Privacy Policy
At CHA.clinic, your privacy and trust are very important to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, website, or contact us. We are committed to handling your information responsibly and in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
CHA.clinic provides a range of aesthetic and skincare treatments to clients in the UK. For data protection purposes, we are the “data controller” responsible for your personal information.
If you have any questions, please contact:
Email: contact@cha.clinic
Address: 16 Sandy Park Road, Bristol, BS4 3PE.
2. What Information We Collect
We may collect and process the following types of information:
Personal details (name, date of birth, address, email, phone number).
Health information relevant to your treatment (medical history, medications, allergies, lifestyle details).
Booking and payment details (appointment history, invoices, payment method).
Website data (IP address, browser type, cookies, usage analytics).
Communication records (emails, messages, consultation notes).
3. How We Use Your Information
We use your information to:
Provide safe and effective treatments tailored to your needs.
Manage appointments, payments, and client records.
Communicate with you about your care, bookings, and updates.
Comply with legal and regulatory requirements.
Improve our website, services, and client experience.
Send you marketing updates (only if you have opted in).
4. Legal Basis for Processing
We process your personal data on the following bases:
Contract: To deliver the services you have booked.
Consent: Where we rely on your agreement (e.g. marketing updates).
Legal obligation: To meet regulatory and record-keeping requirements.
Legitimate interests: To improve services and manage the clinic effectively.
For sensitive health data, we process it only with your explicit consent or as required for healthcare provision.
5. How We Store and Protect Your Data
Your information is stored securely on password-protected systems.
Health records are kept confidential and accessible only to authorised staff.
We retain records for as long as legally required for healthcare and tax purposes.
Once retention periods expire, we securely delete or anonymise data.
6. Sharing Your Information
We will never sell your data. We may share it with:
Healthcare professionals directly involved in your care.
Payment providers and IT service providers (for secure transactions and systems).
Regulators or legal authorities if required by law.
Any third parties we work with must comply with strict data protection standards.
7. Your Rights
Under UK GDPR, you have the right to:
Access the personal data we hold about you.
Request corrections if your information is inaccurate.
Request deletion of your data (where legally possible).
Restrict or object to certain types of processing.
Withdraw consent (e.g. marketing) at any time.
Request transfer of your data to another provider (data portability).
To exercise these rights, contact us using the details above.
8. Cookies and Website Use
Our website may use cookies to improve your browsing experience and track anonymous usage statistics. You can manage cookies through your browser settings. See our cookie policy for further information
9. Marketing Preferences
If you opt in, we may send occasional updates about our services, offers, or events. You can unsubscribe at any time via the link in our emails or by contacting us directly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated effective date.
11. How to Complain
If you have concerns about how we handle your data, please contact us first. You also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk