Skip to main content
CallWhatsAppBOOK

Privacy Policy

Last updated: 19 May 2026

Our Commitment

Innoderm Aesthetic Clinic is committed to the protection of all personal information provided to us by our clients and customers, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

We ensure that all personal information we hold is:

  • Obtained and processed lawfully and fairly
  • Held securely and protected against unauthorised access
  • Accurate and kept up to date
  • Relevant and not excessive for the purpose for which it is held
  • Processed only for the specific and lawful purposes for which it was collected
  • Not retained for longer than is necessary

Information We Collect

We collect relevant personal information to enable us to provide our services. This may include:

  • Full name
  • Home and correspondence address
  • Email address
  • Telephone number
  • Medical history and health information necessary for safe treatment

How We Use Your Information

Your personal information is used solely for the purposes for which it was provided — primarily to deliver, manage and improve the services you have requested from us. We retain your information only for as long as is necessary, after which it will be securely archived or destroyed, unless we are required to retain it for legal, accounting, regulatory, or auditory reasons.

Sharing Your Information

We will never sell, trade, or loan your personal information to any third party. Your data is treated with the utmost confidentiality and shared only where strictly necessary to deliver our services or where required by law.

Third-Party Services We Use

To run our website and deliver our services, we rely on the following third-party processors. Each is bound by their own privacy terms and applicable data-protection law.

Service delivery (always active, no consent required)

  • Pabau — patient management system used by the clinic to schedule appointments and hold medical records. Patient name, contact details, and treatment information are transmitted to Pabau when you complete a booking.
  • Stripe — payment processor for booking deposits and treatment fees. Card details are entered directly into Stripe's hosted form; we never see or store them. Stripe receives the amount, currency, and your email for receipts.
  • Resend — transactional email service used to send booking confirmations, payment notifications, and contact-form acknowledgements.
  • Sanity — content management system that hosts the treatment descriptions, team biographies, and other editorial content shown on the site. No patient data is sent to Sanity.
  • Cloudflare — content delivery network and edge security layer that sits in front of our website. Cloudflare may process your IP address and request headers for caching and DDoS protection.
  • Sentry — error monitoring used to detect and diagnose technical faults on the site. Sentry may capture your IP address, browser version, and the URL where an error occurred. We mask patient data in error reports.
  • Google Places API — used server-side to fetch our public Google business reviews for display on the homepage. No information about you is sent to Google through this integration.

Analytics (loaded only with your consent)

  • Google Analytics 4 (measurement ID G-VR5H0RWD1F) — measures aggregate site usage so we can understand which pages and treatments are most useful. Stores cookies (_ga, _ga_*) and pseudonymous identifiers.
  • Microsoft Clarity (project wt7c096w55) — records anonymised session replays and heatmaps so we can see where the booking flow gets stuck. Form inputs and payment fields are masked at recording time and never reach Microsoft's servers.

Marketing (loaded only with your consent)

  • Meta Pixel (pixel ID 949299241437124) and Meta Conversions API — measure the effectiveness of our Facebook and Instagram advertising. The browser pixel sets cookies; the server-side Conversions API sends a deduplicated copy of conversion events. Email and phone are hashed (SHA-256) before transmission.

You can withdraw consent for the analytics and marketing categories at any time using the Cookie Preferences link in the website footer.

Your Rights

Under UK GDPR you have the right to access, rectify, erase, restrict, or port the personal data we hold about you, and to object to processing. To exercise any of these rights, contact us at the email below. We will respond within one calendar month. Subject access requests are normally free of charge; we may charge a reasonable fee or refuse to act if a request is manifestly unfounded or excessive.

If you believe we have mishandled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

Our website uses cookies to improve your experience. Please refer to our Cookies Policy for full details on how we use cookies and how you can control them.

Terms of Use

Use of this website is at your own risk. No information contained within the Innoderm Aesthetic Clinic website shall constitute a contract with any user. The clinic accepts no responsibility for direct or indirect issues arising from the use of this website.

This website may contain links to third-party websites. We accept no liability for the content of those sites or for any damages arising from their use.

Contact Us

If you have any questions or concerns regarding this privacy policy or the personal information we hold about you, please contact us at:

Email: [email protected]