Privacy policy
PRIVACY POLICY
Harper & Co. Aesthetics is committed to protecting your privacy and handling your personal information responsibly, securely and transparently.
This Privacy Policy explains how we collect, use, store and protect your personal information when you engage with our services, visit our website or communicate with us.
Harper & Co. Aesthetics complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and our professional obligations regarding patient confidentiality.
If you have any questions regarding this Privacy Policy, please contact:
Email: harperandcoclinic@gmail.com
1.WHO WE ARE
Harper & Co. Aesthetics provides medical aesthetic consultations and treatments.
As part of providing safe and effective treatment, we are required to collect and process certain personal and health-related information.
2.WHAT INFORMATION WE COLLECT
We may collect and store the following information:
Personal Information
• Full name
• Date of birth
• Postal address
• Telephone number
• Email address
Communication Information
• Facebook account details (where communication occurs via Facebook Messenger)
• Instagram account details (where communication occurs via Instagram)
• WhatsApp, iMessage or SMS communications relating to your treatment
Clinical Information
• Medical history
• Current medications
• Consultation records
• Treatment plans
• Consent forms
• Treatment records
• Pre-treatment photographs
• Post-treatment photographs
Payment Information
• Payment records
• Payment method tokens securely stored by Stripe for authorised future transactions
• Transaction history relating to treatments and services
Website Information
When you use our website we may collect:
• IP address
• Browser information
• Device information
• Website usage data
• Information submitted through website contact forms and booking forms
We also use third-party analytics tools such as Google Analytics to help us improve our website and services.
3.WHY WE COLLECT YOUR INFORMATION
We collect and process your information in order to:
• Assess your suitability for treatment.
• Provide safe and effective medical aesthetic treatments.
• Create and maintain accurate medical records.
• Communicate with you regarding appointments and treatment.
• Arrange prescriptions where required.
• Manage payments and bookings.
• Comply with legal, regulatory and insurance obligations.
• Improve our services and patient experience.
• Protect the health, safety and wellbeing of our patients.
Failure to provide relevant medical information may prevent us from safely providing treatment.
4.OUR LEGAL BASIS FOR PROCESSING YOUR DATA
Under UK GDPR, we process your information on the following lawful bases:
• Performance of a contract – where processing is necessary to provide the services you have requested.
• Legitimate interests – where processing is necessary to operate and improve our business while respecting your rights and freedoms.
• Legal obligations – where we are required to comply with legal or regulatory requirements.
• Provision of healthcare and health management – where processing of health data is necessary for the delivery of safe treatment and clinical care.
• Consent – where specific consent is required, including marketing communications and the use of images for promotional purposes.
5.MEDICAL RECORDS AND CLINICAL PHOTOGRAPHS
Maintaining accurate medical records is an essential part of providing safe treatment.
Clinical photographs may be taken before and after treatment for:
• Medical records
• Treatment planning
• Monitoring treatment outcomes
• Insurance purposes
Clinical photographs are securely stored within password-protected systems.
Photographs will never be used for marketing, advertising, training or social media purposes without your separate written consent.
6.HOW WE STORE AND PROTECT YOUR INFORMATION
We take data security seriously and implement appropriate technical and organisational measures to protect your information.
Patient records are stored using secure password-protected systems.
Clinical photographs are transferred from the device used to capture them into secure storage and removed from the device once safely stored.
Access to personal information is restricted to authorised individuals who require access in order to provide treatment or administer the service.
7.PAYMENT INFORMATION
Card payments are processed securely through Stripe.
Where permitted, Stripe may securely store tokenised payment details to facilitate future authorised transactions, including payments arising under our cancellation and no-show policy.
Harper & Co. Aesthetics does not store or have access to full payment card details.
By providing payment details and booking appointments, you acknowledge and consent to this processing in accordance with our Terms and
Conditions.
8.WHO WE MAY SHARE YOUR INFORMATION WITH
We only share information where necessary, appropriate and lawful.
Your information may be shared with:
• Pharmacies involved in prescribing and dispensing medication.
• Your GP, with your consent or where clinically necessary.
• Other healthcare professionals involved in your treatment.
• Specialist medical practitioners where expert advice is required.
• Our professional insurers where necessary to investigate or manage a claim.
• Regulatory authorities where required by law.
Where information is shared, only the minimum necessary information will be disclosed.
9.PRESCRIPTION MEDICATIONS
Certain treatments, including Botulinum Toxin treatments, require prescription-only medicines.
To obtain these medicines, we may be required to share your:
• Full name
• Date of birth
• Address
with authorised prescribing services and pharmacies.
If you object to this processing, we may be unable to provide treatment safely and may therefore decline treatment.
10.INSURANCE
Harper & Co. Aesthetics maintains professional indemnity insurance.
In the event of an insurance claim or complaint investigation, relevant personal information, treatment records, photographs and clinical notes may be shared with our insurers where necessary.
11.HOW LONG WE KEEP YOUR INFORMATION
Medical records are retained in accordance with professional, legal and insurance requirements.
Patient records are generally retained for a minimum of 10 years following the last treatment date and may be retained longer where required by law or where there is a legitimate business or legal reason to do so.
Records will be securely destroyed when retention is no longer necessary.
12.YOUR RIGHTS
Under UK GDPR, you have the right to:
• Request access to your personal information.
• Request correction of inaccurate information.
• Request restriction of processing in certain circumstances.
• Object to certain forms of processing.
• Withdraw consent where processing is based on consent.
• Request erasure of personal information where there is no lawful reason for us to continue processing it.
• Lodge a complaint with the Information Commissioner's Office (ICO).
Please note that some rights may be limited where we are required to retain medical records for legal, regulatory or clinical reasons.
13.MARKETING COMMUNICATIONS
We may occasionally send information regarding treatments, services, promotions or clinic updates.
You will only receive marketing communications where you have consented to receive them or where otherwise permitted by law.
You may withdraw your consent at any time by contacting us or using the unsubscribe option provided in marketing communications.
14.COOKIES
Our website uses cookies to improve your browsing experience and help us understand how visitors use our website.
Cookies may collect information including:
• Browser type
• Device information
• Website usage statistics
• User preferences
You may disable cookies through your browser settings, although doing so may affect the functionality of certain areas of the website.
15.THIRD-PARTY WEBSITES
Our website may contain links to third-party websites.
Harper & Co. Aesthetics is not responsible for the privacy practices of external websites and we encourage you to review their privacy policies before providing personal information.
16.YOUR RIGHT TO COMPLAIN
If you are unhappy with how we handle your personal information, please contact us in the first instance so that we can attempt to resolve your concerns.
You also have the right to complain to the Information Commissioner's Office (ICO):
Information Commissioner's Office (ICO)
17.CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in legislation, regulatory guidance or business practices.
The most recent version will always be available on our website.