BeReady Clinic

Privacy Policy

How we collect, use, store, and protect your personal information

Last Updated: 26 December 2025

We are committed to protecting your privacy and complying with UK GDPR and the Data Protection Act 2018.

Quick Navigation

IntroductionInformation We CollectHow We Use Your InformationHow We Share InformationData SecurityData RetentionYour Rights Under UK GDPRCookies & Website TrackingThird-Party LinksChildren's PrivacyInternational Data TransfersChanges to This PolicyComplaints & Consent

BeReady Clinic ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, book appointments, or receive treatments at our clinic in Milton Keynes.

As a medical aesthetics and wellness clinic, we process sensitive personal and medical data. We take our responsibilities under UK GDPR and the Data Protection Act 2018 extremely seriously and are committed to maintaining the highest standards of data protection.

Clinic Details

  • Business Name: BeReady Clinic
  • Address: Calshot Drive, Kingsmead, Milton Keynes, MK4 4LR
  • Email: info@bereadyclinic.com
  • Phone: 07525 138354
  • Website: bereadyclinic.co.uk

1.1 Personal Information

When you book an appointment or enquire about our services, we collect:

  • Full name
  • Date of birth
  • Contact details (email address, phone number, postal address)
  • Emergency contact information

1.2 Medical Information

To provide safe and effective treatments, we collect and process:

  • Medical history and current health conditions
  • Current medications and supplements
  • Previous aesthetic treatments and procedures
  • Allergies and contraindications
  • Pregnancy or breastfeeding status
  • Recent operations or medical interventions
  • Consultation notes and treatment records
  • Treatment consent forms

1.3 Visual Records

With your explicit consent, we may collect:

  • Before and after photographs for clinical records
  • Before and after photographs for marketing purposes (only with separate, explicit consent)
  • Treatment progress photographs

1.4 Payment Information

  • Billing address
  • Payment card details (processed securely through our third-party payment provider)
  • Transaction history
  • Deposit and payment records

1.5 Technical Information

When you visit our website, we automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent on pages
  • Referring website
  • Location data (city/region level)

1.6 Marketing and Communication Preferences

  • Your consent preferences for marketing communications
  • Communication history with our clinic
  • Appointment reminders and aftercare instructions

2.1 Treatment and Clinical Care

We process your medical information to:

  • Assess your suitability for treatments
  • Provide safe and effective aesthetic and wellness treatments
  • Maintain accurate clinical records
  • Monitor treatment progress and outcomes
  • Provide aftercare advice and support
  • Comply with medical and professional standards
Legal Basis: Processing is necessary for the provision of medical treatment and healthcare services under Article 9(2)(h) UK GDPR.

2.2 Appointment Management

We use your contact information to:

  • Confirm appointments
  • Send appointment reminders
  • Reschedule appointments when necessary
  • Process cancellations
  • Contact you regarding your treatment
Legal Basis: Performance of contract and legitimate interests.

2.3 Payment Processing

We process payment information to:

  • Take deposits and full payments
  • Process refunds where applicable (in accordance with our Terms & Conditions)
  • Maintain financial records
  • Prevent fraud
Legal Basis: Performance of contract and legal obligation.

2.4 Legal and Regulatory Compliance

We retain records to:

  • Comply with professional indemnity insurance requirements
  • Meet regulatory obligations for medical aesthetics practitioners
  • Respond to legal claims or regulatory investigations
  • Maintain clinical governance standards
Legal Basis: Legal obligation and legitimate interests.

2.5 Marketing Communications (With Your Consent)

With your explicit consent, we may send you:

  • Promotional offers and special packages
  • Information about new treatments and services
  • Seasonal wellness tips and advice
  • Clinic news and updates
Legal Basis: Consent (which you can withdraw at any time).

2.6 Before & After Portfolio (With Explicit Consent)

We will only use your before and after photographs for educational or marketing purposes if you have provided separate, explicit written consent. You can withdraw this consent at any time.

Legal Basis: Explicit consent under Article 9(2)(a) UK GDPR.
We respect your privacy and will never sell your personal data. We only share information in the following limited circumstances.

3.1 Medical Professionals

We may share relevant medical information with:

  • Our prescribing medical practitioner (for prescription treatments)
  • Your GP or medical specialist (only with your explicit consent or in medical emergencies)
  • Medical consultants for second opinions (anonymised where possible)

3.2 Service Providers

We work with trusted third-party providers who process data on our behalf:

  • Payment processors (for secure card payments)
  • Booking system provider (for appointment management)
  • Email service provider (for appointment confirmations and marketing communications)
  • Website hosting provider
  • IT support and security providers

All service providers are bound by data processing agreements and process data only in accordance with our instructions.

3.3 Insurance and Legal Compliance

We may share information with:

  • Our professional indemnity insurance provider
  • Legal advisors in case of claims or disputes
  • Regulatory bodies if required by law
  • Law enforcement if legally required

3.4 Business Transfer

In the event that we sell or transfer our business, your personal data may be transferred to the new owner, subject to the same privacy protections.

We implement appropriate technical and organisational measures to protect your personal data:

  • Secure storage: Clinical records are stored securely with access restricted to authorised personnel only
  • Access controls: Only authorised staff and our prescribing medical practitioner have access to your medical information
  • Encrypted transmission: Our website uses SSL/TLS encryption for secure data transmission
  • Secure payment processing: Payment card details are processed through PCI-DSS compliant payment processors
  • Regular security reviews: We regularly review and update our security measures
  • Staff training: All team members receive data protection training
  • Confidentiality agreements: All staff and contractors are bound by confidentiality obligations
Despite our security measures, please be aware that no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

We retain your personal data only for as long as necessary:

5.1 Clinical Records

  • Medical records and treatment notes: 7 years from the date of last treatment (in line with medical record-keeping guidelines)
  • Consent forms: 7 years
  • Photographs (clinical use): 7 years or until you request deletion

5.2 Financial Records

  • Payment records: 7 years (in accordance with tax and accounting regulations)
  • Invoices and receipts: 7 years

5.3 Marketing Communications

  • Marketing consent records: Until you withdraw consent, plus additional time to process your request
  • Email communications: Until you unsubscribe

5.4 Website Analytics

  • Analytics data: 26 months (Google Analytics default retention period)

After the retention period expires, we securely delete or anonymise your personal data.

You have the following rights regarding your personal data:

6.1 Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request.

6.2 Right to Rectification

If your personal information is inaccurate or incomplete, you can ask us to correct it. This is particularly important for medical information.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances. However, we may be required to retain clinical records for legal and regulatory reasons.

6.4 Right to Restrict Processing

You can ask us to restrict how we use your data in certain circumstances, such as if you contest the accuracy of the data.

6.5 Right to Data Portability

You can request a copy of your data in a structured, commonly used format to transfer to another provider.

6.6 Right to Object

You can object to processing of your data for direct marketing at any time. You can also object to processing based on legitimate interests.

6.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling for treatment decisions.

6.8 Right to Withdraw Consent

Where we process your data based on consent (such as marketing communications or before/after photographs), you can withdraw consent at any time. This will not affect the lawfulness of processing before consent was withdrawn.

To exercise any of these rights, please contact us:

  • Email: info@bereadyclinic.com
  • Phone: 07525 138354
  • Post: BeReady Clinic, Calshot Drive, Kingsmead, Milton Keynes, MK4 4LR

We will respond to your request within one month. If your request is complex, we may extend this by a further two months and will inform you of the reason for the delay.

Our website uses cookies to improve your browsing experience. For detailed information about the cookies we use and how to manage them, please see our separate Cookie Policy.

In summary:

  • Essential cookies: Required for website functionality (cannot be disabled)
  • Analytics cookies: Help us understand how visitors use our website (Google Analytics)
  • Marketing cookies: Used for retargeting and measuring campaign effectiveness (requires your consent)

You can manage your cookie preferences through our cookie banner or your browser settings.

Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from children. For safety and insurance reasons, children and guests cannot accompany clients into treatment rooms unless approved in advance.

If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.

Your personal data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK (for example, to cloud service providers with servers in other countries), we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions confirming the destination country provides adequate data protection

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you by email if you have an account with us
  • Display a prominent notice on our website

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your data.

We are committed to resolving any concerns you may have about how we handle your personal data.

Contact Us First

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email

info@bereadyclinic.com

Phone

07525 138354

Post

Calshot Drive, Kingsmead, Milton Keynes, MK4 4LR

Information Commissioner's Office (ICO)

You also have the right to lodge a complaint with the UK's supervisory authority:

ICO Contact Details

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

However, we would appreciate the opportunity to address your concerns directly before you approach the ICO.

Consent for Data Processing

By booking an appointment, creating an account, or using our services, you acknowledge that you have read and understood this Privacy Policy.

For medical treatments, we will obtain separate explicit consent through our consultation and consent forms, which include:

  • Consent for treatment: Confirming you understand the treatment, risks, and expected outcomes
  • Consent for data processing: Confirming you consent to processing of your medical information for clinical care
  • Consent for communication: Confirming how you wish to be contacted
  • Consent for marketing (optional): Confirming whether you wish to receive promotional materials
  • Consent for before & after photographs (optional): Confirming whether we can use your images for marketing purposes

Thank You for Trusting BeReady Clinic

Your privacy and trust are paramount to us. If you have any questions about this Privacy Policy or how we handle your personal information, please don't hesitate to get in touch. We're here to ensure you feel safe, informed, and confident in every aspect of your experience with us.

I understand how BeReady Clinic collects and uses my personal data
I am aware of my rights under UK GDPR and how to exercise them
I know how to contact the clinic or the ICO with any concerns
I understand that separate consent will be obtained for medical treatments
Back to Top