Privacy Policy
How we collect, use and protect your personal information — written in plain English, as the ICO recommends.
Last updated: January 2025
1. Who we are
This privacy policy applies to Janevé Aesthetics, an aesthetic and beauty clinic based in Winchmore Hill, North London.
Data Controller: Janevé Aesthetics
Address: 16 The Green, London, N21 1AY
Telephone: 07597 141780
Email for data requests: [Please contact us by telephone or post — email address to be updated by client]
Company registration: [To be confirmed by client]
We take your privacy seriously. As the data controller, we are responsible for deciding how and why your personal data is processed, and we are committed to handling it lawfully, fairly and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What personal data we collect
We only collect personal data that is necessary for the purposes described in this policy. Depending on how you interact with us, we may collect the following:
Contact and enquiry data
When you contact us by phone, WhatsApp, or through our booking platform (Treatwell), we may collect:
- Your name and contact details (telephone number, email address)
- The nature of your enquiry or the treatment you are interested in
- Any information you choose to share with us in your message
Consultation and treatment data
When you attend a consultation or treatment, we collect:
- Your name, date of birth, and contact details
- Relevant medical history and health information (special category data under UK GDPR)
- Notes from your consultation, including your skin assessment and treatment recommendations
- A record of treatments you have received and any aftercare advice provided
- Payment information (processed securely via Treatwell or our payment provider — we do not store card details)
Health and medical data is classified as special category data under UK GDPR and is subject to additional safeguards. We collect this data only where it is necessary to provide safe and appropriate treatments, and always with your explicit consent.
Website usage data
When you visit our website, we may automatically collect:
- Your IP address and approximate location
- Browser type and operating system
- Pages visited and time spent on site
- Referral source (how you found our website)
We use cookies and similar technologies to collect this data. Please see Section 7 (Cookies) below for full details.
3. How we use your personal data
We use your personal data only for specific, lawful purposes. The table below sets out what we do with your data and the legal basis under UK GDPR that permits us to do so.
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Responding to your enquiries and booking requests | Legitimate interests / Pre-contractual steps |
| Providing consultations and carrying out treatments safely | Contract performance; Explicit consent (for health data) |
| Maintaining clinical treatment records | Legal obligation; Legitimate interests (safe practice) |
| Processing payments | Contract performance |
| Sending appointment reminders or aftercare information | Legitimate interests / Consent |
| Improving our website and services | Legitimate interests |
| Complying with legal or regulatory obligations | Legal obligation |
We will never sell your personal data to third parties. We will never use your data for automated decision-making that significantly affects you without your explicit consent.
4. Who we share your data with
We do not sell, rent or trade your personal data. We may share your data with trusted third parties in the following limited circumstances:
Treatwell (booking platform)
We use Treatwell to manage bookings. When you book through Treatwell, your data is subject to Treatwell's privacy policy as well as our own.
Payment processors
Payment transactions are processed securely by our payment provider. We do not store your card or payment details on our systems.
Professional advisers and regulators
We may share data with our insurance provider, legal advisers, or regulatory authorities where required by law or to protect our legitimate interests.
All third parties with whom we share your data are required to handle it securely and in accordance with applicable data protection law.
5. How long we keep your data
We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
| Type of Data | Retention Period |
|---|---|
| Clinical treatment records (including health/medical data) | Minimum 8 years from last treatment (aligned with NHS guidelines for adults) |
| Consultation records | 8 years from date of consultation |
| General enquiry and contact data | 2 years from last contact |
| Financial and payment records | 7 years (HMRC requirements) |
| Website analytics data | Up to 26 months (if analytics are in use) |
After these periods, your data will be securely deleted or anonymised. Where retention is required by law, we cannot fulfil a deletion request for that specific data until the retention period expires.
6. Your rights under UK GDPR
Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions, but we will always respond to your request promptly and clearly.
Right of access
You have the right to request a copy of the personal data we hold about you. We will respond within one month.
Right to rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.
Right to erasure
Also known as the "right to be forgotten". You can ask us to delete your personal data where there is no compelling reason for us to continue processing it.
Right to restrict processing
You can ask us to pause the processing of your personal data in certain circumstances — for example, while you contest its accuracy.
Right to data portability
Where we process your data by automated means and on the basis of consent or contract, you can ask us to provide it in a structured, machine-readable format.
Right to object
You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis. You also have an absolute right to object to direct marketing at any time.
Rights related to automated decisions
You have the right not to be subject to decisions made solely by automated processing where those decisions have a significant effect on you. We do not carry out such processing.
Right to withdraw consent
Where we process your data on the basis of consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before your withdrawal.
How to exercise your rights
To exercise any of these rights, please contact us by telephone on 07597 141780 or in writing to Janevé Aesthetics, 16 The Green, London, N21 1AY. We will respond within one month of receiving your request. We may need to verify your identity before processing your request.
7. Cookies
Our website uses cookies — small text files placed on your device — to help the site function correctly and to improve your experience. In accordance with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR, we ask for your consent before placing any non-essential cookies.
Strictly necessary cookies
These cookies are required for the website to function and cannot be switched off. They include cookies that remember your cookie consent preference. No consent is required for these cookies.
Analytics cookies
We may use analytics cookies to understand how visitors use our website. These cookies collect information in an anonymised form and help us to improve the site. Your consent is required before these cookies are placed. [Client to confirm analytics setup before launch.]
Third-party cookies (Treatwell)
If you access our Treatwell booking page via a link on this website, Treatwell may place their own cookies on your device. These are governed by Treatwell's cookie policy.
You can manage or delete cookies at any time through your browser settings. Please note that disabling cookies may affect the functionality of some parts of our website. For more information about cookies and how to manage them, visit www.aboutcookies.org.
8. Data security
We take the security of your personal data seriously. We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, alteration or disclosure.
These measures include secure storage of paper records, password-protected systems, and the use of reputable, GDPR-compliant third-party platforms (such as Treatwell) for booking and payments.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours, and you directly without undue delay where required.
9. International data transfers
We aim to keep your personal data within the United Kingdom. Where any third-party service provider processes data outside the UK, we ensure that appropriate safeguards are in place — such as the UK International Data Transfer Agreement (IDTA) or equivalent adequacy decisions — to protect your data to the same standard as within the UK.
[Client to confirm if any third-party tools used store data outside the UK.]
10. Children's privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect or process personal data relating to children under the age of 18 without the explicit consent of a parent or guardian.
If you believe a child has provided us with their personal data without appropriate parental consent, please contact us immediately and we will take steps to delete that information.
11. Changes to this privacy policy
We may update this privacy policy from time to time — for example, to reflect changes in how we use your data, changes in the law, or updates to our business. The "last updated" date at the top of this page will always reflect when the policy was most recently revised.
We encourage you to review this policy periodically. Where changes are significant, we will take reasonable steps to bring them to your attention.
12. How to raise a concern or complain
If you have any questions about how we handle your personal data, or if you wish to raise a concern, please contact us in the first instance — we will always try to resolve any issue directly and promptly.
If you are not satisfied with our response, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection matters.
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Questions about your data?
We're happy to answer any questions about your personal data or how we use it. Get in touch with us directly.