1. What information we collect

Elera Clinic collects personal and health information to provide safe and appropriate aesthetic treatments. This may include:

• Name, address, date of birth, contact details
• Medical history and consultation records
• Details of treatments provided
• Before and after treatment photographs
• Payment records (note: we do not store full card details)

2. How we use your information

We use your information to:

• Assess suitability for aesthetic treatments
• Provide treatments safely and effectively
• Maintain accurate clinical records
• Communicate with you about appointments, aftercare, and follow-up
• Meet legal, regulatory, professional, and insurance requirements

3. Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), we process your data under the following lawful bases:

• Provision of health care
• Explicit consent, where required (e.g. for photographs and marketing)
• Legal and professional obligations, including record keeping and indemnity requirements

4. Photographs and consent

Clinical photographs may be taken:

• To assess and plan treatment
• To monitor treatment outcomes
• For your confidential medical record

Photographs will not be used for marketing, teaching, or social media without your separate, explicit written consent.
You may withdraw consent for non-clinical use of photographs at any time.

5. How we store and protect your data

• Paper records are stored securely and accessed only by authorised personnel
• Electronic records are password-protected and stored on secure systems
• Photographs are stored securely and linked only to your clinical record
• Reasonable technical and organisational measures are in place to protect your data from loss, misuse, or unauthorised access

6. Sharing your information

We do not sell your data or share it for marketing purposes.

Your information may be shared only, when necessary, with:

• Medical defence or indemnity organisations
• Regulatory or legal authorities where required by law
• Other healthcare professionals involved in your care (with your consent)

7. How long we keep your data

• Adult clinical records are retained for at least 8 years after your last treatment
• Photographs are retained in line with clinical records unless consent is withdrawn for non-clinical use
• Records are securely destroyed when no longer required

8. Your rights

You have the right to:

• Access your personal data
• Request correction of inaccurate or incomplete information
• Request deletion of your data where legally permissible
• Withdraw consent for photographs or marketing at any time
• Raise concerns about how your data is handled

9. Complaints

If you have any concerns about how your data is used, please contact Elera Clinic in the first instance.

You also have the right to complain to the Information Commissioner’s Office (ICO):
www.ico.org.uk