Privacy Policy

Last updated: 28/07/2025

1. Introduction

Marcia Medical & Cosmetic ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

2. Information We Collect

Personal Information

We may collect personal information that you provide directly to us, including:

• Name and contact details (email, phone number, address)
• Medical history and health information relevant to treatments
• Photographs for treatment planning and records
• Payment and billing information
• Communication preferences

Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and browser information
• Pages visited and time spent on our site
• Referring website information
• Device and operating system information

3. How We Use Your Information

We use your personal information to:

• Provide medical and cosmetic treatments and services
• Schedule appointments and send reminders
• Maintain medical records as required by law
• Process payments and manage billing
• Communicate about your treatments and aftercare
• Send marketing communications (with your consent)
• Improve our website and services
• Comply with legal and regulatory requirements

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Consent: For marketing communications and non-essential cookies
• Contract: To provide treatments and services you've requested
• Legal obligation: To maintain medical records and comply with healthcare regulations
• Legitimate interests: To improve our services and prevent fraud

5. Information Sharing and Disclosure

We may share your information with:

• Healthcare professionals: When referring to specialists or for consultation
• Insurance providers: For treatment authorisation and claims (with consent)
• Legal authorities: When required by law or to protect safety
• Service providers: Who assist with appointment booking, payments, or website maintenance

We never sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes:

• Encrypted data transmission and storage
• Secure server infrastructure
• Regular security assessments
• Staff training on data protection
• Access controls and authentication

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide ongoing care and maintain medical records (typically 8 years after last treatment)
• Comply with legal and regulatory requirements
• Resolve disputes and enforce agreements

8. Your Rights

Under GDPR and UK data protection law, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal requirements)
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: For processing based on consent

9. Cookies and Tracking

Our website uses cookies to improve functionality and user experience. You can control cookie preferences through your browser settings. Essential cookies are necessary for the website to function properly.

10. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing personal information.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting the updated policy on our website with a new "last updated" date.

12. Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us:

13. Supervisory Authority

If you have concerns about how we handle your personal data, you can contact the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: