top of page

GDPR Compliance

GDPR COMPLIANCE

Last updated: 10th March 2025

1. Introduction

At The Beauty Method by Bethany Clinic, available at www.beautymethodbybethany.com (“we,” “our,” or “the website”), we are committed to protecting the privacy and security of personal data, particularly in relation to our patients. This GDPR (General Data Protection Regulation) policy outlines how we collect, process, and store personal data in compliance with the GDPR and other relevant data protection laws.

We recognize the importance of patient confidentiality and ensure that all data collection and processing are carried out lawfully, fairly, and transparently. This policy aims to provide clear information on how we handle personal data, the purposes for which we use it, and the rights available to patients.

2. Types of Data Collected

We may collect and process the following categories of personal data from patients:

  • Basic contact information: Name, email address, phone number, postal address.

  • Medical history and health-related information: Information relating to the patient’s medical condition, treatment history, test results, and consultations.

  • Treatment and medication information: Details of prescribed medications, treatment plans, and procedures performed.

  • Payment details: Where applicable, payment and billing information may be collected for invoicing purposes.

  • Correspondence: Any communications via phone, email, or other means relating to medical care or appointments.

  • Other relevant information: Any other data provided by the patient that is necessary for their medical care or treatment, such as lifestyle information, allergies, or genetic data.

 

3. Purpose of Data Collection

We collect and process patients’ personal data to fulfill the following purposes:

  • Medical care and treatment: To provide high-quality healthcare services, including diagnosis, treatment, and follow-up care.

  • Patient management: To manage and coordinate appointments, consultations, and treatments, ensuring that patient records are accurate and up-to-date.

  • Health monitoring and record-keeping: To maintain comprehensive medical records in compliance with healthcare regulations.

  • Communication: To contact patients about their appointments, treatment progress, medical advice, or test results.

  • Legal compliance: To meet our obligations under health regulations and data protection laws, including record retention and reporting.

  • Research and analysis: In some cases, anonymised data may be used for clinical research, analysis, or statistical purposes to improve medical outcomes, subject to patient consent.

 

4. Legal Basis for Data Processing

The legal basis for processing patients’ personal data includes:

  • Provision of healthcare services: Processing is necessary for the performance of medical care and treatment, including preventive or occupational medicine.

  • Compliance with legal obligations: We are required to process data to comply with legal obligations, particularly in the medical and healthcare sectors.

  • Consent: For certain types of processing, such as marketing communications or participation in clinical trials, we will seek explicit consent from the patient.

  • Legitimate interest: In some cases, we may process personal data based on our legitimate interests, such as improving the quality of care or ensuring the security of patient data, provided that this does not override patients’ rights.

 

5. Data Security Measures

We employ robust technical and organisational measures to protect patients’ personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption: All sensitive data is encrypted both in transit and at rest to prevent unauthorized access.

  • Access controls: We implement strict access controls, ensuring that only authorized personnel have access to patient data.

  • Secure storage: Personal data is stored on secure servers protected by firewalls and intrusion detection systems.

  • Regular security assessments: We conduct regular security audits, vulnerability assessments, and monitoring to identify and mitigate risks.

  • Data minimization: We ensure that only the minimum necessary data is collected and processed, and it is used only for its intended purposes.

  • Employee training: All staff members undergo training on data protection and confidentiality obligations to ensure compliance with GDPR.

 

6. Data Retention

We retain patients’ personal data only for as long as it is necessary for the purposes for which it was collected, including meeting legal, regulatory, and operational requirements. Once the retention period has expired, or data is no longer required, we will securely delete or anonymize it in accordance with GDPR guidelines.

The specific retention periods may vary based on the type of data and applicable legal obligations (e.g., medical records must be retained for a certain number of years).

7. Data Subject Rights

Patients have the following rights regarding their personal data, in line with the GDPR:

  • Right to access: Patients have the right to request access to the personal data we hold about them and to receive a copy of this data.

  • Right to rectification: Patients can request corrections or updates to their personal data if it is inaccurate or incomplete.

  • Right to erasure: Under certain conditions, patients may request that their personal data be deleted, such as when it is no longer necessary for the purposes it was collected.

  • Right to restrict processing: Patients can request limitations on how we process their data in certain situations, for example, during a legal dispute.

  • Right to data portability: Patients can request that their data be provided in a machine-readable format or transferred to another healthcare provider.

  • Right to object: Patients can object to the processing of their data in specific circumstances, particularly if the processing is based on legitimate interest or direct marketing.

 

To exercise any of these rights, patients can contact us using the details provided in the “Contact Information” section below. We will respond to all requests in accordance with GDPR requirements.

8. Data Breach Notification

In the event of a data breach that may pose a risk to the rights and freedoms of individuals, we are committed to notifying the relevant supervisory authority and affected patients within the timelines specified by the GDPR. We have procedures in place to detect, report, and investigate personal data breaches swiftly.

9. Contact Information

If you have any questions, concerns, or requests related to your personal data or this GDPR policy, please do not hesitate to contact us using the contact details provided.

We are dedicated to ensuring that your personal data is handled with the highest level of care and transparency.

10. Changes to the Policy

This GDPR policy may be updated periodically to reflect changes in legal, regulatory, or operational requirements. The most recent version of the policy will always be available on our website, and significant changes will be communicated to patients via email or our website.

By continuing to use www.beautymethodbybethany.com and providing your personal data, you acknowledge and agree to the practices described in this GDPR policy.

Beauty Method by Bethany is based in multiple locations in Chelsea, London and also offers mobile services in London. Offering luxury high end treatments in aesthetics, cosmetics and advanced skincare. Each treatment is bespoke to every client.

bottom of page