logo

Privacy Policy

Aesthetidocs Limited ("Aesthetidocs") is committed to protecting your personal information and respecting applicable data protection laws around the world. This privacy policy explains how we do this, and it applies to your use of our websites, products, and services.

How we use your personal information

We use personal information in order to promote and provide the Aesthetidocs software service, to ensure the security of our websites, and to run our business. We have set out below more information on the categories of personal information that we collect, the specific ways in which that personal information is processed by us, the legal bases which permit us to do this, and the types of partners with whom we share your personal information.

What information does Aesthetidocs collect?

  • Your name, username, and password
  • Your address, email address, and phone number
  • Your payment details
  • Your marketing preferences, including any consents you have given us
  • Information related to the browser or device you use to access our websites
  • Records of your use of Aesthetidocs services
  • Any personal medical information you submit to us when completing any of our forms, documentation or otherwise provided by you as part of booking and managing your appointment with your chosen clinic

How does Aesthetidocs use your information?

We use your information as follows:

  • To fulfil a contract with you or take steps at your request before this:
    • When you use our platform to create and manage a booking with a clinic
    • Providing information and technical support if you ask for this
    • Contacting you with information about changes to services
    • Handling credit card information provided through our websites using PCI-compliant payment services
    • Storing and analysing your information in order to review and progress your job application if you apply to work with us
  • As required by Aesthetidocs to conduct our business and pursue our legitimate interests, in particular:
    • Giving you access to our products or services
    • Providing you with different content within a product or service, depending on how you use that product or service
    • Letting you know about Aesthetidocs products and services by post, email, and phone in accordance with your marketing preferences and laws relating to direct marketing
    • Analysing how you use Aesthetidocs products and services so we can improve our levels of service and develop future products and services, including through the use of surveys
    • Ensuring the security of Aesthetidocs websites and information technology systems and protecting our rights.
  • Where you give us consent:
    • Where we need your consent to process your medical and other sensitive personal information
    • If we need your consent in order to send marketing for Aesthetidocs products and services to you
  • For purposes which are required by law:
    • Sharing your personal information in order to comply with legal obligations to which Aesthetidocs is subject.

How will Aesthetidocs share your information?

We share your personal details:

  • Within Aesthetidocs in order to carry out the processing described above
  • With such clinics or treatment providers with whom you are seeking to make and manage a booking or appointment
  • With third party service providers who process your information on Aesthetidocs’s behalf for the purposes above – such as payment processors, or IT service providers

We will also share your personal information:

  • If we think this is necessary to in order to protect the rights, property, or safety of Aesthetidocs, our employees, our commercial partners, or our customers. This includes sharing information for the purposes of fraud protection and credit risk reduction
  • With government authorities and/or law enforcement officials if required by law.

Giving and withdrawing your consent, and updating your personal information

Where your consent is required for us to process your personal information, we will ask for your consent at the point at which you provide your data. You have the right to withdraw that consent at any time. You can also update your personal information at any time. If you wish to do either, contact us at support@aesthetidocs.com .

Storing your personal information

Your personal information may be stored and processed outside of the country where it is collected, including outside of the United Kingdom or the European Economic Area. When transferring information to others, within the UK, the EEA or otherwise, we ensure that appropriate and suitable safeguards and technical measures are in place to protect your personal data. To do this, we make use of standard contractual clauses that have been approved by the UK authorities and the European Commission with our suppliers, or we implement other similar measures required by laws around the world.

We will only keep records of your personal information for as long as is reasonably necessary for the purposes for which we have collected it, and in order to comply with any statutory or regulatory obligations in relation to retention of records. We respect requests to stop processing your personal data for marketing purposes. This includes keeping a record of your request indefinitely so that we can respect your request in future.

Your rights

You have the right to request access to and rectification or erasure of personal information, the right to restrict processing of your personal information, and the right to object to processing of your personal information. You have the right to object to your personal information being processed on the grounds of Aesthetidocs’s legitimate interests. You have the right to object to us sending you direct marketing and profiling you for the purposes of direct marketing. You have the right to lodge a complaint regarding our processing of your personal information with a data protection supervisory authority in a country where you live, work, or where you believe a breach may have occurred.

Contacting us

The data controller for our websites, products and services is Aesthetidocs Ltd of Lockview House, 49 Lockview Road, Belfast, Northern Ireland, BT9 5FJ.

You can contact us by email at support@aesthetidocs.com .

If you wish to contact our Data Protection Officer, please email dataprotection@aesthetidocs.com .



THRYVE Clinic – Privacy Policy


Last updated: December 2025


THRYVE Clinic (“we”, “us”, “our”) is committed to protecting your privacy and processing your personal information in a lawful, fair and transparent way.


 This Privacy Policy explains:


what personal data we collect,


why we collect it,


how we use it,


how we keep it safe,


who we share it with, and


your rights under UK GDPR and the Data Protection Act 2018.




This Privacy Policy applies to:


patients and clients of THRYVE Clinic,


users of our website and digital services,


individuals who contact us,


individuals signed up to newsletters or marketing communications.




1. Who We Are (Data Controller)


THRYVE Clinic


 Address: 66 Eastgate street, Cowbridge CF71 7AB


 Email: hello@thryveclinic.co.uk


 Telephone: 07540883054


THRYVE Clinic is the Data Controller for all personal and special-category data processed in relation to our clinical services.


2. What Personal Data We Collect


We collect and process personal data necessary for the safe, lawful and effective provision of healthcare.


A. Identity & Contact Data


Full name


Date of birth


Address


Email and telephone number


Emergency contact (if provided)


B. Medical & Special-Category Data


(Protected under UK GDPR Article 9)


Medical history and current health information


Allergies, medications, past treatments


Clinical consultation notes


Diagnostic tests and pathology results


Treatment plans and progress notes


Clinical photographs (with consent)


Prescribing records and pharmacy documentation


Lifestyle and wellbeing information where relevant to treatment


C. Financial & Transaction Data


Payment details (processed securely by third-party payment providers)


Transaction history


Billing information and invoices


D. Technical & Website Data


IP address


Browser type, device type, site usage analytics


Cookies (see Cookie Policy)


E. Communication & Marketing Data


Appointment reminders


Communication preferences


Marketing opt-in status


Responses to feedback, surveys or enquiries


We only collect data relevant to your care and clinic operations.


 We do not collect data about children unless explicitly provided by a parent/guardian for a clinical service.


3. Lawful Bases for Processing


Under UK GDPR, we rely on the following lawful bases:


A. Healthcare Provision (Article 6(1)(e), 9(2)(h))


Processing is necessary for medical diagnosis, the provision of health or social care, treatment, and ensuring high standards of quality and safety in healthcare.


B. Contract (Article 6(1)(b))


Processing required to deliver services you request or purchase.


C. Consent (Article 6(1)(a), 9(2)(a))


Used when:


You opt-in to marketing communications


You consent to photographs for marketing


You consent to optional treatments requiring explicit permission


Consent can be withdrawn at any time.


D. Legal Obligations (Article 6(1)(c))


Including compliance with:


Healthcare regulations


Prescribing and pharmacy legislation


Tax and financial record-keeping requirements


Incident reporting obligations


E. Legitimate Interests (Article 6(1)(f))


Used for non-clinical purposes where not overridden by your rights, such as service improvement, fraud prevention, or analysing website performance.


We do not use automated decision-making or profiling for clinical decisions.


4. How We Use Your Information


We use your information to:


Provide safe, evidence-based clinical care


Assess suitability for treatment and provide medical guidance


Maintain secure medical records


Communicate about appointments, results, follow-ups


Process payments and manage billing


Comply with healthcare regulators and legal obligations


Conduct clinical audits (anonymised unless otherwise agreed)


Improve clinic services and operational standards


Send marketing updates (only if you have opted in)


We never sell your personal data.


5. Sharing Your Data


We only share information where strictly necessary and lawful, such as with:


Accredited pathology laboratories


Pharmacy providers for prescription fulfilment


IT and clinical systems providers (secure, contract-bound partners)


Payment processors (e.g., Stripe, Zettle)


External healthcare professionals (with your consent)


Insurers or indemnity providers (if applicable)


Regulators (HIW, GPhC, GMC/NMC, ICO) where required by law


Legal advisors in the event of formal claims or disputes


All third parties are bound by confidentiality and data-processing agreements.


We do not transfer data outside the UK unless appropriate safeguards are in place.


6. Retention Periods


We retain personal data only for as long as necessary:


Medical records: Minimum 7–10 years, or longer for complex cases


Clinical photographs: Retained with the medical record


Financial records: 6 years (statutory requirement)


Marketing data: Until you opt out or request deletion


Enquiry data: Typically 12 months


When data is no longer required, it is securely deleted or anonymised.


7. Your Rights Under UK GDPR


You have the right to:


Access your personal data (Subject Access Request)


Request correction of inaccurate information


Request erasure (where legally permissible)


Restrict processing in specific circumstances


Object to processing based on legitimate interests or marketing


Data portability where applicable


Withdraw consent at any time


Complain to the ICO if you believe your rights have been infringed


Requests can be made by contacting us at:


hello@thryveclinic.co.uk


We will respond within one month, in accordance with UK GDPR.


8. Data Security


We take data security extremely seriously and use robust measures including:


Encrypted clinical and patient-management systems


Secure UK-based servers or GDPR-compliant cloud providers


Access controls limiting staff visibility to “need-to-know”


Mandatory confidentiality agreements


Regular staff training on data protection and professional conduct


Secure email and document transfer protocols


Regular audits and monitoring of systems


If a data breach occurs, we will notify the ICO and affected individuals where legally required.


9. Confidentiality and Professional Standards


As a healthcare provider, we uphold:


Common-law duty of confidentiality


Professional regulatory codes (GPhC, GMC/NMC, SaveFace governance)


Ethical standards of clinical record-keeping and data handling


Your medical information is treated with the strictest confidentiality.


10. Marketing Communications


We will only send marketing content if:


You have explicitly opted in


You can unsubscribe at any time


We clearly separate marketing consent from clinical communication


Opting out does not affect your access to clinical care.


11. Cookies & Website Technologies


Our website uses necessary and analytics cookies to enhance performance.


 You can manage cookie preferences via your browser settings.


 See our Cookie Policy for details.


12. International Transfers


If data is transferred outside the UK (e.g., via cloud providers), we ensure:


ICO-approved safeguards


Adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent protections




13. Changes to This Privacy Policy


We may update this policy periodically.


 The most recent version will always be available on our website.


 Significant changes will be communicated where appropriate.


14. Contact Us


If you have questions or wish to exercise your rights:


THRYVE Clinic


 Email: hello@thryveclinic.co.uk


 Address: 66 Eastgate street, Cowbridge, CF71 7JD


 Phone: 07540883054