Privacy Policy

Effective Date: 26.07.2025

Kristine Ekman Aesthetics (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, store, and protect your data when you visit our website or use our services.

1. Who We Are

Kristine Ekman Aesthetics is a private aesthetics clinic offering a range of non-surgical skin and wellness treatments. This Privacy Policy applies to all services provided through our website, bookings, consultations, and treatments.

2. What Information We Collect

We may collect the following personal data:

  • Identification details: Name, date of birth
  • Contact details: Email address, phone number, address
  • Health & medical information: Relevant health history for treatment safety
  • Booking & payment information: Appointment history, payment status
  • Marketing preferences: Consent for email or SMS updates
  • Website usage data: IP address, device type, browser type (via cookies)

3. How We Use Your Information

We process your personal data for the following purposes:

  • To schedule and manage appointments
  • To provide safe and tailored aesthetic treatments
  • To send appointment reminders or follow-up care instructions
  • To comply with legal and clinical documentation requirements
  • To communicate offers, news, or updates (if you’ve consented)

4. Legal Basis for Processing

We only process your personal data where we have a lawful basis, including:

  • Your explicit consent
  • Fulfilling our contractual obligations (e.g., delivering booked services)
  • Legal compliance (e.g., medical records)
  • Legitimate interest, such as improving client service

5. Data Retention

Your personal data is kept for no longer than necessary. Medical records are retained in accordance with clinical regulatory guidelines (typically for 7 years after your last treatment).

6. Sharing Your Data

We never sell your personal data. We may share limited data with:

  • Professional bodies or regulators (if legally required)
  • Secure payment processors (e.g., Stripe, Square)
  • IT service providers supporting our booking systems or emails

All third-party services are GDPR-compliant and under strict confidentiality agreements.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request corrections or updates
  • Withdraw consent at any time
  • Request data erasure (where legally permissible)
  • Object to or restrict certain types of processing

To exercise these rights, contact us at [insert email address].

8. Cookies and Website Tracking

We use essential cookies and anonymous tracking tools (like Google Analytics) to improve website performance and user experience. You can manage your cookie preferences via your browser settings.

9. Security Measures

We implement appropriate security protocols including:

  • Encrypted booking and communication systems
  • Role-based access to client records
  • Regular data protection reviews and staff training

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact