1.0.0 Who We Are:
1.0.1: The Ethicus Clinic Ltd
Company Registration: 16415195
Registered Address: Suite 41, Basepoint Business Centre, Rivermead Drive, Westlea, Swindon, United Kingdom. SN5 7EX
Telephone / WhatsApp: 0333 772 3841
1.0.2: The Ethicus Clinic Ltd (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

2. Privacy Policy: 
2.0.1: The Ethicus Clinic Ltd is registered with the UK Information Commissioner’s Office (ICO). Website: www.ico.org.uk. Phone: 0303 123 1113. The Ethicus Clinic Ltd is committed to protecting your personal data and complying with all applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2.0.2: All personal and medical information is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. Your information is confidential and will only be shared with third parties where legally required or with your consent.
 
2.0.3: Medical records are retained for a minimum of 10 years after the conclusion of treatment or death, or longer where legally mandated.
 
2.0.4: In line with current UK legislation, you have the right to request a copy of your medical records at any time following a request in writing.
 
2.0.5: What Information We Collect: We collect and process the following types of personal and health-related information to provide safe, high-quality care:

1. Full name

2. Date of birth

3. Contact details (phone numbers, email address, postal address)

4. Relevant physical and mental health information including full current and historical conditions, medications, and allergies

5. General Practitioner details, including the practice address

6. Lifestyle and occupation-related information, where clinically relevant

7. Information from forms completed on our website, this may include various consent forms for treatment

8. Website usage data and transactional information

9. Clinical photographs or images you consent to share

10. Any other information you voluntarily provide when requested by us to ensure high standards of care and for ongoing treatment as required

 
2.0.6: How We Collect Your Data and Why: We primarily collect your personal information directly from you, either via online forms, during consultations, or through correspondence.
We process your data based on one or more of the following lawful bases under UK GDPR:

1. Legitimate Interests / Contractual Necessity

2. To provide you with a personalised, safe and effective treatment plan

3. To manage bookings, consultations, and treatment records

4. To confirm appointments and send reminders

5. To communicate changes to services that may affect your care

 
2.0.7: The Ethicus Ltd will request your verbal, written consent and/or ‘tick box’ consent:
 

1. To send marketing communications (via email, SMS, phone or post) (you can opt out at any time).

2. To collect and use clinical photographs (5 mandatory photo graphs prior and post all aesthetic treatments)

3. To gather feedback via surveys to improve services

4. To send marketing communications (via email, SMS, phone or post)

5. To use clinical photographs (only with your explicit consent)

6. To gather feedback to help improve our services

 
 2.0.8: Implied consent is most relevant in emergency situations whereby obtaining explicit consent is not feasible or would delay potentially life-saving treatment. In an emergency and if it is not possible to find out a patient’s wishes, treatment can be provided without patient consent, provided the treatment is immediately necessary to save their life or to prevent a serious deterioration of their condition and in their best interests. One example of this would be starting Cardiopulmonary resuscitation (CPR) in cardiac arrest (when the heart suddenly and unexpectedly stops beating).   

2.0.9: Legal Obligation: To comply with regulatory or legal obligations (e.g. safeguarding, audit, health regulations). To cooperate with investigations or complaints raised through official channels.

2.0.10: Vital Interests / Public Interest: To protect your health or the health of others in emergency situations or public health interest.

2.0.11: Marketing and Communications: With your explicit consent, we may contact you via email, SMS, telephone, or post regarding relevant services, offers or updates. You may withdraw this consent at any time by contacting us in person, via email, telephone or letter and/or by clicking the "unsubscribe" link in any marketing email and/or updating your preferences in your Pabau (our online booking/database).

2.0.12: We may contact you with information about services, offers, or health updates but only if you have given us your consent. You can withdraw this consent at any time.

2.0.13: How We Collect and Use Your Data: We obtain most personal data directly from you, via online forms, during appointments, or through direct communication. We process your data for the following reasons, under lawful bases defined in the UK GDPR: Legitimate Interests / Contractual Necessity:

1. To assess your health needs and provide appropriate treatments

2. To manage your appointments and keep accurate clinical records

3. To send booking confirmations and appointment reminders

4. To follow up on treatment plans and outcomes

5. To communicate important updates about your care or our service

 
 2.0.14: How We Store and Protect Your Data: Your personal data is stored securely using “Pabau”. Pabau is a clinical management system designed for healthcare providers and is aligned with GDPR and ISO 27001 standards.

2.0.15: Security features of Pabau include:

1. End-to-end encryption: All data in transit is protected by 256-bit SSL encryption

2. Encrypted storage: Your data is encrypted at rest using AES-256

3. Secure access controls: Role-based permissions and two-factor authentication help protect against unauthorised access

4. UK & EU-based data hosting: Data is stored in secure, GDPR-compliant data centres

5. Daily backups & disaster recovery protocols: To ensure service continuity and data integrity

6. Regular penetration testing & vulnerability scanning

7. The Ethicus Clinic Ltd operates a paperless system to further reduce privacy risks

8. Your medical and personal data are stored securely and processed in accordance with the UK GDPR and Data Protection Act 2018

9. Your information will never be shared with third parties without your explicit consent, except where legally required
    

2.0.16: Data retention: We retain your personal data for ten (10) years from the date of your last appointment unless we are required by law to retain it for longer (e.g., insurance, audit, or clinical obligations). After this period, your data will be securely deleted or anonymised.

2.0.17: Your Rights Under UK Data Protection Law; You have the following rights under the UK GDPR:

1. Right of Access – Request a copy of your personal information

2. Right to Rectification – Request corrections to inaccurate or incomplete data

3. Right to Erasure – Ask us to delete your data in certain circumstances

4. Right to Restrict Processing – Request limits on how we use your data

5. Right to Object – Object to data processing in specific situations

6. ​Right to Data Portability – Request that your data be transferred to another provider

7. You can exercise your rights by contacting us via email or post (as per 1.0). We will respond within one month. No fee is charged for such requests.
    

2.0.18: Website Use: Website content is for informational purposes only and does not constitute medical advice. We may use cookies and analytics to enhance user experience. For more information, see our Cookie Policy. We are not responsible for third-party content or links.
 
3.0.0:  Website Use.
3.0.1: Our website content is provided for informational purposes only and does not constitute medical advice.
3.0.2: We may use cookies and analytics tools to enhance user experience. For more details, please refer to our Cookie Policy.
3.0.3: We are not responsible for the content or privacy practices of external websites or third-party links featured on our site.
 
4.0.0: Changes to This Privacy Policy.
4.0.1: We may update this policy from time to time to reflect changes in the law or services. The latest version will always be available on our website.

5.0.0:  Contact Us:
If you have any questions about this Cookie Policy, please contact us:
The Ethicus Clinic Ltd
Telephone / WhatsApp: 0333 772 3841
Email: theethicusclinicltd@outlook.com 
Website: www.theethicusclinic.co.uk
Address: The Ethicus Clinic, Suite 41, Basepoint Business Centre,
Rivermead Drive, Westlea, Swindon, Wiltshire, SN5 7EX.