Privacy Policy | The Sculpt Clinic®
Effective Date: 20/11/2025
- Introduction
Welcome to The Sculpt Clinic®. We are committed to protecting your privacy and handling your personal data, including any sensitive health information, with an utmost level of care and confidentiality. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website thesculptclinics.co.uk or use our services.
Please read this policy carefully. By accessing our website or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.
- Data Controller
The data controller responsible for your personal data is:
The Sculpt Clinic®
11 Richmond Road, Solihull, Birmingham, UK, B92 7RN
Thesculptclinic.pm.me
07454992948
If you have any questions about this policy or how we use your data, please contact us using the details above.
- Information We Collect
We may collect and process the following types of personal data:
- Personal Identifiers: Your name, date of birth, email address, and telephone number.
- Health and Medical Information (Special Category Data): This is crucial for our services and includes your medical history, current health status, treatment goals, photographs for medical assessment, and any other information you provide during consultations. We process this data under GDPR Article 9(2)(h) for the provision of healthcare.
- Technical Data: When you visit our website, we automatically collect information such as your IP address, browser type, operating system, referring URLs, and pages you viewed. We may use necessary cookies for the website’s functionality. For non-essential cookies (e.g., analytics), we will request your consent via our cookie banner.
- Communication Data: Any correspondence you have with us, whether via email, contact forms, or phone calls.
- How We Use Your Information (Lawful Bases for Processing)
We use your information for the following purposes and under the following lawful bases:
Purpose of Processing | Lawful Basis under GDPR |
To provide you with medical consultations, treatments, and care. | Necessary for the provision of healthcare (Article 9(2)(h)). |
To manage your patient account and appointments. | Necessary for the performance of a contract. |
To communicate with you about your appointments, treatment, and follow-up care. | Legitimate interests (to provide effective and safe patient care). |
For internal administrative purposes, billing, and processing payments. | Necessary for the performance of a contract and for compliance with a legal obligation (e.g., financial records). |
To send you marketing communications (only if you have explicitly consented). | Consent. You can withdraw this consent at any time. |
To improve our website and services (using anonymized data where possible). | Legitimate interests (to grow our business). |
- How We Share Your Information
We treat your personal data with strict confidentiality. We will only share it with third parties in the following circumstances:
- With Your Explicit Consent: For example, if you request a referral to another specialist.
- Service Providers: We engage trusted third parties who act as “data processors” on our behalf, such as our IT support, cloud storage providers, and payment processors. These parties are bound by strict contracts (Data Processing Agreements) to keep your information confidential and secure.
- Legal Obligations: We may disclose your information if required to do so by law, such as to comply with a court order or a request from a regulatory body.
- Data Security
We implement robust technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.
- Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or medical reporting requirements. In line with medical best practices and legal requirements, we typically retain patient medical records for a minimum of 10 years after your last treatment, or longer if legally mandated.
- Your Data Protection Rights
Under GDPR, you have the following rights:
- The Right to Access: You can request a copy of the personal data we hold about you.
- The Right to Rectification: You can request that we correct any inaccurate or incomplete data.
- The Right to Erasure (Right to be Forgotten): You can ask us to delete your personal data, subject to certain legal exceptions (e.g., where we are required to hold data for legal or medical reasons).
- The Right to Restrict Processing: You can request that we temporarily or permanently stop processing all or some of your personal data.
- The Right to Data Portability: You can request a machine-readable copy of your data to transfer to another service provider.
- The Right to Object: You can object to certain types of processing, such as direct marketing.
To exercise any of these rights, please contact us at thesculptclinic.pm.me
We will respond to your request within one month.
- Changes to This Privacy Policy
We may update this policy from time to time. The updated version will be indicated by an updated “Effective Date” at the top of this page. We encourage you to review this policy periodically.
- How to Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
The Sculpt Clinic®
11 Richmond Road, Solihull, Birmingham, UK, B92 7RN
Thesculptclinic.pm.me
07454992948
If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country of residence.
