Privacy Policy
At Skinhorizon Clinic, your privacy matters to us. We use your information only to provide safe care, manage appointments, and meet our legal and CQC obligations. We never sell your data. You have rights under UK data protection law, including to access, correct or request deletion of your information. Full details are set out below.
1) Who we are (Data Controller)
Skinhorizon Clinic (“we”, “us”) is the data controller for information we collect via this website, by phone/email and during consultations and treatment.
- Legal entity: Skinhorizon Ltd (Company No: 10328069), Registered in England & Wales
- Registered office: 4 Clarendon Terrace, Maida Vale, London W9 1BZ
- Contact for privacy matters: info@skinhorizon.co.uk · Tel: [insert clinic number]
- Data Protection Lead: [Name/role]
- CQC: Registered to provide regulated activities. Details available on request.
2) Data we collect
We collect only what is needed for safe clinical care, regulatory duties and running our service:
- Identity & contact: title, name, date of birth, address, email, phone, emergency contact.
- Patient/medical: history, medicines, allergies, test results, imaging, clinical notes, consent forms, photos/videos.
- Administrative: insurer details, referrals, GP details, appointment history, communications.
- Financial: payments, refunds, invoices, payment tokens (no full card numbers stored).
- Technical: IP address, device/browser data, cookie identifiers, analytics (see Cookies).
- Marketing preferences: your choices for updates from us.
3) Why we use your data & lawful bases
We process personal data only where a valid lawful basis applies and link each purpose to that basis.
| Purpose | Lawful basis (Art. 6 UK GDPR) | Notes |
|---|---|---|
| Register you; assess suitability; provide care & aftercare | Contract; Legitimate interests; Legal obligation | Special category basis applies (see Section 4). |
| Clinical governance & CQC compliance (audits, reporting) | Legal obligation; Legitimate interests | For safe care and regulatory compliance. |
| Scheduling, reminders and communications | Contract; Legitimate interests | Essential to deliver care safely. |
| Referrals to labs, imaging, pharmacies, hospitals, clinicians | Contract; Vital interests (rare emergencies) | Shared on a need-to-know basis. |
| Payments, refunds, tax/accounting | Contract; Legal obligation | Secure processors are used. |
| Service administration, IT security, website analytics | Legitimate interests; Consent (for non-essential cookies) | Data minimised and controlled. |
| Sending updates/marketing | Consent | Opt-out any time. |
4) Special category (health) data
We rely on UK GDPR Art. 9(2)(h) (health/medical care and management) and relevant provisions of the Data Protection Act 2018 to provide and manage healthcare safely and lawfully.
5) Where your data comes from
Mainly from you during enquiries, registration and consultations. We may also receive information from your GP/referrers, insurers, diagnostic providers, or reputable sources to confirm contact details.
7) International transfers
Where data leaves the UK, we use safeguards such as adequacy regulations (e.g., UK–US data bridge where applicable), the ICO-approved International Data Transfer Agreement/Standard Contractual Clauses, and technical/organisational measures.
8) How we protect your data
- Role-based access; confidentiality agreements; mandatory training.
- Encryption in transit; secure systems; timely patching/updates.
- Audit logs; data minimisation; retention controls.
- Incident response procedures and duty of candour where applicable.
9) How long we keep data
- Adult clinical records: minimum 8 years after last episode of care (longer if justified).
- Children/young people: until the 25th birthday (or 26th if treated at 17).
- Financial records: 6 years (tax/accounting).
- Marketing preferences: until you withdraw consent.
- Clinical photos/videos: part of the medical record.
10) Your data protection rights
Subject to legal exemptions, you can:
- Access your data; request a copy of records.
- Request correction of inaccuracies.
- Request deletion or restriction (where legally possible).
- Object to certain processing (e.g., direct marketing).
- Data portability (for information you provided, where processing is by consent/contract and automated).
- Withdraw consent at any time (where consent is the basis).
We respond within one month. Some requests cannot be fulfilled where records must be retained for patient safety, legal or regulatory reasons.
11) Marketing & cookies
We send electronic marketing only with your consent (or where permitted by law). You can opt out any time via the link in our emails or by contacting us. For cookies and analytics, see our Cookie Policy and manage preferences via the cookie banner.
12) Children & young people
Where we provide care to children/young people, we collect only what is necessary, follow professional guidance on consent and confidentiality, involve parents/guardians where appropriate, and act in the child’s best interests.
14) Changes to this notice
We may update this policy to reflect law or operational changes. The latest version appears here with the date below.
Last updated:
15) Contact us
- Email: admin@skinhorizon.co.uk
- Post: Skinhorizon Clinic, 4 Clarendon Terrace, Maida Vale, London W9 1BZ
- Phone: 020 3370 94444
