Privacy Policy

The Ara Clinic

At The Ara Clinic, your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, contact us, or receive treatment from us.

We are committed to handling your information lawfully, fairly, and transparently, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The Ara Clinic is a nurse-led aesthetics and wellness clinic providing non-surgical treatments and wellbeing services.

For the purposes of data protection law, The Ara Clinic is the Data Controller of your personal data.

If you have any questions about this policy or how your data is handled, please contact us via the details provided on our website.

2. What Information We Collect

We may collect and process the following types of personal data:

Personal Information

• Name

• Date of birth

• Contact details (email address, phone number)

Health & Treatment Information

• Medical history

• Treatment records

• Consultation notes

• Before and after photographs (with your consent)

Website & Booking Information

• Enquiry forms

• Online booking details

• IP address and basic website usage data (via cookies)

Health information is classified as special category data under UK GDPR and is handled with additional care and protection.

3. How We Use Your Information

We use your information to:

• Provide safe and appropriate treatments

• Carry out consultations and assessments

• Maintain accurate medical records

• Communicate with you about appointments, aftercare, or follow-ups

• Process bookings and payments

• Meet legal, regulatory, and professional obligations

• Improve our services and website

We only use your data where there is a lawful basis to do so.

4. Lawful Basis for Processing

We process your personal data under one or more of the following legal bases:

• Consent – where you have given clear permission

• Contract – to provide services you have requested

• Legal obligation – to comply with healthcare and regulatory requirements

• Legitimate interests – to operate and improve our clinic safely and effectively

Special category health data is processed under healthcare and medical treatment exemptions as permitted by law.

5. How We Store and Protect Your Data

We take appropriate technical and organisational measures to protect your data, including:

• Secure digital record systems

• Restricted access to sensitive information

• Confidential handling of medical records

• Secure storage of paper records where applicable

We retain your data only for as long as necessary to meet legal, clinical, and regulatory requirements.

6. Sharing Your Information

We do not sell your personal data.

Your information may be shared only when necessary, for example:

• With other healthcare professionals involved in your care

• With regulated laboratories or pharmacies (where applicable)

• With professional indemnity providers or regulatory bodies if legally required

All third parties are required to respect confidentiality and data protection laws.

7. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you

• Request correction of inaccurate data

• Request deletion of your data (where legally permissible)

• Object to or restrict certain processing

• Withdraw consent at any time

• Lodge a complaint with the Information Commissioner’s Office (ICO)

You can exercise your rights by contacting us directly.

8. Cookies & Website Use

Our website may use cookies to improve functionality and user experience. Cookies do not collect sensitive personal data.

You can control or disable cookies through your browser settings.

9. Marketing Communications

We will only send marketing communications where you have opted in or where permitted by law. You can unsubscribe at any time by following the instructions in our messages or contacting us directly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or our services. The most current version will always be available on our website.

11. GDPR & Data Protection Statement

The Ara Clinic complies fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

All personal and medical information is:

• Collected lawfully and transparently

• Used only for specified, legitimate purposes

• Kept accurate and up to date

• Stored securely

• Retained only for as long as legally and clinically required

Medical records are maintained in line with professional healthcare standards and retained in accordance with regulatory guidance.

12. Medical Photography Consent Policy

Medical photography may be used at The Ara Clinic for:

• Clinical assessment and treatment planning

• Monitoring treatment progress and outcomes

• Medical documentation and record keeping

Photographs are taken only with your explicit consent and are treated as confidential medical records.

With your separate and optional consent, anonymised images may be used for:

• Educational purposes

• Professional portfolios

• Marketing or website content

You have the right to:

• Decline photography altogether

• Consent to clinical use only

• Withdraw consent for non-clinical use at any time

Withdrawal of consent will not affect your treatment or care.

All images are stored securely and accessed only by authorised healthcare professionals.

13. NMC & Clinical Disclaimer

All treatments at The Ara Clinic are delivered by a qualified, registered nurse in accordance with:

• Nursing and Midwifery Council (NMC) Code

• Evidence-based clinical practice

• National healthcare safety standards

Treatments are offered only following a thorough consultation and clinical assessment. Results vary between individuals and no outcome can be guaranteed. All treatments carry some level of risk, which will be fully explained prior to treatment.

14. NHS-Aligned Safety Statement

The Ara Clinic operates in line with NHS principles of patient safety, informed consent, and clinical governance, including:

• Full disclosure of risks, benefits, and alternatives

• Informed consent prior to treatment

• Clear aftercare guidance

• Prompt escalation and referral where required

The Ara Clinic does not replace NHS care. Clients should remain registered with their GP and seek medical advice where appropriate. In emergencies, contact NHS 111 or attend A&E.

15. Limitation of Website Information

Information provided on this website is for general informational purposes only and does not constitute medical advice or diagnosis.

All treatments require consultation prior to proceeding. Treatment suitability is determined individually by a qualified healthcare professional.

16. Contact & Concerns

If you have questions about data protection, consent, or clinical care, please contact The Ara Clinic using the details on the website.

If you are dissatisfied with how your data is handled, you may raise a concern with the Information Commissioner’s Office (ICO).

17. Contact Us

If you have any questions, concerns, or requests regarding your personal data, please contact The Ara Clinic using the contact details provided on our website.