Privacy Policy

Last updated: June 2026

1. Data Controller

Dr. Ranjbar Aesthetics (trading as DR Aesthetics) is the data controller responsible for your personal data. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We may collect and process the following personal data:

Name, email address, phone number, and postal address
Medical history and health information relevant to treatment
Treatment records, clinical notes, and before/after photographs
Payment and billing information
Communication records (emails, messages, consent forms)
Account authentication data

3. How We Use Your Data

We use your personal data for the following purposes:

Providing aesthetic treatments and clinical care
Managing appointments, bookings, and follow-ups
Processing payments and maintaining financial records
Communicating with you about your treatments and care
Complying with legal and regulatory obligations

4. Legal Basis for Processing

We process your data under the following legal bases:

Explicit consent: for processing medical and health data, before/after photographs, and marketing communications
Contract: to fulfil appointment bookings, treatment packages, and payment processing
Legitimate interest: for service communications, improving our services, and maintaining security
Legal obligation: to comply with healthcare regulations and financial reporting requirements

5. Data Retention

We retain your data for the following periods:

Medical records: 7 years from the date of last treatment, in line with UK medical records guidance
Payment records: 6 years, as required by HMRC
Marketing consent: until you withdraw your consent
Account data: for as long as your account remains active, plus a reasonable period afterwards

6. Third-Party Services

We share your data with the following third-party service providers who assist in delivering our services:

Stripe: for secure payment processing
Clerk: for account authentication and login management
Hosting provider: for website and data hosting services

These providers process data only on our behalf and are bound by contractual obligations to protect your information.

7. International Transfers

Some of our third-party service providers may process your data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO), to protect your data to a standard equivalent to UK data protection law.

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of access: request a copy of your personal data
Right to rectification: request correction of inaccurate data
Right to erasure: request deletion of your data (subject to legal retention requirements)
Right to data portability: receive your data in a structured, machine-readable format
Right to object: object to processing based on legitimate interest
Right to restrict processing: request limitation of how we use your data
Right to withdraw consent: withdraw consent at any time where processing is based on consent

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Our website uses essential cookies only. These are necessary for the website to function correctly and include authentication cookies (to keep you logged in) and preference cookies (to remember your settings). We do not use advertising or tracking cookies.

10. Contact Us

To exercise any of your rights or if you have questions about this privacy policy, please contact us through the contact form on our website.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated to patients directly. We encourage you to review this page periodically.