Privacy Policy

Dr Nidhi Aesthetics LTD
37 Windermere Road, Blackpool, FY4 2BX, United Kingdom

Email: enquiry@drnidhi.co.uk
Website: https://drnidhi.co.uk/

We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We may collect, use and store the following categories of personal data:

• Identity Data – name
• Contact Data – email address, telephone number
• Financial Data – payment details processed via third-party providers
• Transaction Data – booking and purchase history
• Technical Data – IP address, browser type, device data
• Usage Data – website interaction data
• Marketing Data – preferences in receiving marketing communications

Special Category Data (Health Data):

• Medical history relevant to treatments
• Skin conditions and consultation notes
• Treatment records and outcomes
• Before and after photographs (collected as personal data under UK GDPR and processed only with your explicit prior consent)

We collect data through:

• Website forms and enquiries
• Booking systems and consultation intake forms (including third-party booking platforms where applicable)
• Direct communication (email/phone)
• Cookies and tracking technologies (see Section 6)

We process your data under the following lawful bases:

• To provide services and manage bookings – Contract (Article 6(1)(b))
• To maintain medical records – Legal obligation (Article 6(1)(c))
• To send marketing communications – Consent (Article 6(1)(a))
• To process special category health data – Explicit consent (Article 9(2)(a))

We use Faces Consent to send marketing communications to individuals who have provided explicit consent.

You may withdraw consent at any time by:

• Clicking the unsubscribe link in any marketing email
• Contacting us directly at enquiry@drnidhi.co.uk

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

We use the following tracking technologies on our website:

• Google Analytics – to analyse website traffic and user behaviour
• Google Ads – to measure advertising performance
• Meta (Facebook) Pixel – to measure and optimise advertising campaigns

Tracking technologies are only activated after you have provided consent via our cookie consent banner, in accordance with the Privacy and Electronic Communications Regulations (PECR).

Cookies are categorised as either strictly necessary (required for the website to function) or optional (analytics and advertising). You may withdraw cookie consent at any time by adjusting your browser settings or using our cookie preference centre. For full details, please see our separate Cookie Policy available on our website.

We may share your personal data with the following third-party processors and controllers:

• Stripe and Ryft – payment processing
• Banking and financial institutions – for payment transfers
• Faces Consent – email marketing platform (acting as a data processor on our behalf)
• Google – analytics and advertising services
• Meta (Facebook) – advertising services

All third parties are required to comply with applicable data protection laws. Where third parties act as processors, we have in place Data Processing Agreements (DPAs) as required by UK GDPR Article 28.

Some of our third-party providers, including Google and Meta, may process your data outside the United Kingdom. Where data is transferred internationally, we ensure appropriate safeguards are in place, including:

• UK adequacy regulations (where the destination country has been deemed adequate)
• Standard Contractual Clauses (SCCs) approved for use under UK GDPR
• UK International Data Transfer Agreements (IDTAs) where applicable

You may request details of the specific safeguards in place for any transfer by contacting us at enquiry@drnidhi.co.uk.

We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with our Data Retention Policy:

• Medical and treatment records: 7–10 years (in line with NHS and professional guidelines)
• Enquiry and contact data: up to 12 months from last contact
• Marketing data: until consent is withdrawn
• Financial transaction records: 6 years (for tax and accounting purposes)

After the applicable retention period, data is securely deleted or anonymised.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or disclosure. These include secure encrypted systems, access controls, and staff awareness of data protection obligations.

You have the following rights in relation to your personal data:

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from individuals under 16. As part of our booking and consultation process, we verify the age of clients. If you believe we have inadvertently collected data from a child, please contact us immediately at enquiry@drnidhi.co.uk and we will take steps to delete it.

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority:

We would, however, appreciate the opportunity to address your concerns before you contact the ICO. Please contact us in the first instance at enquiry@drnidhi.co.uk.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most recent version will always be available on our website at https://drnidhi.co.uk/.

Where changes are material, we will notify you by email or by posting a prominent notice on our website.