Skip to content

Legal

Privacy Policy

Last updated: 6 June 2026

MEDIMAYS — Aesthetics & Beauty ("we", "us") is committed to protecting your privacy. This policy explains what personal data we collect, why, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data we collect

  • Booking & contact details: your name, email address, phone number and any notes you provide when booking or contacting us.
  • Appointment information: the treatments you book and your appointment times.
  • Health information: where relevant to a treatment, we may collect health and medical information during consultation. This is special category data and is handled with additional care.
  • Technical data: basic, anonymised analytics about how the website is used (see our Cookie Policy).

2. How we use your data

  • To arrange, confirm and manage your appointments.
  • To add your booking to our scheduling calendar.
  • To send you appointment confirmations and respond to your enquiries.
  • To provide treatments safely and keep appropriate records.
  • To meet our legal, insurance and regulatory obligations.

3. Legal bases

We process your data on the basis of your consent, to perform our contract with you (providing the treatment you book), to comply with legal obligations, and for our legitimate interests in running our business safely and effectively. Special category (health) data is processed for the provision of health treatment and with your explicit consent where required.

4. Sharing & processors

We use trusted third-party providers to operate this website and our bookings, including:

  • Google Calendar — to store and manage appointment times.
  • Resend — to send confirmation and notification emails.
  • Cloudflare — to host this website securely.

We do not sell your personal data. We only share it where necessary to deliver our service or where required by law.

5. Retention

We keep your data only for as long as necessary for the purposes above and to meet legal and insurance requirements, after which it is securely deleted.

6. Your rights

You have the right to access, correct, or request deletion of your personal data, to restrict or object to processing, and to withdraw consent at any time. To exercise these rights, email [email protected]. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

7. Contact

For any privacy questions, contact us at [email protected].

Note: This policy is a starting point and should be reviewed by a qualified professional to ensure it fully reflects your data-processing practices and obligations.