address, postal address where relevant.
- Health and medical information — relevant medical history, current medications, allergies, previous treatments, pregnancy or breastfeeding status, and other information you share during consultation. This is "special category" data under UK GDPR.
- Treatment records — products used, dosages, batch numbers, areas treated, dates, aftercare instructions given, and your written consent for each treatment.
- Photographs — clinical before/after images, only where you have given separate written consent.
- Payment information — date and amount paid, method, and receipt details. Card numbers are not stored by the clinic; payments are handled by your card provider or banking app.
- Correspondence — messages exchanged by email, text, WhatsApp or social media in connection with bookings or aftercare.
Why we use it (lawful basis)
Personal data is processed under the following lawful bases set out in UK GDPR Article 6:
- Article 6(1)(b) — contract: to arrange consultations, deliver treatments and respond to enquiries you have made.
- Article 6(1)(c) — legal obligation: to keep accurate clinical records, meet tax and accounting obligations, and comply with regulatory requirements.
- Article 6(1)(f) — legitimate interests: to follow up on aftercare, defend the clinic against complaints or legal claims, and improve the service.
- Article 6(1)(a) — consent: for use of clinical photographs and for any optional marketing communications. You can withdraw consent at any time.
Health and medical information is special category data and is processed under Article 9(2)(h) — the provision of healthcare and treatment — and, where photography is involved, under Article 9(2)(a) with your explicit consent.
How long we keep it
Clinical treatment records are retained for at least eight years from the date of the last treatment, in line with industry guidance and the requirements of the clinic's professional indemnity insurer. This is to allow for safe ongoing care and to defend any complaint or claim that may be brought within the limitation period.
Records relating to children, where relevant, are kept until the patient's 25th birthday.
Marketing contact details are kept only until you ask to be removed. Financial records are kept for the period required by HMRC (currently six years plus the current tax year).
Who we share it with
Your information is not sold or shared for marketing. It may be shared, where necessary, with:
- The clinic's professional indemnity insurer, in the event of a complaint or claim.
- Regulatory and professional bodies the clinic is registered with (for example the JCCP or equivalent), where they have a lawful basis to request information.
- HMRC and other authorities where the clinic is legally required to disclose information.
- Your GP or another healthcare professional, only with your specific consent.
- Trusted service providers (for example email, secure messaging or accountancy) who process information on our behalf under written instructions.
How we keep it safe
Paper records are kept securely at the practitioner's premises. Electronic records are stored on access-controlled, password-protected devices, with reputable cloud services where used. Only April has routine access to your information.
Your rights
Under UK GDPR you have the right to:
- Be informed about how your data is used (this policy).
- Request a copy of the personal information held about you.
- Ask for inaccurate information to be corrected.
- Ask for information to be erased (subject to the clinic's legal obligation to retain treatment records).
- Ask for processing to be restricted or to object to processing based on legitimate interests.
- Withdraw consent for marketing or photography at any time.
- Receive your data in a portable format where it has been provided by you and processing is automated.
To exercise any of these rights, contact April directly using the details above. The clinic will respond within one calendar month.
Complaints
If you have a concern about how your information has been handled, please raise it with April first so it can be put right. If you are not satisfied with the response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Cookies and this website
This website does not use analytics, advertising or tracking pixels. Details of the cookies and storage used are set out in the Cookie Policy.
Changes to this policy
This policy may be updated from time to time. The date below indicates the most recent revision.