Facebook-f Youtube Instagram

01603 360360

info@laserdocs.co.uk

The Doctors Laser Clinic Logo
cqc good logo
the doctors laser clinic logo
CONTACT US

The Doctors Laser Clinic Privacy Policy

Effective Date: 18/04/2025

1. Our Commitment to Your Privacy

At The Doctors Laser Clinic Ltd (“we”, “us”, “our”), we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with us, whether through our website. https://laserdocs.co.uk/ phone, email, or in person at our clinic. It applies to data collected via all these channels. It also outlines your rights regarding your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website or services, you acknowledge the data processing practices described. We may update this policy from time to time; please check this page occasionally to ensure you are happy with any changes. Significant changes may be noted via email or a prominent notice on our website.

2. Who We Are

The Doctors Laser Clinic Ltd is the Data Controller responsible for your personal data.

  • Company Number: 07284874
  • Clinic Address: The Old Surgery, Stoke Road, Poringland, Norwich, NR14 7JL
  • Registered Address: Lovewell Blake Llp Bankside 300, Peachman Way Broadland Business Park, Norwich, NR7 0LB
  • Contact for Privacy Queries:
    • Email: info@laserdocs.co.uk
    • Telephone: 01603 360360
    • Post: FAO: Data Privacy Manager, The Doctors Laser Clinic Ltd, The Old Surgery, Stoke Road, Poringland, Norwich, NR14 7JL

3. Information We Collect About You

We may collect and process the following types of personal data:

  • Identity Data: Name, title, date of birth.
  • Contact Data: Billing address, delivery address, email address, telephone numbers.
  • Financial Data: Payment card details (processed securely by third-party payment processors; we do not store full card details). Transaction history (deposits, purchases).
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Data: Information about how you use our website (pages accessed, time spent) and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences (e.g., newsletter sign-ups).
  • Health Data (Special Category Data): Information concerning your health, medical history, allergies, conditions relevant to treatments, treatment plans, clinical notes, photographs (for treatment assessment and monitoring), and records necessary for providing safe and effective aesthetic treatments. We treat this data with the highest level of confidentiality and security.
  • Employment Data: Information provided if you apply for a job with us (CVs, cover letters, references).
  • Other Information: Any other information you voluntarily provide (e.g., feedback, survey responses, general enquiries).

4. How We Collect Your Information

We collect information in the following ways:

  • Direct Interactions: When you fill in forms on our website (contact, newsletter sign-up, booking requests), correspond with us by post, phone, email, or in person at the clinic, when you register as a patient, complete medical questionnaires, book appointments (including via our online system), attend consultations, receive treatments, provide feedback, or apply for jobs.
  • Automated Technologies: As you interact with our website, we automatically collect Technical Data about your equipment and browsing actions using cookies and similar technologies. Please see our Cookie Policy for details (Section 12).
  • Third Parties: We may receive Technical Data from analytics providers like Google Analytics. We use a third-party system (Pabau) for clinic management and online booking, which processes the data you input.

5. Lawful Basis for Processing Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances, based on these lawful bases under UK GDPR:

  • Consent: Where you have given us clear consent to process your data for a specific purpose (e.g., sending marketing emails/newsletters, using non-essential analytics cookies).
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract (e.g., booking appointments, processing payments, managing your registration as a patient).
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation (e.g., maintaining accurate medical records as required by healthcare regulations for 8 years, financial record keeping).
  • Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., improving our services, website security, responding to general enquiries, processing job applications, managing reward points unless contract-based).
  • Provision of Health Care (Special Category Data): Processing Sensitive Health Data is necessary for the purposes of preventive or occupational medicine, medical diagnosis, and the provision of health or social care or treatment (Article 9(2)(h) UK GDPR). We process this data under the responsibility of appropriate health professionals subject to obligations of professional secrecy.

6. How We Use Your Information

We use your information for the following purposes, linked to the lawful bases above:

  • To register you as a new patient (Contract)
  • To provide our clinical services, including assessing suitability for treatment, booking and confirming appointments, delivering treatments safely and effectively, and maintaining clinical records (Contract; Provision of Health Care for health data; Legal Obligation for record-keeping)
  • To process payments for deposits or services (Contract)
  • To manage our relationship with you, including notifying you of changes to our services or policies (Contract, Legal Obligation, Legitimate Interests)
  • To send you requested information about products or services (Contract / Legitimate Interests)
  • To administer reward points schemes (Contract / Legitimate Interests)
  • To seek your views or feedback on our services (Legitimate Interests)
  • To send you marketing communications (newsletters, special offers) via your chosen methods where you have opted-in (Consent)
  • To manage and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data) (Legitimate Interests; Legal Obligation)
  • To use data analytics (via consented cookies) to improve our website, services, marketing, and customer experiences (Legitimate Interests / Consent)
  • To process job applications (Legitimate Interests / Steps prior to Contract)
  • To respond to general enquiries (Legitimate Interests)
  • To comply with legal or regulatory obligations (Legal Obligation)

7. Data Sharing and Third Parties

We respect your privacy and will not sell or rent your information to third parties. We will not share your information with third parties for their marketing purposes.

We may share your data with trusted third parties who act as Data Processors on our behalf solely to help us run our business and provide services. These include:

  • Online clinic management and booking system providers (Pabau)
  • IT and system administration service providers.
  • Email marketing and distribution providers (for newsletters you consented to).
  • Website hosting providers.
  • Payment processing providers.
  • Professional advisers (lawyers, bankers, auditors, insurers) acting as processors or joint controllers.
  • Website analytics providers (e.g., Google Analytics).

We require all third parties to respect the security of your personal data and treat it in accordance with the law. We only authorise them to use your personal data for specified purposes and in accordance with our instructions under a Data Processing Agreement where required.

We may also disclose your personal information if required by law, regulation, or legal process or to respond to a valid governmental request or in connection with a corporate change (e.g., merger, acquisition, or sale). We will not share your data with any other third party without your explicit prior consent unless legally permitted or required.

8. Data Retention

We review our retention periods regularly. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

  • Medical Records: We retain patient health records for 8 years after your last interaction with the clinic (or longer if legally required, e.g., for minors reaching adulthood) in line with professional and legal guidelines.
  • Financial Data: Transaction data is kept for 6 years plus the current year for tax purposes.
  • Marketing Data: Information used for marketing purposes (based on your consent) is retained until you withdraw your consent or we determine the consent is no longer active (e.g., following a prolonged period of inactivity, subject to periodic review). Records of consent withdrawal are kept as legally required.
  • Website Usage Data: Technical/analytical data from cookies is typically kept for periods defined in our Cookie Policy (e.g., standard Google Analytics data retention might be 14-26 months; check your settings).
  • General Enquiries: Data from general enquiries not leading to a patient relationship may be kept for up to 2 years for administrative purposes.
  • Job Applications: Unsuccessful applicant data is typically kept for 6 months after the recruitment process ends.

9. International Data Transfers

We do not typically transfer your personal data outside the UK or European Economic Area (EEA). Our main third-party providers (like Pabau and Google Analytics, depending on settings) generally process data within the UK/EEA or have mechanisms in place that comply with UK GDPR requirements for international transfers.

If, in the future, any of our service providers were to transfer data outside the UK/EEA, we would ensure a similar degree of protection is afforded to it by implementing appropriate safeguards (such as the UK’s International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses, or ensuring the recipient country is deemed adequate by the UK government).

10. Data Security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way. Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

Sensitive information, particularly health data, is subject to enhanced security measures and stricter access controls within our systems (including Pabau).

When transmitting data over the internet (e.g., via our website forms), we use encryption where appropriate (look for “https” and a lock icon in your browser’s address bar on secure pages). However, no Internet transmission can be guaranteed 100% secure. While we strive to protect your data, any transmission is at your own risk. Once received, we use strict procedures and security features to try to prevent unauthorised access.

11. Your Data Protection Rights

Under UK GDPR, you have several rights regarding your personal data:

  • Right to be Informed: To be informed about how we collect and use your personal data (which this policy aims to do).
  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To request correction of inaccurate or incomplete personal data.
  • Right to Erasure (‘Right to be Forgotten’): To request deletion of your personal data where there is no compelling reason for us to keep processing it. Please note this right is not absolute and does not apply to health records we are legally obliged to retain for the specified period (see Section 8).
  • Right to Restrict Processing: To request suspension of processing under certain circumstances.
  • Right to Data Portability: To request transfer of certain personal data to you or a third party in a structured, commonly used, machine-readable format.
  • Right to Object: To object to processing based on legitimate interests or for direct marketing purposes (you can opt out of marketing at any time).
  • Rights related to Automated Decision Making and Profiling: To not be subject to decisions based solely on automated processing which produce legal or similarly significant effects on you (we currently do not conduct such processing).

To exercise any of these rights, please contact us using the details in Section 2. We usually respond within one month. Requests are generally free, but we may charge a reasonable fee or refuse a request if it is manifestly unfounded, repetitive, or excessive. We may need to request specific information from you to help us confirm your identity.

You also have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns first.

12. Cookies

Our website uses cookies. Cookies are small text files placed on your device to collect standard internet log information and visitor behaviour information.

  • Types of Cookies: We use Strictly Necessary cookies (essential for website operation) and Analytics/Performance cookies (e.g., via Google Analytics) to understand how visitors use our site, helping us improve it. [Confirm if any other types like Functionality cookies are used by your website platform/plugins and update if necessary].
  • Consent: Strictly necessary cookies do not require consent. However, Analytics cookies are only set if you provide your consent via our cookie consent banner/tool, which appears when you first visit our website. You can manage your cookie preferences and withdraw consent at any time via this tool or by adjusting your browser settings. Turning off certain cookies may affect website functionality.
  • More Information: For detailed information on the specific cookies we use, their purpose, duration, and how to manage them, please see our separate Cookie Policy [Ensure you create and link this Cookie Policy].

13. Links to Other Websites

Our website may contain links to websites run by other organisations (e.g., potentially product suppliers or informational sites). This privacy policy applies only to our website and clinic operations. We are not responsible for the privacy policies and practices of other sites, even if accessed via links from our website. We encourage you to read the privacy statements of any other websites you visit.

14. Changes to This Privacy Policy

We keep this policy under regular review. Any updates will be posted on this page, and the effective date will be revised. For significant changes, we may provide more prominent notice (e.g., via email or a website banner).

15. How to Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: info@laserdocs.co.uk
  • Telephone: 01603 360360
  • Post: FAO: Data Privacy Manager, The Doctors Laser Clinic Ltd, The Old Surgery, Stoke Road, Poringland, Norwich, NR14 7JL

Helping you to achieve skin confidence since 2010

Our Norwich-based aesthetic clinic is run by three local family doctors: Dr Malcolm Willis, Dr Kathy Kestin and Dr Mini Nelson. The clinic is CQC regulated and offers a range of medical aesthetic procedures.

CONTACT US

Quick Links

Top Treatments

Contact Us

Address: The Old Surgery Stoke Road, Poringland, Norwich NR14 7JL

Facebook Twitter Youtube Instagram Pinterest Google

Opening Hours

Monday – 10 am–6 pm
Tuesday – 10 am–6 pm
Wednesday – 10 am–6 pm
Thursday – 10 am–6 pm
Friday – 10 am–6 pm
Saturday – 10 am–4 pm
Sunday – Closed

© 2025 The Doctors Laser Clinic All rights reserved

This Website is Powered by 100% Renewable Sources

Website Design by Brandaroo