Privacy Policy
Dr Hans Clinics (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect your personal data in line with UK GDPR, the Data Protection Act 2018, and relevant healthcare regulations.
1. What Data We Collect
We may collect and process the following categories of personal data:
● Identity & Contact Data: Name, address, phone, email, date of birth.
● Medical Data: Medical history, allergies, photographs, consultation notes, diagnostic results, prescriptions, referral letters, and any other clinically relevant data.
● Treatment Data: Records of procedures carried out (PRP, injectables, laser/IPL, Tixel, LPG Endermologie, diagnostics, hair/scalp analysis, etc.).
● Consent Data: Signed treatment consent forms, psychological screening forms (including BDD screening where applicable).
● Financial Data: Payment records (processed securely via third-party providers; we do not store card details).
● Technical Data: IP address, browser type, cookies, analytics (via Google Analytics or similar).
● Third-Party Data: Results and reports from partner laboratories, diagnostic centres, and software platforms (e.g., hair analysis or imaging systems).
2. How We Use Your Data
We use your data for:
● Medical purposes: Consultations, diagnostics, treatments, and follow-up care.
● Administration: Appointment booking, reminders, invoices, and records.
● Legal compliance: Record-keeping as required under UK medical law.
● Training & audit: For staff education, quality assurance, and clinic safety checks (with your consent where required).
● Marketing (optional): Only where you have opted in (e.g., newsletters, promotions).
We never sell your data.
3. Legal Basis for Processing
We process your data under the following legal bases:
● Medical treatment contract – necessary to provide safe care.
● Consent – e.g., for photographs, marketing, or specific treatments.
● Legal obligation – to meet regulatory and tax requirements.
● Legitimate interest – improving our services, training, and protecting clinic safety.
4. Sharing Your Data
We may share your data with:
● Diagnostic labs & partner providers – when tests or referrals are required.
● Regulators (e.g., CQC, MHRA, GMC if applicable) – where legally required.
● Third-party service providers – e.g., secure booking software, medical photography tools, hair analysis/imaging platforms.
● Other healthcare professionals – if referral/continuity of care is clinically necessary.
All third parties comply with UK GDPR and process data under strict agreements.
5. How Long We Keep Your Data
● Medical records: At least 10 years in line with NHS and GMC/CQC guidance.
● Financial records: Minimum 6 years for HMRC compliance.
● Marketing consent: Until you withdraw consent.
6. Your Rights
Under UK GDPR you have the right to:
● Access, correct, or request deletion of your data.
● Restrict or object to processing.
● Withdraw consent at any time.
● Request data portability.
Requests should be directed to [Insert Data Protection Officer email].
7. Data Security
● Data is stored securely (encrypted systems, password-protected devices).
● Paper records are stored in locked cabinets in restricted areas.
● Images sent via WhatsApp/email are transferred to secure patient records and deleted from personal devices.
8. Cookies & Website Data
● Our website uses cookies for analytics and performance.
● By browsing, you consent to cookie use; you can disable them in browser settings.
9. Updates
We may update this policy periodically. The latest version will always be available on our website.