NAÏA Aesthetics is committed to protecting your privacy and handling your sensitive medical and personal data with the absolute highest standard of care. This policy explains how we collect, use, and protect your information when you visit our clinic, use our website, or undergo clinical treatments with us.
Who We Are
When this policy refers to "NAÏA Aesthetics", "we", or "us", it refers to our registered clinical practice operating out of Manchester, United Kingdom.
Our clinic is located at The Avenue, Spinningfields, Manchester M3 3HF. For data protection purposes under the UK GDPR, we are the designated Data Controller.
Information We Collect
As a medically-led practice, we collect both standard personal data and special category (medical) data to ensure your safety:
- Identity Data: Full name, date of birth, gender, and photographic ID.
- Contact Data: Email address, telephone numbers, and home address.
- Medical Data: Complete medical history, current medications, allergies, previous aesthetic procedures, and clinical photographs (before/after).
- Financial Data: Secure payment details and billing addresses.
How We Use Your Information
We use your information strictly for clinical and operational purposes:
- To safely assess your medical suitability for advanced aesthetic treatments.
- To maintain accurate, legally required medical records of your prescriptions and treatments.
- To manage your appointments, memberships, and provide post-treatment aftercare.
Legal Basis for Processing
- Healthcare Provision: Processing medical data is necessary for preventative medicine and clinical care.
- Consent: Where you have explicitly consented to specific treatments or marketing communications.
- Contract: To fulfil our obligations in delivering the clinical services you booked.
Data Sharing & Confidentiality
Your medical confidentiality is absolute. We will never sell your data. We only share data with verified third parties essential to your care, such as external medical pharmacies (for prescriptions) and encrypted clinical software providers.
Medical Data Retention
By law, as a healthcare provider in the UK, we are required to retain your medical records for a statutory period. Adult medical and aesthetic records are securely retained for a minimum of 8 years following the last clinical consultation.
Your UK GDPR Rights
You possess standard rights including Access (requesting a copy of your notes), Correction, and Erasure of non-medical data. Please note that erasure requests cannot legally overwrite our statutory obligation to retain medical records.
Data Security
All patient records are stored on highly secure, encrypted clinical servers. Physical access to our clinic and servers is strictly restricted to authorized medical personnel only.
Contact Us
Questions about your data?
Our clinical team is happy to clarify anything regarding your privacy.
Contact the Clinic