Rewind Time Aesthetics

Privacy Policy

How We Protect Your Information

Last updated: April 22, 2025

Table of Contents

Terms of ServiceReturn to Homepage

Introduction

At Rewind Time Aesthetics ("we," "us," or "our"), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or communicate with us.

We adhere to the principles of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By accessing or using our services, you consent to the practices described in this Privacy Policy.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, you should not use our services. By accessing or using our services, you indicate that you understand, accept, and consent to the practices described in this policy.

Information We Collect

We may collect several types of information from and about users of our services, including:

Personal Information

Personal information is data that can be used to identify you as an individual. We may collect the following personal information:

  • Identity Information: Name, date of birth, gender
  • Contact Information: Email address, telephone number, postal address
  • Health Information: Medical history, allergies, medications, and other health-related information relevant to our aesthetic treatments
  • Treatment Information: Details of consultations, treatments received, products used, before and after photos (with your consent)
  • Payment Information: Credit/debit card details, billing address, transaction history

Usage Data

We may collect information about how you interact with our website and services:

  • Log Data: IP address, browser type, pages visited, time spent on pages, access times, and other statistics
  • Device Information: Type of device, operating system, unique device identifiers
  • Location Data: General location information derived from your IP address

How We Collect Your Information

We collect information through various methods:

  • Direct Interactions: Information you provide when booking appointments, completing forms, corresponding with us, or receiving treatments
  • Automated Technologies: Cookies, server logs, and similar technologies when you visit our website
  • Third Parties: Business partners, service providers, and publicly available sources

How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing Services: To deliver the aesthetic treatments and services you request, manage your appointments, and maintain our relationship with you
  • Health and Safety: To assess your suitability for treatments, manage risks, and ensure your safety during procedures
  • Communication: To respond to your enquiries, provide customer support, and send appointment reminders, treatment aftercare instructions, and service updates
  • Improvement: To improve our website, services, customer experience, and business operations
  • Marketing: To send promotional communications about new treatments, special offers, and events (where you have given consent or we have a legitimate interest to do so)
  • Legal Obligations: To comply with legal requirements, enforce our terms, protect our rights, and ensure the safety of our clients and staff

Lawful Basis for Processing

We process your personal data on the following legal grounds:

  • Contract: Processing necessary for the performance of our contract with you to provide aesthetic services
  • Consent: Where you have given clear consent for specific purposes, such as marketing communications or the use of before/after photos
  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our services or preventing fraud, provided these interests do not override your fundamental rights
  • Legal Obligation: Where processing is necessary to comply with our legal obligations

Special Category Data

Health information is considered "special category data" under UK data protection laws. We process this data based on:

  • Your explicit consent
  • The necessity for the provision of health care or treatment
  • Reasons of substantial public interest

Information Sharing

We may share your personal information with:

  • Service Providers: Third-party vendors who perform services on our behalf, such as appointment booking systems, payment processors, IT and system administrators, and marketing platforms
  • Professional Advisors: Such as lawyers, accountants, auditors, insurers, and bankers who provide consultancy, legal, insurance, accounting, and similar services
  • Regulatory Bodies: Healthcare regulators, tax authorities, and other regulatory bodies when required by law
  • Healthcare Professionals: Other healthcare providers involved in your care, with your consent
  • Business Transfers: In connection with a business transaction such as a merger, acquisition, or sale of assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

Some of our external third-party providers may be based outside the United Kingdom, which means your data may be processed outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring data to countries deemed to provide an adequate level of protection by the UK government
  • Using specific contracts approved by the UK government that give personal data the same protection it has in the UK
  • Transferring data to US providers that are part of binding corporate rules or approved certification schemes

Cookies & Technologies

We use cookies and similar tracking technologies to track activity on our website and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

Types of Cookies We Use

  • Essential Cookies: Necessary for the website to function properly and cannot be switched off
  • Performance/Analytics Cookies: Help us understand how visitors interact with our website
  • Functionality Cookies: Enable enhanced functionality and personalisation
  • Targeting Cookies: Record your visit to our website, the pages you visit, and the links you follow to make our advertising more relevant

Cookie Management

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

Data Security

We have implemented appropriate security measures to protect your personal information from accidental loss, unauthorised access, use, alteration, and disclosure. These measures include:

  • Encryption of sensitive data
  • Secure storage systems for client records
  • Staff training on data protection
  • Regular security assessments
  • Access controls on a need-to-know basis

While we use commercially reasonable efforts to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Data Retention

We will retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

For medical records related to aesthetic treatments, we typically retain this information for a minimum of 10 years after your last contact with us, in accordance with healthcare record-keeping guidelines. In some cases, we may anonymise your personal data (so it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your Rights

Under UK data protection laws, you have rights regarding your personal data, including:

  • Right to Access: You have the right to request copies of your personal information
  • Right to Rectification: You have the right to request that we correct inaccurate or complete incomplete information
  • Right to Erasure: You have the right to request that we delete your personal information in certain circumstances
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your information in certain circumstances
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances
  • Right to Data Portability: You have the right to request that we transfer your data to another organisation or directly to you

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

How to Exercise Your Rights

To exercise your rights, please contact us using the details provided in the "Contact Information" section. We will respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so that we can take steps to remove such information from our systems.

Changes to Privacy Policy

We may update our Privacy Policy from time to time. Any changes we make to our Privacy Policy will be posted on this page, and if the changes are significant, we will provide a more prominent notice or directly notify you by email.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the changes.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Rewind Time Aesthetics
1 Oddfellows House
High Street
Glynneath
SA11 5AW

Email: rewindtimeaesthetics@outlook.com
Phone: 07970 735244

Our Data Protection Officer can be contacted at the above address or by email at rewindtimeaesthetics@outlook.com.