

Cookies & Privacy Policy
Last updated: July 2026
Who we are
Our website address is: sapphiremedicalaesthetics.co.uk.
Sapphire Aesthetics Limited, trading as Sapphire Medical Aesthetics, is committed to protecting your privacy and handling your personal information securely, fairly and transparently.
This Privacy Policy explains what personal information we collect, how we use it, how long we keep it for, who we may share it with and what rights you have in relation to your data.
If you are unsure about how we are handling your personal information, or if you would like to ask a question about this policy, please contact our Data Protection Officer.
Data Protection Officer: Laura, Clinic Manager
Email: enquiries@sapphiremedicalaesthetics.co.uk
Telephone: 01432 870717
Address: Sapphire Aesthetics, The Granary, Whitehall Road, Hampton Bishop, Hereford, HR1 4LB
For the purposes of UK data protection law, Sapphire Aesthetics Limited is the data controller for the personal information we collect and use.
We will not sell your personal information to third parties.
What information we collect
We may collect and process personal information that you provide to us directly, including when you:
complete a form on our website;
make an enquiry;
book an appointment;
attend a consultation or treatment;
purchase a product, voucher or treatment;
join a membership, subscription or savings plan;
contact us by phone, email, social media or in person;
sign up to receive marketing communications from us.
The information we collect may include:
your name;
email address;
telephone number;
address or general location;
appointment details;
enquiry information;
payment or transaction information;
treatment preferences;
consultation notes;
medical history;
allergies, medications or health information relevant to your treatment;
treatment records;
consent forms;
before-and-after images or clinical photographs;
marketing preferences.
As a medical aesthetics clinic, some of the information we collect may include health or medical information. This is classed as special category data under UK data protection law and is handled with additional care.
Information collected through our website
When you use our website, we may automatically collect certain technical information, including:
your IP address;
the browser you are using;
the operating system of your device;
the website or referral source that brought you to our site;
the pages you visit;
how long you spend on the website;
how you interact with the website.
This information helps us understand how our website is being used, monitor performance, improve the website experience and support our marketing activity where consent has been given.
Please see our Cookie Policy below for more information.
How we use your personal information
We may use your personal information to:
respond to your enquiries;
arrange, manage and confirm appointments;
provide consultations, treatments and aftercare;
assess your suitability for treatments;
maintain accurate clinical and treatment records;
process payments, deposits, product purchases, subscriptions or savings plan contributions;
send appointment reminders and service-related updates;
provide customer care;
manage complaints, feedback or reviews;
send marketing communications where you have opted in or where we are otherwise permitted to do so;
improve our services, website and client experience;
comply with legal, regulatory, insurance, tax, accounting and professional obligations;
protect the rights, safety and wellbeing of our patients, team and business.
Our lawful basis for using your information
Under UK data protection law, we must have a lawful basis for using your personal information.
Depending on the reason we are using your data, we may rely on one or more of the following lawful bases:
Contract
Where we need to use your information to provide the services, treatments, products, appointments or payment arrangements you have requested.
Consent
Where you have given us clear permission, for example to receive certain marketing communications, to use non-essential cookies, or to use identifiable images for marketing purposes.
Legitimate interests
Where it is necessary for the running of our business, such as responding to enquiries, improving our services, managing client relationships, keeping appropriate records and protecting our business, provided your rights and interests do not override this.
Legal obligation
Where we need to use or retain information to comply with legal, regulatory, insurance, tax, accounting or professional obligations.
Special category health data
Where we process health or medical information, we will only do so where we have an appropriate lawful basis and an additional condition for processing special category data. This may include providing health-related services, maintaining clinical records, obtaining explicit consent where required, complying with legal obligations, or protecting the vital interests of an individual.
Marketing communications
We may contact you from time to time with information about treatments, products, offers, events, clinic updates or services we think may be relevant to you.
This may include email, post, telephone or other appropriate communication methods, depending on your preferences and the information you have provided to us.
You can opt out of marketing communications at any time by contacting us directly or by following the unsubscribe instructions included in our emails.
Please note that if you opt out of marketing, we may still contact you with service-related information, such as appointment reminders, treatment information, payment updates or important clinic notices.
Clinical photographs and before-and-after images
As part of your treatment journey, we may take photographs for clinical records, treatment planning, progress monitoring, insurance, training or safety purposes. We will only use identifiable images for marketing, social media, website content or promotional materials where you have given your consent.
You can withdraw consent for future use of identifiable images at any time by contacting us.
Who we may share your information with
We will only share your personal information where necessary and appropriate.
This may include sharing information with:
members of our team involved in your care, appointment or enquiry;
clinic management or booking system providers;
payment, subscription or savings plan providers;
email marketing platforms;
website hosting, analytics and technical support providers;
professional advisers, including accountants, insurers, legal advisers and consultants;
regulatory bodies, insurers or professional organisations where required;
delivery or courier companies where we need to fulfil a product order;
emergency services, healthcare professionals or safeguarding bodies where necessary to protect someone’s wellbeing.
We do not sell your personal information.
How long we keep your information
We will only keep your personal information for as long as necessary for the reason it was collected, including to meet legal, regulatory, insurance, accounting, tax and professional requirements. General enquiry information may be kept while we are corresponding with you and for a reasonable period afterwards. Clinical and treatment records may need to be kept for longer periods due to medical, insurance and regulatory requirements. Financial records may need to be retained for tax and accounting purposes. Marketing data will be kept until you unsubscribe, withdraw consent, or we no longer have a lawful reason to contact you. Where information is no longer required, we will securely delete, anonymise or archive it.
Data security
We take reasonable technical and organisational steps to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration or destruction.
Our website is hosted on a secure server with SSL security. This is usually indicated by the padlock symbol in the address bar of your browser.
However, no website, email system or online platform can be guaranteed to be completely secure. Please take care when sending sensitive information online.
If a data breach occurs and we are required to notify you or the Information Commissioner’s Office, we will do so in accordance with our legal obligations.
Links to third-party websites
Our website may contain links to other websites over which we have no control.
This Privacy Policy only applies to our website and services. If you visit another website, we recommend that you read their own privacy and cookie policies before providing any personal information.
International transfers
Some of the third-party platforms or service providers we use may process or store data outside the UK.
Where this happens, we will take appropriate steps to ensure your information is protected in line with UK data protection law.
Your rights
Under UK data protection law, you have rights in relation to your personal information.
You may have the right to:
ask what personal information we hold about you;
request access to your personal information;
ask us to correct inaccurate or incomplete information;
ask us to delete your information in certain circumstances;
ask us to restrict how we use your information;
object to certain types of processing;
ask for your information to be transferred to another provider where applicable;
withdraw consent where we are relying on consent;
complain to the Information Commissioner’s Office.
You can make a request by contacting us using the details provided in this policy.
We may need to verify your identity before responding to a request. In most cases, we will respond within one month. In most cases, you will not be charged a fee, although a reasonable fee may apply where a request is manifestly unfounded, excessive or where further copies are requested.
Please be aware that we may not be able to delete information that we are required to keep by law, for insurance purposes, or for medical, financial or regulatory reasons.
Updating your personal information
Please let us know if your personal information changes, for example if you change your name, address, telephone number or email address. Keeping your information accurate helps us to provide safe, appropriate and efficient care.
Complaints
If you have any concerns about how we handle your personal information, please contact us first so we can try to resolve the matter. You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business, website, systems, services or legal requirements.
The latest version will always be available on our website.