Privacy Policy

Dream Face Aesthetics (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you interact with us, in accordance with the UK General Data Protection Regulation (UK GDPR).

 

Who We Are

Dream Face Aesthetics is a UK-based aesthetics clinic providing cosmetic and skincare treatments. For the purposes of data protection law, we are the “data controller” of the personal information we collect and use.

If you have any questions about this policy or your data, please contact us at:

📧 info@dreamface.uk

What Personal Data We Collect

We may collect and process the following information about you:

• Identity Data: name, date of birth, gender.

• Contact Data: address, email address, phone number.

• Health Data: medical history and treatment information (with your explicit consent).

• Transaction Data: details of services purchased, payment details.

• Technical Data: IP address, browser type, and usage data when you visit our website or social media.

• Marketing Data: your preferences for receiving marketing communications.

How We Collect Your Data

We collect data in the following ways:

• Directly from you when you book a service, fill out a form, contact us, or provide information during consultations.

• Automatically through cookies and analytics on our website.

• Through third-party platforms when you interact with our ads or booking systems.

Why We Use Your Data

We only use your personal data when legally permitted. Common purposes include:

• To provide you with our treatments and services.

• To ensure your safety and care by understanding your medical history.

• To process bookings and payments.

• To send updates or promotional offers (only if you’ve opted in).

• To comply with legal obligations (e.g. health and safety records).

Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

• Consent – for marketing and processing health data.

• Contract – to fulfil services you’ve requested.

• Legal obligation – for medical record-keeping and regulatory compliance.

• Legitimate interests – to improve services and customer experience.

Data Sharing

We do not sell or share your data for marketing purposes. We may share it with:

• Service providers (e.g. payment processors, booking systems).

• Medical professionals, if required and with your consent.

• Regulators or legal authorities, where required by law.

All third parties are required to respect your data and only process it in accordance with our instructions.

How Long We Keep Your Data

We retain your personal data for as long as necessary to fulfil the purpose for which it was collected, including for legal and accounting purposes. For medical data, we may retain records for up to 7 years after your last treatment, in line with UK guidance.

Your Rights

You have the right to:

• Access the data we hold about you.

• Request correction of incorrect or incomplete data.

• Request erasure (“the right to be forgotten”) under certain conditions.

• Object to or restrict certain types of processing.

• Withdraw consent at any time (this does not affect past processing).

• Lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise your rights, contact us at info@dreamface.uk.

Data Security

We implement appropriate security measures to protect your data from unauthorised access, alteration, or disclosure. These include secure storage systems, password protection, and staff confidentiality training.

Cookies and Website Use

We may use cookies to improve your browsing experience and analyse site traffic. You can manage cookie preferences through your browser settings. For more details, please refer to our cookie policy.

Policy Updates

We may update this policy from time to time. Any changes will be posted on this page, so please check back periodically.