Privacy Policy

Last updated: 5 May 2026

This Privacy Policy explains how DermMED Aesthetics ("we", "us", "our") handles personal information about visitors to this website and patients of the clinic. We are committed to protecting your privacy and to processing your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

1. Who we are (data controller)

DermMED Aesthetics is the data controller for the personal information we collect through this website and through our clinic.

• Trading name: DermMED Aesthetics
• Practitioner: Dr Maria Shakoor, GP and Aesthetic Practitioner
• Address: 6 Portchester Close, Ingleby Barwick, Stockton-on-Tees, TS17 5LQ, United Kingdom
• Email: dermedaesthetics@outlook.com
• Phone: 01642 638541
• WhatsApp: 07405 105987

If you have any questions about this policy or how your data is handled, please contact us using the details above.

2. The personal data we collect

Depending on how you interact with us, we may collect the following categories of information.

Information you give us directly

• Contact details: name, email address, phone number, postal address.
• Enquiry content: any information you choose to share when emailing, messaging us on WhatsApp or contacting us by phone.
• Booking information: appointment date and treatment requested, submitted through our third-party booking provider.
• Health and consultation information (special category data): medical history, medications, allergies, skin concerns, photographs taken with your consent, and clinical notes recorded during consultation. This data is handled under strict medical confidentiality.

Information collected automatically

• Technical and usage data: IP address (in truncated form where possible), browser type and version, device type, operating system, referring page, pages viewed and approximate location (city / region) derived from your IP address.
• Cookies and similar technologies: see our Cookie Policy for full details.

We do not knowingly collect personal data from children under 18. Aesthetic treatments are only offered to adults.

3. How and why we use your data (lawful bases)

We only use your personal data when we have a lawful basis to do so under UK GDPR.

Purpose	Data used	Lawful basis
Responding to enquiries by email, phone or WhatsApp	Contact details, enquiry content	Legitimate interests (responding to a request you have made); consent where applicable
Arranging and managing consultations and appointments	Contact details, booking details	Steps taken at your request prior to entering a contract; performance of a contract
Providing aesthetic and skin health treatment, keeping clinical records	Contact details, health information, photographs, clinical notes	Performance of a contract; for special category (health) data: provision of healthcare and management of healthcare systems (UK GDPR Art. 9(2)(h))
Patient safety, follow-up care and adverse-event reporting	Health information, treatment records	Legal obligation; substantial public interest in the area of public health
Operating, securing and improving this website	Technical / usage data, strictly necessary cookies	Legitimate interests (running and securing our website)
Optional analytics or marketing cookies	Usage data, online identifiers	Consent (you can withdraw at any time via the "Cookie settings" link)
Sending marketing emails or messages, where you have asked to receive them	Contact details, marketing preferences	Consent
Complying with legal, regulatory and accounting obligations	Records of treatments, financial information	Legal obligation

4. Sharing your data

We do not sell your personal data. We only share it where necessary, with appropriate safeguards in place. Recipients may include:

• Our website host (Netlify): hosts this website and processes server logs on our behalf.
• Booking platform (Aesthetic Nurse Software): processes online bookings made through the "Book Online" link.
• Communication tools: WhatsApp / Meta and our email provider, where you choose to contact us through these channels.
• Pharmacies and laboratories: where prescriptions or testing are clinically required.
• Insurers, regulators and professional bodies: such as the General Medical Council, the CQC, the Joint Council for Cosmetic Practitioners (where applicable) or our medical indemnity insurer, when required.
• Professional advisers: accountants and legal advisers, under strict confidentiality.
• Law enforcement and public authorities: where we are legally required to disclose information.

5. International transfers

Some of the providers above may process data outside the UK. Where this happens we rely on appropriate safeguards, such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or transfers to countries with UK adequacy regulations, to make sure your data continues to receive an essentially equivalent level of protection.

6. How long we keep your data

We only keep personal data for as long as necessary for the purposes described in this policy.

• Clinical and consultation records: retained in line with current professional and regulatory guidance for medical and aesthetic records, generally for at least 8 years from the date of last treatment, and longer for patients who were under 18 at the time of treatment.
• Financial and accounting records: retained for at least 6 years to comply with HMRC requirements.
• Website enquiries that do not lead to treatment: retained for up to 24 months, unless we need to keep them longer.
• Cookie and consent records: retained for up to 12 months, after which we will ask for your preferences again.

7. How we protect your data

We apply technical and organisational measures appropriate to the sensitivity of the data we hold. These include access controls, encrypted storage and transmission where appropriate, secure clinical record keeping and confidentiality obligations on everyone who handles patient information.

8. Your rights

Under UK data protection law you have the following rights, free of charge in most cases:

• Right to be informed about how your data is used (this policy).
• Right of access to a copy of the personal data we hold about you.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") in certain circumstances.
• Right to restrict processing in certain circumstances.
• Right to data portability for data you provided to us electronically.
• Right to object to processing based on our legitimate interests, and to direct marketing.
• Right to withdraw consent at any time, where we rely on consent.
• Rights relating to automated decision-making and profiling. We do not carry out automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, please contact us using the details in section 1. We will respond within one month.

9. How to complain

We hope to resolve any concerns directly. You also have the right to complain to the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page shows when it was last revised. Where changes are material we will take reasonable steps to bring them to your attention.