Privacy Policy

Last Updated: 22/02/2026

Oximis Aesthetic LTD ("Company", "we", "our", "us") is the Data Controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to protecting your privacy and ensuring that your personal data is handled securely and lawfully.

1. Information We Collect

We may collect and process the following categories of personal data:

1.1 Contact Information

Name, phone number, email address, and address provided when booking appointments or contacting us.

1.2 Appointment & Service Information

Details of treatments booked and provided.

1.3 Health Information (Special Category Data)

Relevant medical history, allergies, medications, or other health information necessary to assess suitability and safely deliver aesthetic treatments.

1.4 Payment Information

Payments are processed securely via third-party providers. We do not store full card details.

1.5 Technical & Usage Data

IP address, browser type, device type, and website interaction data collected through cookies.

2. Lawful Basis for Processing

We process your personal data under the following legal bases:

  • Contractual necessity – to provide booked services.

  • Legal obligation – to comply with medical, insurance, and regulatory requirements.

  • Legitimate interests – to improve our services and manage bookings.

  • Explicit consent – for processing health data and marketing communications.

Health information is processed strictly in accordance with Article 9(2)(a) UK GDPR (explicit consent).

3. How We Use Your Information

We use your information to:

  • Assess treatment suitability and ensure patient safety

  • Provide aesthetic services

  • Manage appointments

  • Process payments

  • Communicate regarding bookings

  • Comply with regulatory and insurance obligations

  • Send marketing communications (only with consent)

4. Sharing of Data

We do not sell your personal data.

We may share data with:

  • Secure payment processors

  • Booking and website hosting providers

  • Professional advisers or insurers

  • Regulatory authorities where legally required

All third parties are required to process your data in compliance with UK data protection law.

5. Data Retention

Client medical records may be retained for up to 7 years in accordance with professional and insurance requirements.

After the retention period, data will be securely deleted or anonymised.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including secure storage, encryption, and restricted access.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your data

  • Request correction

  • Request erasure (subject to legal obligations)

  • Restrict processing

  • Data portability

  • Withdraw consent

  • Object to marketing

To exercise your rights, contact us at:
📧 lanakornijcuka@gmail.com

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://ico.org.uk

8. Children

Our services are strictly for individuals aged 18 and over.

9. Changes

We may update this policy periodically. Updates will be published on this page.

10. Contact Details

Oximis Aesthetic LTD
93 Thornton Rd, Carshalton, England, SM5 1NN
Email: lanakornijcuka@gmail.com
Phone: 07743750230