Privacy Policy

Effective Date: 03/05/2026

1. Introduction

Dr Yousrah Aesthetics® (“we”, “our”, “us”) is committed to protecting your privacy and ensuring your personal information is handled securely. This Privacy & Cookie Policy explains:

• What personal information we collect
• How we use and store your data
• Your rights under the UK GDPR
• How we use cookies and your choices via Cookiebot

By using our website or booking a treatment, you agree to the practices described in this policy.

2. Information We Collect

We may collect the following personal information when you use our website, book consultations, or purchase products/services:

• Personal Information: Name, email address, phone number, postal address
• Medical Information: Treatment history, health conditions, consent forms
• Payment Information: Credit/debit card details (processed securely via Stripe)
• Online Activity: IP address, device/browser information, website usage
• Bookings: Appointment details via Paubau booking system

3. How We Use Your Information

Your personal data is used for:

• Providing aesthetic treatments and advice
• Managing appointments and bookings
• Processing payments for products and services
• Sending marketing communications if you have opted in
• Complying with legal and regulatory obligations
• Improving our website, products, and services
• Preventing fraud and ensuring clinic safety

4. Legal Basis for Processing

We process your personal data under the following UK GDPR lawful bases:

• Consent: Where you have given consent for marketing communications
• Contract: Necessary for fulfilling treatments and services you request
• Legal Obligation: To comply with UK law and professional obligations
• Legitimate Interests: To improve our services, website functionality, and prevent fraud

5. Sharing Your Data

We may share your personal data with:

• Stripe – for secure payment processing
• Paubau – for appointment booking management
• Legal authorities, if required by law
• Professional advisers for operational purposes (secure & confidential)

We do not sell your data to third parties.

6. Data Retention

• Personal and medical records: Retained securely for at least 7 years in line with UK medical record requirements
• Marketing data: Stored until you withdraw consent or unsubscribe

7. Your Rights

You have the following rights under UK GDPR:

• Access your personal data (Subject Access Request)
• Request correction of inaccurate data
• Request deletion of your data (“Right to be Forgotten”)
• Object to processing or withdraw consent
• Request restriction of processing
• Data portability
• Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact: [Insert Email]

8. Cookies

What Are Cookies?

Cookies are small text files stored on your device that help the website function properly and improve your experience.

Types of Cookies We Use

Cookie Consent & Management

Our website uses a Cookie Consent banner powered by Cookiebot. This allows you to:

• Accept or decline non-essential cookies
• Change your cookie preferences at any time
• Withdraw consent for analytics or marketing cookies

Note: Essential cookies are always active to ensure the website functions correctly.

9. Security

We implement appropriate technical and organisational measures to protect your personal data:

• SSL encryption for forms and payments
• Secure servers with restricted access
• Encrypted backups
• Regular data protection audits

10. International Transfers

Your data is processed within the UK and EU. No international transfers occur without adequate safeguards.

11. 11. Changes to This Policy

We may update this Privacy & Cookie Policy periodically. Please check this page regularly for updates. Changes are effective immediately upon posting.

12. 12. Contact Us

For questions, access requests, or complaints, contact:

Email: info@dryousrahaesthetics.com