Privacy and Cookie Policy
The Aesthetic Treatment Rooms
Effective Date: April 2026
We are committed to protecting your privacy and handling your personal data with care. This Privacy and Cookie Policy explains what information we collect, why we collect it, and how we use it. It applies to all visitors and clients of our website (www.theaesthetictreatmentrooms.co.uk).
This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
1. Who We Are
The Aesthetic Treatment Rooms is the data controller for the personal data collected through this website and in the course of providing our services.
Business Name: The Aesthetic Treatment Rooms
Address: Unit S8, Number 33, 33 Bellingham Drive, North Tyne Industrial Estate, Benton, North Tyneside, NE12 9SZ
Email: glowup@theaesthetictreatmentrooms.co.uk
Telephone: 0191 466 1427
Data Protection Contact: Dr Helen Whyte
If you have any questions about this policy or how we handle your data, please contact us using the details above.
2. What Data We Collect
We collect and process the following types of personal data:
Identity and Contact Data includes your name, email address, telephone number, and postal address. We collect this when you book an appointment, contact us, or sign up to our newsletter.
Health and Medical Data includes information about your medical history, current medications, allergies, and treatment records. This is special category data under UK GDPR and is treated with the highest level of care and confidentiality.
Transaction Data includes details of services you have purchased and payments made.
Technical and Usage Data includes your IP address, browser type, device information, and the pages you visit on our website. This is collected automatically via cookies when you browse our site.
Marketing Preferences includes your preferences for receiving marketing communications from us.
3. Why We Use Your Data and Our Lawful Basis
We only use your data when the law allows us to. The following list explains the purposes for which we use your data and the lawful basis we rely on for each:
•Booking and managing your appointments: We process this data on the basis of contractual necessity.
•Providing aesthetic treatments and maintaining clinical records: We process this data on the basis of contractual necessity and explicit consent (for health data).
•Processing payments and financing: We process this data on the basis of contractual necessity.
•Sending appointment reminders, consent forms, and post-treatment instructions: We process this data on the basis of contractual necessity.
•Sending newsletters and promotional emails: We process this data on the basis of your consent.
•Improving our website and understanding how visitors use it: We process this data on the basis of our legitimate interests.
•Complying with legal and regulatory obligations: We process this data on the basis of legal obligation.
Where we rely on consent, you have the right to withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdrew your consent.
4. Third Parties Who Process Your Data
We work with a small number of trusted third-party services to run our business. Each of these acts as a data processor on our behalf and is required to handle your data securely and in accordance with UK data protection law.
Aesthetic Nurse Software (ANS) is our comprehensive clinical records and patient management system. We use ANS to facilitate online bookings through their portal, send and store medical history and consent forms, and distribute post-treatment instructions. We also use ANS to send marketing emails to clients who have opted in. Your consultation notes, treatment records, and medical history are stored securely within this platform.
Payment and Finance Processors: To facilitate secure online payments and offer financing options, we use several integrated services. These processors handle your payment details securely in accordance with their own strict privacy policies:
•Stripe: For processing secure online card payments.
•GoCardless: For processing direct debit payments.
•Klarna: For providing flexible payment and financing options.
•Clearpay: For providing "buy now, pay later" instalment options.
Xero is our accounting software. Transaction data is securely processed through Xero to manage our business accounts and comply with HMRC requirements.
Treatwell is an additional online appointment booking platform we use. When you book an appointment through Treatwell, your name, contact details, and booking information are processed by Treatwell in accordance with their own privacy policy.
Mailchimp (operated by Intuit Inc.) is a platform we may use to send our newsletter and marketing emails. If you have opted in to receive marketing communications from us, your name and email address are stored and processed by Mailchimp. You can unsubscribe at any time by clicking the unsubscribe link in any of our emails.
Squarespace is the platform that hosts our website. Squarespace may process technical and usage data as part of providing website hosting services.
Google Analytics is used to understand how visitors use our website. It collects anonymised data about pages visited and time spent on the site. This is only activated with your cookie consent.
Facebook (Meta) provides tools that allow us to run targeted advertising. The Facebook Pixel on our website is only activated with your cookie consent.
Microsoft Clarity is a website analytics tool that helps us understand user behaviour on our site. It is only activated with your cookie consent.
We do not sell your personal data to any third party.
5. International Data Transfers
Some of our third-party processors, including Mailchimp and our payment processors, may transfer your data outside the UK or the European Economic Area (EEA). Where this happens, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved for use in the UK, to protect your data to the same standard as required by UK law.
6. How Long We Keep Your Data
We keep your personal data only for as long as necessary for the purpose it was collected, or as required by law.
•Clinical and treatment records: We retain these for a minimum of 10 years from the date of last treatment, in line with aesthetic industry guidelines.
•Booking and transaction records: We retain these for 7 years, in line with HMRC requirements.
•Marketing preferences and email lists: We retain this data until you unsubscribe or withdraw consent.
•Website analytics data: This is retained as set by the relevant third-party platform (typically 26 months for Google Analytics).
7. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
Right to be informed. You have the right to know how your data is being used. This policy fulfils that obligation.
Right of access. You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month and there is no charge for this.
Right to rectification. If any data we hold about you is inaccurate or incomplete, you can ask us to correct it.
Right to erasure. In certain circumstances, you can ask us to delete your personal data. Please note that we may be required to retain some data, such as clinical records, to comply with legal obligations.
Right to restrict processing. You can ask us to pause the processing of your data in certain circumstances, for example while a complaint is being resolved.
Right to data portability. Where we process your data by automated means and on the basis of consent or contract, you can ask us to provide your data in a structured, commonly used, machine-readable format.
Right to object. You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop immediately.
Right to withdraw consent. Where we rely on your consent to process your data, you can withdraw it at any time by contacting us or by unsubscribing from our emails.
To exercise any of these rights, please contact us at glowup@theaesthetictreatmentrooms.co.uk. We will respond within one month of receiving your request.
8. Cookie Policy
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They help the website remember your preferences and understand how you use the site.
The Cookies We Use
We use the following categories of cookies on our website:
Strictly Necessary Cookies are essential for the website to work properly. They enable core functions such as security and page navigation. These cookies do not require your consent and cannot be switched off.
Performance and Analytics Cookies help us understand how visitors interact with our website by collecting information about pages visited and time spent on the site. We use Google Analytics and Microsoft Clarity for this purpose. These cookies are only placed on your device with your consent.
Marketing and Advertising Cookies are used to show you relevant advertising on other websites after you have visited ours. We use the Facebook (Meta) Pixel for this purpose. These cookies are only placed on your device with your consent.
Managing Your Cookie Preferences
When you first visit our website, a cookie banner will appear giving you the option to accept all cookies, reject non-essential cookies, or manage your preferences. You can update your preferences at any time by clicking the Cookie Preferences link in the footer of our website.
9. How to Make a Complaint
If you are unhappy with how we have handled your personal data, please contact us first at glowup@theaesthetictreatmentrooms.co.uk so we can try to resolve the matter.
You also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK's independent data protection authority.
ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113
10. Changes to This Policy
We review and update this policy periodically. Any changes will be posted on this page with an updated effective date. We encourage you to check this page from time to time.