Privacy Policy for Cosmetic Beauty, London

Last Updated: 19 June 2026

At Cosmetic Beauty, London (operating via https://cosmeticbeautyuk.com), we are committed to protecting your privacy. This policy outlines how we collect, use, and safeguard your information when you visit our website, use our Members Portal, book appointments, or enquire about our recovery treatments (Manual Lymphatic Drainage, Fibrosis Support, and Facial Treatments).

1. Who We Are (The Data Controller)

The data controller responsible for your personal information is Cosmetic Beauty Limited, trading as Cosmetic Beauty, London.

If you have any questions about this policy or your data rights, please contact us at:

• Email: info@cosmeticbeautyuk.com
• Address: Room 1, Courtenay Chemist, 3 St John’s Wood High Street, London, NW8 7NG

2. The Data We Collect & Why We Collect It

We collect and process personal data under specific lawful bases outlined by the UK GDPR:

A. Health & Special Category Data

• What we collect: When you book online using our Bookly system or send a message regarding post-operative recovery (liposuction, BBL, tummy tuck, etc.), you may provide details about your surgeries, swelling, fibrosis, or healing timelines.
• Lawful Basis: Explicit Consent. Under UK GDPR, health information is classified as Special Category Data. We only process this text and data to provide safe, tailored clinical recovery treatments. You can withdraw your consent at any time.

B. Contact, Booking & Financial Data

• What we collect: Your name, email address, telephone number, and payment details submitted via our Bookly online scheduling form or via direct Bank Transfer. Card payments are processed securely off-site; we do not store your raw credit or debit card numbers. Your contact data is stored locally on our secure website database.
• Lawful Basis: Performance of a Contract to book, administer, process billing for, and confirm your treatment sessions.

C. Website Interactions, Comments, & Media

• Comments: When visitors leave comments on the site, we collect the data shown in the comments form, the visitor’s IP address, and browser user agent string to aid spam detection. An anonymised hash of your email may be provided to the Gravatar service to see if you use it (see their policy at automattic.com).
• Media: If you upload images to the website, avoid uploading images with embedded location data (EXIF GPS). Visitors can download and extract this data.

D. Cookies & Tracking Technologies

Our website uses tracking technologies to understand user behaviour and power our marketing:

• Statistics & Analytics: We use Google Analytics and HubSpot to collect anonymous information about site visits and link interactions.
• Marketing & Tracking: We use the Facebook Pixel to track user sessions and serve relevant advertising.
• Lawful Basis: Consent provided via our website cookie banner.

3. Who We Share Your Data With

We do not sell your personal data. We share your information only with trusted third-party systems necessary to run our clinic:

• Booking Administration: Your booking data remains within our self-hosted Bookly system on our secure server, though automated notification systems may process emails or SMS reminders for your bookings.
• Payment Processors: Digital transactions are safely routed through Stripe (for credit and debit card payments) or PayPal. Direct invoice payments are securely handled through our corporate banking provider via BACS/Bank Transfer.
• Analytics & Marketing Partners: HubSpot, Google Analytics, and Facebook to manage user communication and campaigns.
• Security & Administration: Visitor comments may be checked through an automated spam detection service. If you request a password reset, your IP address will be included in the reset email.

4. How Long We Retain Your Data

• Comments: Comments and their metadata are retained indefinitely to approve follow-up comments automatically.
• User Profiles: For users who register on our website, we store the personal information provided in their profile indefinitely. Users can see, edit, or delete their personal information at any time (usernames cannot be changed).
• Clinical Treatment & Financial Records: Health intake data, clinical case notes, and Bookly appointment histories are securely retained for a minimum of 7 years following your last treatment to comply with UK medical insurance guidelines and legal record-keeping requirements. Financial data is kept for up to 7 years to meet HMRC tax regulations.

5. Your Rights Under UK GDPR

You have significant control over your data. You may exercise any of the following rights by contacting us at our email address listed above:

• Right of Access: Request an exported file of the personal data we hold about you.
• Right to Erasure (Right to be Forgotten): Request that we erase your data. This excludes data we are legally obliged to retain for clinical insurance, HMRC tax, administrative, or security purposes.
• Right to Rectification: Request corrections to inaccurate or incomplete information.
• Right to Withdraw Consent: Stop us from processing your health data at any time, though this will mean we can no longer provide you with clinical recovery treatments.