Legal

Website Privacy Policy

Aesthetic Therapy Clinic

Last Updated: June 2026

Data Controller

Aesthetic Therapy Clinic

Unit 5, Ballypheason House, Athlone Road, Roscommon Town, Co. Roscommon, F42 C982

Phone: (083) 371 5260

Email: privacyaesthetictherapyclinic@gmail.com

1. Introduction

Aesthetic Therapy Clinic is committed to protecting and respecting your privacy. This Website Privacy Policy explains how we collect, use, store, and protect your personal information when you visit and interact with our website.

We are a regulated medical aesthetics practice. As such, some of the information we collect in connection with consultations and treatments constitutes Special Category Data under the General Data Protection Regulation (GDPR) and is handled with the highest level of care.

We process personal data in accordance with:

Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR)
The Irish Data Protection Act 2018
The ePrivacy Regulations 2011 (S.I. No. 336 of 2011) as amended
All applicable healthcare, professional and regulatory obligations in Ireland

2. Information We Collect Through This Website

2.1 Information You Provide Directly — When you use contact forms, booking requests, or enquiry forms on our website, you may provide:

Full name
Email address
Telephone number
Date of birth
Nature of enquiry or treatment of interest
Any additional information you choose to include

2.2 Information Collected Automatically — When you visit our website, we may automatically collect certain technical information, including:

IP address
Browser type and version
Operating system and device type
Pages visited and time spent on each page
Referring URL (how you arrived at our site)
Date and time of access
Cookie identifiers (see Section 8)

This information is used for website analytics, security monitoring, and service improvement. It is not used to identify you personally without your knowledge.

3. How We Use Your Information

We use the information collected through our website for the following purposes:

Responding to enquiries & contact form submissions — Lawful basis: Legitimate Interests (Art. 6(1)(f)). Retention: 12 months after last contact.
Processing appointment bookings — Lawful basis: Contract (Art. 6(1)(b)). Retention: duration of patient relationship + 8 years.
Providing consultations & treatments — Lawful basis: Healthcare Provision (Art. 9(2)(h)). Retention: minimum 8 years (Irish medical records law).
Sending appointment reminders — Lawful basis: Contract / Legitimate Interests. Retention: duration of appointment cycle.
Sending marketing communications (where consented) — Lawful basis: Consent (Art. 6(1)(a)). Retention: until consent withdrawn.
Website analytics & performance — Lawful basis: Legitimate Interests (Art. 6(1)(f)). Retention: up to 26 months.
Legal & regulatory compliance — Lawful basis: Legal Obligation (Art. 6(1)(c)). Retention: as required by applicable law.

4. Botulinum Toxin & Prescription Medicines

In Ireland, botulinum toxin (anti-wrinkle injections) is a prescription-only medicine. Where you enquire about or book such treatments through our website, we will process your information to facilitate the required prescriber consultation before any treatment is administered, in accordance with the Medicinal Products (Prescription and Control of Supply) Regulations 2003 (as amended) and guidance from the Medical Council of Ireland.

This processing is carried out under Article 9(2)(h) GDPR (healthcare provision) and applicable Irish healthcare legislation.

5. Online Booking System

We use Phorest Practice Management Software to manage online bookings, client records, appointment scheduling, and related communications. When you book through our website, your information is processed within the Phorest platform.

Phorest acts as a Data Processor on our behalf under a written Data Processing Agreement and implements appropriate technical and organisational security measures.

For further information on Phorest’s data practices, please refer to their Privacy Policy at www.phorest.com.

6. Marketing Communications

We will only send you promotional emails, SMS messages, or newsletters where you have given your explicit consent. Each communication will include a clear and easy option to opt out at any time.

You may withdraw your consent at any time by:

Clicking the “unsubscribe” link in any marketing email
Contacting us at privacyaesthetictherapyclinic@gmail.com
Requesting removal directly at your next appointment

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

7. Sharing Your Personal Information

We do not sell, rent, or trade your personal information to any third party.

We may share information only where necessary and on a lawful basis, with the following categories of recipients:

Healthcare professionals involved in your care (with your knowledge)
Our prescribing clinician or supervising doctor (where required for prescription medicines)
Phorest (booking and practice management system)
IT support and website service providers operating under confidentiality obligations
Payment processors (only what is necessary to process your transaction)
Insurance providers and legal advisors where necessary
Regulatory or statutory bodies where we have a legal obligation to disclose

All third-party processors are subject to contractual obligations to protect your personal information in accordance with GDPR.

8. Cookies

Our website uses cookies. Cookies are small text files placed on your device to help the website function, analyse usage, and personalise your experience.

Strictly Necessary — Essential website functionality, security, session management (session cookies, session duration).
Functional / Preference — Remember your preferences and settings, such as language or region (up to 1 year).
Analytics / Performance — Understand how visitors use our site, e.g. Google Analytics cookies (up to 26 months).
Marketing / Targeting — Only used where separate consent is obtained, e.g. ad platform cookies (up to 24 months).

A cookie consent banner will appear on your first visit to our website. Strictly necessary cookies do not require consent. You may update your cookie preferences at any time via Cookie Settings in our website footer.

You may also manage cookies through your browser settings; however, disabling certain cookies may affect website functionality.

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal information, including:

Encrypted data transmission (SSL/TLS) across our website
Password-protected and access-controlled systems
Role-based staff access to patient data
Secure cloud storage with regular backups
Regular review of security procedures

While we take all reasonable precautions, no method of electronic transmission or data storage is entirely secure. In the event of a personal data breach that poses a risk to individuals, we will notify the Data Protection Commission within 72 hours and affected individuals without undue delay, as required by GDPR Article 33/34.

10. International Transfers

We endeavour to keep your data within the European Economic Area (EEA). Where any service provider processes data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions recognised under Article 45 GDPR

Details of any such transfers and the safeguards applied are available on request.

11. Your Rights Under GDPR

As a data subject, you have the following rights, which you may exercise free of charge:

Right of Access (Art. 15) — Obtain a copy of the personal data we hold about you.
Right to Rectification (Art. 16) — Have inaccurate or incomplete data corrected.
Right to Erasure (Art. 17) — Request deletion of your data (subject to legal retention obligations).
Right to Restriction (Art. 18) — Restrict how we process your data in certain circumstances.
Right to Data Portability (Art. 20) — Receive your data in a structured, machine-readable format.
Right to Object (Art. 21) — Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent — Withdraw consent for marketing or optional processing at any time.
Right to Lodge a Complaint — Complain to the Data Protection Commission of Ireland (dataprotection.ie).

To exercise any of the above rights, please contact us in writing at privacyaesthetictherapyclinic@gmail.com. We will respond within one calendar month. We may need to verify your identity before processing your request. No fee is charged unless the request is manifestly unfounded or excessive.

12. Children

Our website and services are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18 without verifiable parental or guardian consent. If you believe we have inadvertently collected data from a minor, please contact us immediately.

13. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal obligations. The most current version will always be published on our website. Where changes are material, we will notify you by email or prominent notice on our website.

15. Contact & Complaints

Contact Our Data Controller

Aesthetic Therapy Clinic

Unit 5, Ballypheason House, Athlone Road, Roscommon Town, Co. Roscommon, F42 C982

Phone: (083) 371 5260

Data Privacy Email: privacyaesthetictherapyclinic@gmail.com

If you are not satisfied with our response to your data query, you have the right to lodge a complaint with:

Data Protection Commission of Ireland

21 Fitzwilliam Square South, Dublin 2, D02 RD28

Phone: +353 (0)1 765 0100

Email: info@dataprotection.ie

Website: www.dataprotection.ie