Privacy Policy

Beyond Medispa Limited

Last updated: May 2026

在 Beyond Medispa Limited, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website, contact us, book an appointment, or receive treatment from us.

We aim to keep this policy clear and easy to understand. We handle personal information carefully, confidentially and in line with the UK General Data Protection Regulation, the Data Protection Act 2018, and other applicable UK privacy laws. The ICO says privacy information should be clear, concise and transparent, and health data requires additional protection as special category data.

1. Who We Are

Beyond Medispa Limited is an aesthetics clinic based in the United Kingdom.

Website: beyondmedispa.com
Address: Office 3 Downs Meadow Stables, Ranmore Road, Dorking, England, RH4 1HW
Telephone: 020 4642 5480
Email: london@beyondmedispa.com

For the purposes of data protection law, Beyond Medispa Limited is the “data controller” of the personal information we collect and use.

2. What Information We Collect

We may collect and use the following types of personal information.

Personal details

This may include:

Your name
Address
Email address
Telephone number
Date of birth, where required
Emergency contact details, where relevant

Appointment and enquiry information

This may include:

Appointment dates and times
Treatment interests
Enquiry form submissions
Consultation requests
Notes from calls, emails, WhatsApp messages or other communications

Medical and health information

Because we provide aesthetic treatments, we may need to collect health-related information to make sure treatments are safe and suitable for you. This may include:

Medical history
Current or previous health conditions
Allergies
Medication information
Contraindications
Treatment suitability information
Consultation notes
Consent forms
Before and after treatment records, where relevant

Health information is treated as special category data and is handled with extra care. The ICO confirms that health data is special category data and generally requires both a lawful basis under Article 6 UK GDPR and a separate Article 9 condition.

Payment information

We may collect limited payment-related information, such as:

Treatment costs
Invoices
Payment confirmations
Transaction records

We do not usually store full card details ourselves. Payment information may be processed by secure third-party payment providers where applicable.

Website and cookie information

When you visit our website, we may collect information such as:

IP address
Browser type
Device information
Pages visited
How you interact with our website
Cookie preferences

We use cookies and similar technologies to help our website work properly and to understand how people use it.

3. How We Collect Your Information

We may collect personal information when you:

Visit our website
Complete an enquiry form
Contact us by phone, email or WhatsApp
Book an appointment through Phorest
Attend a consultation or treatment
Make a payment
Agree to receive marketing communications
Interact with our online advertising or website analytics tools

4. How We Use Your Information

We use your personal information to:

Respond to your enquiries
Book and manage appointments
Provide consultations and aesthetic treatments
Assess whether a treatment is safe and suitable for you
Keep accurate clinical and treatment records
Send appointment reminders and service messages
Manage payments, invoices and accounts
Communicate important clinic information
Improve our services and website
Meet legal, regulatory, insurance and professional obligations
Send marketing communications, where permitted
Measure the effectiveness of our website and advertising

We will only use your information where we have a valid legal reason to do so.

5. Our Legal Basis for Using Your Information

Under UK data protection law, we must have a lawful basis for using your personal information. Depending on the situation, we may rely on one or more of the following.

Contract

We may use your information where it is necessary to provide services you have requested, such as booking an appointment or providing treatment.

Consent

We may rely on your consent for certain activities, such as:

Sending some types of marketing communications
Using non-essential cookies
Taking or using images where consent is required
Processing certain health information where explicit consent is appropriate

You can withdraw your consent at any time.

Legal obligation

We may use your information where we need to comply with legal, tax, accounting, regulatory or professional obligations.

Legitimate interests

We may use your information where it is in our legitimate interests as a clinic, provided your rights and freedoms do not override those interests. This may include:

Responding to enquiries
Managing clinic administration
Improving our services
Protecting our business and website
Keeping records of communications

Health and treatment purposes

Where we process health information, we may rely on Article 9 conditions under UK GDPR, including where processing is necessary for the provision of health or care-related services, treatment management, or where explicit consent has been given. Article 9(2)(h) covers health or social care purposes where appropriate safeguards apply.

6. Medical and Aesthetic Treatment Records

We keep treatment records so that we can provide safe, appropriate and consistent care. These records may include consultation notes, treatment plans, consent forms, medical history, product details, aftercare advice and follow-up information.

We only collect the information we need and only authorised members of our team can access it where necessary for their role.

7. Marketing Communications

We may contact you with updates, offers or information about our services where we are allowed to do so by law.

You can opt out of marketing communications at any time by:

Clicking the unsubscribe link in an email, where available
Contacting us directly at Info@beyondmedispa.com
Telling a member of our team

We will still send important service messages, such as appointment confirmations, appointment reminders or treatment-related information.

8. Cookies, Google Analytics and Google Ads

Our website may use cookies and similar technologies. Some cookies are necessary for the website to work properly. Others help us understand how visitors use our website or measure the performance of our advertising.

We may use:

Google Analytics to understand website usage
Google Ads to measure and improve advertising campaigns
Cookies connected to website functionality, analytics and advertising

Non-essential analytics and advertising cookies should only be used with appropriate consent. UK cookie rules are covered by PECR, and the ICO states that cookies and similar technologies require clear information and, in many cases, consent.

You can manage cookies through your browser settings and, where available, through our website cookie banner or cookie preferences tool.

9. Phorest Booking System

We use Phorest to help manage bookings, appointments, client records and clinic communications.

When you book an appointment or interact with us through Phorest, your information may be processed through Phorest’s systems. We only use this information for clinic-related purposes, such as managing your appointments, records and communications.

10. WhatsApp Communications

We may use WhatsApp to communicate with you where appropriate, for example to respond to enquiries or help manage appointments.

Please be aware that WhatsApp is a third-party service. We recommend that you avoid sending highly sensitive medical information through WhatsApp unless necessary. Where you do share information with us by WhatsApp, we will handle it confidentially and in line with this Privacy Policy.

11. Who We Share Your Information With

We do not sell your personal information.

We may share your information only where necessary and appropriate, including with:

Booking and clinic management providers, such as Phorest
Payment service providers
IT, website and hosting providers
Professional advisers, such as accountants, insurers or legal advisers
Healthcare or aesthetic professionals involved in your care, where necessary
Regulators, public authorities or law enforcement bodies where required by law
Google services, such as Google Analytics and Google Ads, where cookies or tracking tools are used

Where we use third-party service providers, we expect them to protect your information and only use it for the agreed purpose.

12. International Transfers

Some third-party providers, such as technology, analytics or advertising providers, may process data outside the UK.

Where personal information is transferred outside the UK, we will take steps to ensure appropriate safeguards are in place, such as approved contractual protections or other lawful transfer mechanisms.

13. How We Protect Your Information

We take appropriate steps to protect your personal information from loss, misuse, unauthorised access, alteration or disclosure.

These steps may include:

Secure digital systems
Password protection
Access controls
Staff confidentiality procedures
Secure record keeping
Limited access on a need-to-know basis
Secure disposal of records when no longer required

While we take reasonable steps to protect your information, no method of online communication is completely secure. Please take care when sending sensitive information by email, WhatsApp or online forms.

14. How Long We Keep Your Information

We keep personal information only for as long as necessary for the purpose it was collected.

Clinical and treatment records may need to be kept for a longer period to meet legal, insurance, regulatory or professional requirements. Other information, such as enquiry records or marketing preferences, may be kept for a shorter period.

When information is no longer required, we will securely delete, anonymise or dispose of it.

15. Your Data Protection Rights

Under UK data protection law, you have rights over your personal information. These may include the right to:

Ask for a copy of the personal information we hold about you
Ask us to correct inaccurate or incomplete information
Ask us to delete your information in certain circumstances
Ask us to restrict how we use your information
Object to certain uses of your information
Withdraw consent where we rely on consent
Ask for your information to be transferred to another provider, where applicable
Complain about how your information is handled

We may need to verify your identity before responding to a request.

To exercise your rights, please contact us using the details below.

16. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact:

Beyond Medispa Limited
Office 3 Downs Meadow Stables
Ranmore Road
Dorking
England
RH4 1HW

Telephone: 020 4642 5480
Email: london@beyondmedispa.com

17. Complaints

If you are unhappy with how we handle your personal information, please contact us first so we can try to resolve your concern.

You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

ICO helpline: 0303 123 1113
Website: ico.org.uk

18. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, website, legal requirements or best practice.

The latest version will be published on our website.