Privacy Policy

TrueOrigins Skin Clinic (“we”, “our”, “us”) is committed to protecting your privacy and ensuring your personal information is handled securely, transparently, and in accordance with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, book an appointment, or receive treatment from us.

By accessing this website or using our services, you agree to the practices described in this policy. 1.0 Who We Are TrueOrigins Skin Clinic Hull & Beverley, UK Email: info@trueoriginsclinic.co.uk

Registered in England & Wales Company number if you want to include it

We act as the data controller for the personal information you provide.

2.0 What Information We Collect We collect information that allows us to provide safe, high-quality treatment and to manage your relationship with the clinic.

2.1 Personal Information Name Date of birth Contact details (email, phone number, postcode) Payment information Emergency contact (if required)

2.2 Medical & Health Information Collected during consultation and treatment: Relevant medical history Medications Skin conditions Allergies Contraindications Lifestyle information affecting treatment Photos for medical record purposes

This information is classified as special category data and is handled with the highest level of protection.

2.3 Website & Technical Data IP address Browser type Device information Pages visited Cookies and usage data

2.4 Booking & Payment Data If applicable: Appointment history Deposits paid Transaction details No-show or cancellation history

2.5 Marketing Preferences Newsletter opt-ins Preferences for receiving updates, offers, or treatment-related information

3.0 How We Use Your Information We only use your personal information when we have a legal basis to do so.

We use your information to: 3.1 Provide safe clinical services Assess suitability for treatment Comply with medical and insurance requirements Maintain accurate treatment records Provide aftercare and follow-up support Legal basis: Legitimate interest + legal obligation + explicit consent for special category data.

3.2 Manage bookings & communication Confirm appointments Notify you of changes Send reminders Respond to enquiries Legal basis: Contract performance.

3.3 Process payments Including deposits, refunds, and invoices. Legal basis: Contract performance.

3.4 Improve the website & user experience Through analytics and usage data. Legal basis: Legitimate interest.

3.5 Marketing (only with your consent) Email newsletters Promotions or clinic updates Treatment information You may withdraw consent at any time.

4.0 How We Store & Protect Your Information We take your privacy seriously and follow strict security measures: Encrypted storage for all consultation and medical records Password-protected systems Restricted staff access Secure payment processing (we do not store card details) Regular data protection reviews Secure backups Your data will never be sold, rented, or shared with third parties for their own marketing.

5.0 Sharing Your Information We only share your data when necessary for clinic operations or when required by law.

We may share information with:

5.1 Booking platform provider - Solo 5.2 Payment processors - Stripe

5.3 Insurance & Regulatory Bodies If a medical, legal, or insurance requirement arises.

5.4 IT Service Providers For secure data hosting or website functionality.

5.5 Healthcare Professionals Only with your explicit consent (e.g., GP referral). We will never share your medical data without explicit permission unless legally required.

6.0 Cookies Our website may use cookies to: Improve browsing experience Analyse website performance Personalise content Track website traffic You can manage or disable cookies through your browser settings. A separate Cookie Policy can be created if you want one.

7.0 How Long We Keep Your Data We only retain data for as long as necessary: Medical records: 7 years from the date of your last appointment (insurance requirement) Booking information: Up to 3 years Marketing data: Until you unsubscribe Financial information: 6 years (HMRC requirement) Once data is no longer needed, it is securely deleted.

8.0 Your Rights Under UK GDPR You have the right to: Access your personal data Correct inaccurate information Request deletion (where legally possible) Withdraw consent at any time Restrict processing in certain circumstances Object to processing Request data transfer to another provider (data portability) To exercise any of these rights, email us at: info@trueoriginsclinic.co.uk

9.0 Children’s Privacy We do not treat clients under the age of 18. We do not knowingly collect data from minors.

10.0 Links to Other Websites Our website may contain links to external websites. We are not responsible for their content, policies, or practices.

11.0 Changes to This Policy We may update this Privacy Policy occasionally. New versions will be posted on this page with a revised “Last updated” date.

12.0 Contact Us If you have questions about this Privacy Policy or how we handle your data, you can contact us at: TrueOrigins Skin Clinic Email: info@trueoriginsclinic.co.uk Hull & Beverley, UK