Privacy Notice for Patients

Este Medical Group (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, store, use, share, and protect any personal information you provide to us through our website (https://www.estemedicalgroup.uk/) and in connection with any services we provide. It also explains your rights under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Este Medical Group is a leading provider of cosmetic, aesthetic, and medical treatments in the UK and internationally, offering services such as skin care, hair restoration, cosmetic surgery, and wellness treatments. estemedicalgroup.uk

We are the data controller of your personal information for the purposes of data protection law, meaning we determine how and why your personal data is processed.

2. Information We Collect

We collect and process different types of personal information, depending on your interaction with us, including:

a. Information You Provide Directly

• Name, address, telephone number, email address
• Date of birth and identity verification details
• Medical history, treatment records, and clinical information
• Appointment and consultation information
• Payment and billing details
• Communications and preferences

This information may be collected when you:

• make an enquiry
• book or attend a consultation or treatment
• register for accounts, newsletters, or events
• contact us with questions or feedback

b. Technical and Usage Information

We may automatically collect information from your use of our website, which may include:

• IP address and device identifiers
• Browser and operating system details
• Pages visited and actions taken on our website

We use cookies and similar technologies to improve your experience and analyse how our site is used.

3. How We Use Your Personal Information

We use your personal data for the following purposes:

a. To Provide Healthcare Services

• To facilitate consultations, treatments, aftercare and follow-up support
• To manage patient records and clinical requirements
• To contact you about appointments, treatment plans, and medical needs

b. For Administrative and Legal Purposes

• To comply with legal and regulatory obligations
• To verify your identity and maintain accurate records
• To administer billing and payments

c. For Marketing (with Your Consent)

With your explicit consent, we may use your contact details to send you newsletters, offers, or other marketing communications. You can opt out or withdraw consent at any time.

d. To Improve Our Services

We may use aggregated and anonymised data to improve our services and website performance.

4. Lawful Basis for Processing (UK GDPR)

We process your personal data lawfully under the UK GDPR based on one or more of the following lawful bases:

• Your consent (e.g., marketing communications)
• Performance of a contract (e.g., treatment and care delivery)
• Legal obligation (e.g., medical record retention laws)
• Legitimate interests (e.g., improving services and patient communications)

For sensitive health data (special category data) such as medical history, we rely on explicit consent and/or necessity for medical diagnosis and care provision under UK GDPR. NHS England Digital

5. Sharing Your Information

We will not share your personal information with third parties except:

• with healthcare professionals directly involved in your care
• with service providers acting on our behalf (e.g., IT, payment processors)
• where required by law or to protect your vital interests
• with your consent
• in connection with legal claims or regulatory compliance

We ensure any third party who receives your data protects it with appropriate technical and organisational safeguards.

6. International Data Transfers

If we transfer your data outside the UK, we will ensure it is protected by appropriate safeguards, such as:

• adequacy decisions
• standard contractual clauses

This is to ensure a level of protection equivalent to UK GDPR.

7. Data Retention

We retain your personal information only for as long as necessary for the purposes it was collected and to meet legal and regulatory obligations (e.g., medical records retention). After this period, the information will be securely deleted or anonymised.

8. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. This includes secure storage systems and regular reviews of our security practices.

9. Your Rights

Under UK GDPR, you have rights including:

• Access: request a copy of your personal data
• Correction: rectify inaccurate information
• Erasure: request deletion where lawful
• Restriction: limit our use of your data
• Portability: receive your data in a structured format
• Objection: object to certain processing activities
• Withdraw consent at any time

To exercise your rights, contact us using the details in Section 11. We will respond within the statutory timeframe.

10. Cookies and Similar Technologies

We use cookies on our website to:

• improve site performance and user experience
• analyse website usage
• remember user preferences

You can control or disable cookies through your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our processing practices or legal requirements. The updated policy will be posted on our website with a revised “Last updated” date.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data subject rights, please contact:

Data Protection Officer
Este Medical Group
Email: İnfo@estemedicalgroup.uk
Address: 9 Portland Road, BirminghamB16 9HN

If you remain dissatisfied with our response, you have the right to complain to the UK Information Commissioner’s Office (ICO).