Privacy Policy | Refine Aesthetics & Skin Clinic

1. Who We Are

Data Controller: Refine Aesthetics & Skin Clinic

Trading address: 56 Grange Road, West Kirby, Wirral, CH48 4EG

Email: info@refineaestheticswirral.com

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We collect personal data only when you actively provide it to us:

Contact form submissions: your name, email address, phone number (optional), treatment interest, and the contents of your message.
Direct communications: information you share when contacting us by phone, email, WhatsApp, or social media.
Booking and treatment records: information required to provide treatments safely, including relevant medical and health details. This is held separately under clinical record-keeping obligations.

We do not collect payment card data through this website. Payments are handled in person or through third-party secure payment terminals.

3. Why We Collect It (Legal Basis)

We process your data on the following legal grounds under UK GDPR Article 6:

Legitimate interests (Art. 6(1)(f)): to respond to your enquiries and provide information about our treatments.
Contract performance (Art. 6(1)(b)): to deliver the treatment services you book with us.
Legal obligation (Art. 6(1)(c)): to comply with regulatory requirements relating to clinical records.

We will never sell, rent, or trade your personal data to third parties for marketing purposes.

4. How We Use Your Data

To respond to your enquiry or booking request.
To provide and follow up on treatments.
To send appointment reminders or aftercare information (if you have requested this).
To comply with applicable legal and regulatory requirements.

5. Third-Party Services

We use the following third-party services that may process your data:

Formspree (formspree.io) — processes contact form submissions on our behalf. Formspree is a US-based company. Data transfer is covered by Standard Contractual Clauses. See Formspree Privacy Policy.
Google Maps (maps.google.com) — an embedded map on our contact page. Google may set cookies when you interact with the map. See Google Privacy Policy.
GitHub Pages (github.com) — our website is hosted on GitHub Pages (Microsoft). GitHub may collect standard server log data including IP addresses. See GitHub Privacy Statement.
Wix Media (wixstatic.com) — some images are served from Wix infrastructure. No personal data is shared with Wix through this website.

6. Cookies

This website uses a minimal number of cookies and browser storage technologies:

ra_cookie_consent (localStorage) — stores your cookie preference (accepted or essential-only). This is a functional cookie required to remember your consent choice. It is not a tracking cookie.
Google Maps cookies — set by the embedded Google Maps iframe on our contact page when you interact with it. These are third-party cookies controlled by Google. You can manage them by declining cookies in our banner, which prevents the iframe from loading.

We use Google Analytics 4 (GA4) to analyse website traffic. GA4 cookies are only set after you have accepted cookies via our consent banner. If you decline, GA4 is not activated and no tracking cookies are placed. We do not use Facebook Pixel or any advertising cookies.

Google Analytics is provided by Google LLC (US). Data transfers are covered by Standard Contractual Clauses. See Google Privacy Policy.

You can withdraw your cookie consent at any time by clearing your browser's localStorage data for this site.

7. How Long We Keep Your Data

Contact form enquiries: retained for up to 24 months, then securely deleted.
Treatment records: retained for a minimum of 8 years in accordance with NHS and aesthetics industry guidance, or longer if required by law.
Communications: retained for as long as reasonably necessary to manage our business relationship.

8. Your Rights

Under UK GDPR, you have the following rights:

Right of access — to request a copy of the personal data we hold about you.
Right to rectification — to ask us to correct inaccurate data.
Right to erasure — to ask us to delete your data, subject to legal retention requirements.
Right to restrict processing — to ask us to limit how we use your data in certain circumstances.
Right to object — to object to processing based on legitimate interests.
Right to data portability — to receive your data in a structured, commonly used format.

To exercise any of these rights, contact us at info@refineaestheticswirral.com. We will respond within one month.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. Our website is served over HTTPS. Contact form data is transmitted securely via Formspree.

10. Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the UK's data protection supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns before you contact the ICO, so please contact us in the first instance.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available at this URL. Material changes will be communicated via a notice on the website.