Privacy Policy
The London Face and Skin Clinic 58 South Molton Street, Mayfair, London W1K 5SL
Last updated: February 2026
1. Who We Are
The London Face and Skin Clinic (“we,” “us,” “our”) is a non-surgical aesthetic clinic operated by Dr Richard Etok. We are the data controller for the personal information we collect and process about you.
If you have any questions about this privacy policy or how we handle your personal data, please contact us at:
Email: enquiries@tlfasc.com Phone: 07788 314545 Address: 58 South Molton Street, Mayfair, London W1K 5SL
2. What Information We Collect
We may collect and process the following personal data:
Identity and contact information: Your name, email address, telephone number, postal address, and date of birth.
Health and medical information: Medical history, current medications, allergies, skin conditions, treatment records, clinical notes, photographs taken before and after treatment, and consent forms. This is classified as special category data under UK GDPR.
Financial information: Payment details processed at the time of transaction. We do not store full card details.
Booking and communication records: Appointment history, correspondence (including emails, text messages, and messages sent through our booking platform), and feedback or reviews you provide.
Technical information: If you use our website, we may collect your IP address, browser type, and browsing behaviour through cookies. See Section 9 for more detail.
3. How We Collect Your Information
We collect information directly from you when you:
- enquire about or book a consultation or treatment
- complete a medical questionnaire or consent form
- register on our online booking platform
- communicate with us by phone, email, text message, or in person
- visit our website
4. Why We Process Your Information and Our Legal Basis
We process your personal data for the following purposes:
To provide clinical care and treatment Legal basis: Explicit consent (Article 9(2)(a) UK GDPR) for health data. Legitimate interests (Article 6(1)(f)) for general administration.
To manage appointments and bookings Legal basis: Performance of a contract (Article 6(1)(b)) and legitimate interests.
To maintain accurate clinical records Legal basis: Legal obligation (Article 6(1)(c)). We are required to maintain clinical records in accordance with professional and regulatory standards.
To send appointment confirmations, reminders, and aftercare instructions Legal basis: Performance of a contract and legitimate interests.
To process payments Legal basis: Performance of a contract.
To respond to your enquiries and communicate with you Legal basis: Legitimate interests and, where applicable, your consent.
To send marketing communications (only with your consent) Legal basis: Consent (Article 6(1)(a)). You can withdraw this consent at any time.
To comply with legal and regulatory obligations Legal basis: Legal obligation.
5. Who We Share Your Information With
We do not sell your personal data to third parties. We may share your information with:
Pabau (Hambrand Technology Limited): Our clinic management and online booking platform. Pabau acts as a data processor on our behalf and processes your personal data in accordance with our instructions. This includes appointment bookings, medical records, consent forms, communications, and payment processing. Pabau stores data on encrypted servers hosted in UK-based data centres (London) and is GDPR compliant. For more information, see Pabau’s privacy policy at https://pabau.com/privacy-policy/.
Payment processors: To process card payments securely. Payment processing is handled through Pabau’s integrated payment system (Pabau Pay, powered by Stripe). We do not have access to your full card details.
Professional advisors: Accountants, legal advisors, or insurers where necessary for the operation of our business.
Regulatory bodies: Where required by law or professional obligation, such as the Care Quality Commission, the General Dental Council, or other relevant authorities.
We will never share your health or medical information with any third party for marketing purposes.
6. How Long We Keep Your Information
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:
Clinical and medical records: A minimum of 10 years from the date of last treatment, or longer where required by professional guidance or regulation.
Financial records: 7 years, in accordance with HMRC requirements.
Marketing consent records: Until you withdraw your consent, plus a reasonable period to process your request.
Enquiry and correspondence records: Up to 3 years after your last contact with us, unless a longer period is required.
After these periods, your data will be securely deleted or anonymised.
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right of access: You can request a copy of the personal data we hold about you.
Right to rectification: You can ask us to correct any inaccurate or incomplete data.
Right to erasure: You can ask us to delete your personal data in certain circumstances. Please note that we may be required to retain clinical records for legal or regulatory reasons.
Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
Right to data portability: You can request that we transfer your data to another organisation in a structured, commonly used format.
Right to object: You can object to our processing of your data where we rely on legitimate interests as our legal basis.
Right to withdraw consent: Where we process your data based on your consent (including marketing communications and health data processing), you can withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at enquiries@tlfasc.com. We will respond to your request within one month.
8. How We Protect Your Information
We take appropriate technical and organisational measures to protect your personal data, including:
- Use of encrypted, UK-based cloud storage through our clinic management platform (Pabau)
- Secure access controls limiting data access to authorised personnel
- Secure payment processing through PCI-compliant systems
- Regular review of our data protection practices
9. Cookies
Our website may use cookies to improve your browsing experience and help us understand how our site is used. Cookies are small text files stored on your device.
You can control cookie settings through your browser. Disabling cookies may affect the functionality of our website.
For more information on cookies and how to manage them, visit www.allaboutcookies.org.
10. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
11. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk Phone: 0303 123 1113 Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would appreciate the opportunity to address your concerns directly before you contact the ICO. Please reach out to us at enquiries@tlfasc.com in the first instance.