Privacy Policy

KP Aesthetics Ltd trading as Hale Private Clinic

Version 1.0   |   Effective date: 21 June 2026   |   Next review: 21 June 2027   |   Owner: Clinical Director and Registered Manager

This Privacy Policy explains how KP Aesthetics Ltd, trading as Hale Private Clinic (referred to as we, us, our or the Clinic), collects, uses, stores and protects your personal information.

KP Aesthetics and Hale Private Clinic are the same organisation. KP Aesthetics Ltd is the registered company, and Hale Private Clinic is the name under which we provide our regulated hospital services. This single policy applies to both names, to our websites (including kpaesthetics.co.uk and haleprivateclinic.co.uk), to our online enquiry and booking services, and to the personal information we hold about you when you contact us or become a patient, whichever name you know us by.

Hale Private Clinic is an independent hospital registered with the Care Quality Commission. We are committed to protecting your privacy and to handling your information in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations.

As a patient, the way we handle your clinical records is also explained to you as part of your care. If you would like more detail about how your medical information is used at any time, please ask a member of our team.

1. Who we are

KP Aesthetics Ltd, trading as Hale Private Clinic, is the data controller responsible for your personal information. We provide our services under both the KP Aesthetics and Hale Private Clinic names, but we are a single registered company and a single data controller.

Registered and clinic address: 26 to 30 Park Road, Hale, Altrincham, WA15 9NN

Telephone: 0161 359 8889

Company registration number: 12249816

ICO data protection registration number: ZB232755

Data protection contact: Dan Cowsill, Head of Clinical Services, admin@haleprivateclinic.co.uk

2. The information we collect

Information about your visit to our website

When you use our website we may collect technical information including your IP address, approximate location, browser type and version, operating system, the website you came from, the pages you view, and how you move through the site. Some of this information is collected using cookies (see section 6).

Information you give us

We collect the information you provide when you contact us, request a callback, complete an online form, register with us, book an appointment, or subscribe to updates. This usually includes your name, contact details, date of birth, and the content of any message you send us.

Information we receive from others

We sometimes receive information about you from other people and organisations. For example, we may receive details from your GP or another clinician who refers you to us, from your private medical insurer where you are using insurance to fund your care, or from other healthcare providers involved in your treatment. We use this information for the same purposes set out in this policy.

Health and special category information

Because we are a healthcare provider, we also process special category information. This includes information about your health, medical history, treatment, and clinical photographs. If you choose to include health information in a website enquiry, we will treat it with the same protection. Special category information is given extra protection under data protection law, and we explain the conditions we rely on in section 3.

Payment information

When you make a payment, your card details are processed securely by our payment provider. Once entered, full card numbers are not visible to us and we do not store them.

CCTV

We operate CCTV in the public areas of our premises for the safety and security of patients, visitors and staff. CCTV is not used in private clinical or treatment areas. Our use of CCTV is covered in more detail in our separate CCTV Policy.

3. How we use your information and our lawful bases

We only use your personal information where the law allows us to. The table below sets out what we use your information for and the lawful basis we rely on. Where we process special category (health) information, we also rely on an additional condition under Article 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018.

What we use your information forOur lawful basis under data protection law
Providing your care and treatment, and managing your appointments and recordsArticle 9(2)(h) (provision of healthcare and treatment), together with Article 6(1)(b) (performance of a contract) or 6(1)(f) (legitimate interests). The associated health and social care condition in Schedule 1 of the Data Protection Act 2018 also applies.
Responding to your enquiries, callback requests and complaintsArticle 6(1)(f) legitimate interests. Where your message includes health information, Article 9(2)(h) also applies.
Operating, securing and improving our websiteArticle 6(1)(f) legitimate interests.
Taking payment and sending invoicesArticle 6(1)(b) performance of a contract and 6(1)(f) legitimate interests.
Sending you marketing communications you have asked to receiveArticle 6(1)(a) consent, together with the Privacy and Electronic Communications Regulations (PECR).
Meeting our legal and regulatory duties, including safeguarding and reporting to bodies such as the Care Quality CommissionArticle 6(1)(c) legal obligation, with Article 9(2)(h) or 9(2)(b) where health information is involved.
Establishing, exercising or defending legal claimsArticle 6(1)(f) legitimate interests and Article 9(2)(f).

We do not make decisions about your care using automated processing alone. All clinical decisions are made by a suitably qualified clinician.

4. Use of secure systems and AI

To deliver and manage your care, we use secure software applications and cloud based systems for clinical records, bookings, communications, payments, and governance. We only work with providers who meet UK data protection standards and who are bound by written agreements to process your information securely and lawfully on our behalf.

We may use AI assisted tools to support accurate record keeping, for example transcription of consultations or help with preparing letters and reports from information we already hold. These tools support our staff and do not make independent decisions about your care.

5. Marketing

We will only send you marketing communications where you have asked us to, or where the law otherwise allows. You can opt out at any time by using the unsubscribe link in our emails or by contacting us directly.

We do not sell your personal information. We do not share it with third parties for their own marketing without your consent.

6. Cookies and analytics

Cookies are small text files placed on your device when you visit a website. They help the site work properly, improve your experience, and give us information about how the site is used. We use cookies for the basic operation of our website and, where you agree, for analytics that help us understand how the site is used.

When you first visit our website, you can choose which non-essential cookies to accept or reject through the cookie banner. You can also control or delete cookies at any time through your browser settings. General guidance about cookies is available at allaboutcookies.org and from the Information Commissioner’s Office at ico.org.uk.

7. How we share your information

We treat your information as confidential. We only share it where it is necessary and lawful to do so. We may share your information with:

  • Clinical and administrative staff involved in your care.
  • Other healthcare providers, where a referral or onward care is needed.
  • Service providers who process information on our behalf (for example IT, clinical records, booking, payment, and communications providers), under written data processing agreements.
  • Your private medical insurer, where you are using private medical insurance to fund your care.
  • Regulators and authorities where we are required to share information by law, including the Care Quality Commission, professional regulators, and safeguarding or law enforcement bodies.
  • Our professional advisers, and where necessary to establish, exercise or defend legal claims, including for the lawful prevention of fraud and recovery of unpaid amounts.
  • A purchaser or prospective purchaser of our business or assets, under appropriate confidentiality protections.

Any sharing of your information is limited to what is necessary for the specific purpose, and we do not disclose more than is required.

8. Storing your information and international transfers

Your information is stored on secure systems. Some of the providers we use are cloud based, which means your information may be processed on servers located in the UK, the European Economic Area, or in other countries.

Where your information is transferred outside the UK, we make sure appropriate safeguards are in place, such as UK adequacy regulations, the International Data Transfer Agreement, or Standard Contractual Clauses, so that your information continues to receive the protection required by UK data protection law.

9. How long we keep your information

We keep your information only for as long as necessary for the purposes set out in this policy, and to meet our legal, clinical and regulatory obligations.

We retain health and clinical records in line with the Records Management Code of Practice for Health and Social Care. As a general guide, adult records are kept for at least 8 years after the conclusion of treatment, and records relating to children and young people are kept until their 25th birthday (or their 26th birthday if they were 17 at the conclusion of treatment).

Website enquiry information that does not become part of a patient record is normally kept for 12 months, after which it is securely deleted. If your enquiry leads to you becoming a patient, the information becomes part of your clinical record and is kept for the periods described above. Marketing information is kept until you ask us to stop contacting you.

10. Keeping your information secure

We use appropriate technical and organisational measures to protect your information against loss, misuse, unauthorised access, and alteration. These include encryption, access controls, and staff training. Please be aware that the transmission of information over the internet is never completely secure, and while we protect your information once it reaches us, we cannot guarantee the security of information you send to us over the internet.

11. Your rights

Under data protection law you have a number of rights over your personal information. These include the right to:

  • Be informed about how we use your information (which this policy provides).
  • Request a copy of the information we hold about you (a subject access request).
  • Ask us to correct information that is inaccurate or incomplete.
  • Ask us to delete your information, although we may be required by law to keep clinical records for a set period.
  • Ask us to restrict how we use your information, or object to certain uses.
  • Ask us to transfer certain information to another provider (data portability), where this applies.
  • Withdraw your consent at any time, where we rely on your consent.

There is no charge for making a subject access request. We will normally respond within one month. If your request is complex or you have made several requests, we may extend this by up to two further months and will let you know if so. We may ask you to confirm your identity before we respond. We can only refuse a request, or charge a reasonable fee, where the law allows, for example where a request is manifestly unfounded or excessive.

To exercise any of these rights, please contact us at admin@haleprivateclinic.co.uk or by writing to the address in section 1.

12. Children

Our services are provided to adults. Where we hold information relating to a person under the age of 18, we apply additional care and protection in line with our safeguarding responsibilities and data protection law.

13. Links to other websites

Our website may contain links to other websites. Once you leave our site we are not responsible for the privacy practices of those other websites, and this policy does not apply to them. We encourage you to read the privacy information on any website you visit.

14. Changes to this policy

We may update this policy from time to time. When we do, we will post the updated version on our website and change the version number and effective date shown at the top of this document.

15. How to contact us and how to complain

If you have any questions about this policy, or you wish to exercise your rights, please contact us:

By post: KP Aesthetics Ltd t/a Hale Private Clinic, 26 to 30 Park Road, Hale, Altrincham, WA15 9NN

By telephone: 0161 359 8889

By email: admin@haleprivateclinic.co.uk

If you are unhappy with how we have handled your information, you can raise a concern with us directly so that we can put things right. You also have the right to complain to the Information Commissioner’s Office (ICO).

Information Commissioner’s Office: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline 0303 123 1113. Website ico.org.uk.