Legal

Privacy Policy

Last updated: 10 June 2026

Who We Are

Nūra Medical Aesthetics (“Nūra”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data responsibly, transparently, and in accordance with applicable data protection law.

Nūra Medical Aesthetics is the Data Controller responsible for your personal data. As Data Controller, we determine how and why your data is processed.

We are registered with the Information Commissioner’s Office (ICO). Our ICO Registration Number is: ZC171983.

This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and what your rights are in relation to it. It applies to all patients and prospective patients of Nūra Medical Aesthetics, including those accessing our services via our website, by telephone, or in clinic.

If you have any questions about this policy or how we handle your data, please contact us at: [email protected] · 0161 566 7618 · 2 Ashfield Road, Cheadle, SK8 1BB.

What Information We Collect

We collect and process the following categories of personal information:

Identity and contact information

  • Full name, date of birth, gender
  • Email address, telephone number, and postal address

Medical and health information (special category data)

  • Medical history, current medications, allergies, and contraindications
  • Consultation notes and treatment records
  • Clinical photographs taken before and after treatment
  • Consent forms and treatment agreements

Financial information

  • Payment records and transaction history
  • Deposit and refund records

Communication records

  • Enquiries, messages, and correspondence with the clinic
  • Marketing preferences and consent records

We collect this information directly from you when you book an appointment, complete an intake form, attend a consultation, or contact us by any means.

How We Use Your Information

We use your personal information for the following purposes, each supported by a lawful basis under UK GDPR:

To deliver your care and treatment

Lawful basis: Performance of a contract and, for health data, Article 9(2)(h) — processing for the purposes of preventive or occupational medicine, medical diagnosis, and the provision of health or social care.

To maintain your medical records

Lawful basis: Legal obligation — we are required to retain medical records for a minimum period under professional and regulatory guidance.

To process payments and manage your account

Lawful basis: Performance of a contract.

To send appointment reminders and aftercare information

Lawful basis: Legitimate interests — communicating with patients in connection with their treatment is a necessary and proportionate use of their data.

To send marketing communications

Lawful basis: Consent — we will only send marketing communications where you have given us your explicit consent to do so. You may withdraw consent at any time.

In the event of a medical emergency

Lawful basis: Vital interests — we may share relevant information with emergency services or healthcare providers where necessary to protect your life or safety.

Special Category Data

As a medical aesthetics clinic, we process health data, which is classified as special category data under UK GDPR. This type of data requires a higher level of protection.

We process your health data solely for the purpose of providing you with safe, appropriate medical aesthetic care. This processing is carried out under Article 9(2)(h) of UK GDPR, which permits the processing of health data for medical diagnosis and the provision of healthcare, subject to appropriate confidentiality obligations.

Your health data is accessible only to authorised clinical and administrative personnel who require it to deliver your care. It is never shared with third parties for commercial purposes.

Data Security

We take appropriate technical and organisational measures to protect your information from unauthorised access, loss, misuse, disclosure, or alteration.

Patient records are stored securely and access is limited to authorised personnel only.

These measures include encryption of stored data, password-protected access controls, secure clinic management software, and regular review of our data security practices.

In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) as required by law.

How Long We Keep Your Information

Medical records are retained in accordance with legal, regulatory, insurance, and professional requirements.

As a guide, we apply the following retention periods:

  • Medical and treatment records: 8 years from the date of last treatment
  • Financial and payment records: 6 years from the date of transaction, in accordance with HMRC requirements
  • Marketing consent records: retained until consent is withdrawn, plus a reasonable period thereafter
  • Enquiry and correspondence records: 2 years from the date of last contact where no treatment was received

Records will be securely deleted or destroyed when no longer required, in accordance with our data retention schedule.

Third Party Data Sharing

We do not sell, rent, or trade your personal data. We may share your information with the following third parties only where necessary and proportionate:

  • Healthcare providers — where a referral or emergency escalation is required in the interests of your safety
  • Our clinic management and booking software provider, for the purpose of managing your records and appointments
  • Payment processors, for the secure handling of transactions
  • Insurance providers, where required in connection with a clinical incident or claim
  • Regulatory or legal bodies, where we are required by law to disclose information

All third party providers we work with are required to handle your data securely and in accordance with UK GDPR. We do not authorise any third party to use your data for their own purposes.

Your Rights

Under UK GDPR you have the right to:

  • Access your personal information
  • Request correction of inaccurate information
  • Request erasure of your personal data (the ‘right to be forgotten’), where there is no legal obligation for us to retain it
  • Request restriction of processing in certain circumstances
  • Object to certain types of processing
  • Request data portability where applicable
  • Withdraw consent where processing relies on consent
  • Object to automated decision-making, including profiling, where this applies
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact us in writing at [email protected]. We will respond to all requests within one calendar month, in line with our obligations under UK GDPR.

You will not be charged a fee for exercising your rights in most circumstances. We may request proof of identity before processing your request.

Marketing Communications

With your consent, we may send you information about treatments, services, events, promotions, and educational content.

You can unsubscribe from marketing communications at any time by following the unsubscribe instructions in any communication or by contacting the clinic directly.

We will never share your contact details with third parties for marketing purposes. Your marketing preferences are recorded and can be updated at any time by contacting us at [email protected].

Cookies

Our website may use cookies and analytics technologies to improve user experience and website performance.

Cookies are small text files stored on your device when you visit our website. We use analytics cookies to understand how visitors use our site, which helps us improve the experience for all users. We do not use cookies to collect personal data for marketing purposes without your consent.

You can control and manage cookies through your browser settings at any time. Disabling certain cookies may affect the functionality of our website.

Further details on the specific cookies we use can be found in our Cookie Policy.

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in legal, regulatory, or operational requirements.

Where changes are material, we will notify existing patients by email prior to the changes taking effect. The most current version of this policy will always be available on our website and in clinic on request.

The effective date of the current version is shown at the top of this document.

Contact Us

If you have any questions regarding this Privacy Policy or how your information is handled, please contact us:

Nūra Medical Aesthetics
2 Ashfield Road, Cheadle, SK8 1BB
Email: [email protected]
Telephone: 0161 566 7618
Website: www.thenuraclinic.com

If you are dissatisfied with how your information has been handled and we have been unable to resolve your concern, you have the right to contact the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Website: www.ico.org.uk · Telephone: 0303 123 1113