Privacy Policy

Bella Diana Aesthetic Clinic

Last updated: 18 January 2026

Bella Diana Aesthetic Clinic (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, book appointments, or receive treatments at our clinic.

1. Information We Collect

We may collect and process the following personal data:

a) Personal details

• First name and last name
• Email address
• Phone number

b) Booking & account information

• Appointment details
• Treatment selections
• Account login information (encrypted passwords)

c) Medical & consultation information (where applicable)

• Information provided during consultations
• Skin concerns, allergies, and treatment history

(This information is treated as special category data and handled with strict confidentiality.)

d) Technical data

• IP address
• Browser type and device information
• Cookies and website usage data

2. How We Use Your Information

We use your personal data to:

• Manage bookings and appointments
• Communicate with you regarding your treatments
• Provide safe and appropriate aesthetic care
• Manage your online account
• Improve our services and website
• Comply with legal and regulatory obligations

We only collect data that is necessary and relevant to providing our services.

3. Legal Basis for Processing

We process your data under the following legal bases:

• Contractual necessity – to provide booked services
• Legal obligation – medical and financial record keeping
• Legitimate interests – improving our services and communication
• Consent – where required, particularly for marketing communications

4. Medical & Sensitive Data

Medical and consultation information is:

• Accessed only by authorised professionals
• Stored securely
• Used solely for treatment, safety, and aftercare purposes

We do not share medical information with third parties unless required by law or with your explicit consent.

5. Data Sharing

We do not sell your personal data.

We may share limited information with:

• Secure booking or payment providers
• IT and website service providers
• Legal or regulatory authorities (only when required by law)

All third parties are required to comply with GDPR and data protection standards.

6. Data Retention

We keep your personal data only for as long as necessary:

• Booking and account data: as long as your account is active
• Medical records: in accordance with UK medical record retention guidelines
• Financial records: as required by law

When data is no longer needed, it is securely deleted.

7. Your Rights (GDPR)

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data (where legally permitted)
• Restrict or object to processing
• Withdraw consent at any time
• Request data portability

To exercise your rights, please contact us using the details below.

8. Cookies

Our website uses cookies to:

• Improve functionality
• Analyse website traffic
• Enhance user experience

You can manage or disable cookies through your browser settings.

9. Data Security

We take data security seriously and use:

• Secure servers
• Encrypted connections
• Restricted access to personal data

Despite our best efforts, no system is 100% secure, but we continually review and improve our safeguards.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

11. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please contact us: