Privacy Notice

Last updated: 18 April 2026. This notice explains how Medipro Clinics handles your personal data. It is written to meet the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This is a plain-English version of a legal document — please contact us if you want the detail expanded on any point.

Who we are

Medipro Clinics (“we”, “us”) is a medical aesthetics clinic at 1 Mossley Road, Oldham, Saddleworth, OL4 4HH. We are the data controller for the personal information collected through this website and during treatment. Our ICO registration number will be added here.

What we collect

  • Enquiry data — name, email, phone number and the message you send via the contact form.
  • Booking data — when you book online through our booking system, we collect your name, email, phone, chosen service, appointment details and payment/deposit information.
  • Clinical data — medical history, consent forms, photographs before/after treatment and treatment notes. This is “special category” data and is handled with additional protections.
  • Website data — with your consent, we use cookies and analytics to understand how the site is used (see our Cookie Policy).

Why we collect it — legal bases

  • To respond to enquiries and provide treatment — performance of a contract (Art 6(1)(b) UK GDPR) and, for medical data, explicit consent or provision of healthcare (Art 9(2)(a) / (h)).
  • To comply with our legal obligations — e.g. clinical record-keeping (Art 6(1)(c)).
  • To improve the site — consent given via our cookie banner (Art 6(1)(a) and PECR).
  • To send marketing — only where you have ticked the marketing checkbox or previously booked treatment with us under the PECR soft opt-in.

Who we share it with

We share the minimum necessary to run our clinic:

  • Ovatu / Book.app — our booking system, receives your booking details and deposit payment information.
  • Stripe — processes your deposit or payment. We do not see or store your full card details.
  • Klaviyo — email and marketing platform. Stores your name, email and phone if you have consented to marketing. Data is transferred to the United States under the UK-US Data Bridge (UK Extension to the EU-US Data Privacy Framework).
  • Meta (Facebook/Instagram) — with your consent, the Meta Pixel and Conversions API send anonymised event data about how you use the site. Data transferred to the US under the Data Bridge.
  • Google — with your consent, Google Analytics 4 collects anonymised usage data.
  • Email hosting and IT support — our email provider (and occasional external IT support) may process enquiry data in the course of delivering those services under a data processing agreement.
  • Regulatory bodies — if required by law, we will disclose to the ICO, CQC (where applicable), MHRA, or a professional regulator.

How long we keep it

  • Clinical records — 8 years after the last treatment for adults, and longer for under-18s, in line with NHS/GMC record-retention guidance.
  • Enquiry emails — 2 years unless you become a client.
  • Marketing contacts — until you unsubscribe, then suppressed.
  • Analytics data — up to 14 months in GA4 (default).

Your rights

Under UK GDPR you have the right to:

  • Be informed (this notice)
  • Access your data
  • Have inaccurate data corrected
  • Have data erased where we no longer need it (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time where we rely on it
  • Complain to the Information Commissioner’s Office (ico.org.uk or 0303 123 1113)

Contact us

Email Info@mediproaesthetics.com or write to Medipro Clinics, 1 Mossley Road, Oldham, Saddleworth, OL4 4HH. We aim to respond to privacy requests within 30 days.

Note to clients: This notice is a working draft. A final version will be reviewed by a data-protection solicitor and any changes will be reflected here with an updated date.