Clinic Plastic Surgery is operated by Mr Andrej Salibi and Miss Maria Chasapi, consultant plastic surgeons practising in Birmingham and London, United Kingdom. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you interact with our Website (www.clinicplasticsurgery.com) or contact us to enquire about our services.
For the purposes of UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Clinic Plastic Surgery.
Contact for data protection matters:
When you complete a consultation booking form or contact us via the Website, we may collect:
If you proceed to a consultation, further information will be collected directly by the clinical team or our partner facilities, governed by their own data practices and the applicable healthcare confidentiality frameworks.
When you visit our Website, we may automatically collect certain technical information, including:
This information is collected via cookies and similar technologies. Please see Section 8 (Cookies) for more detail.
Health information is sensitive personal data under UK GDPR and is handled with the highest level of care.
Information relating to your health, medical history, or intended medical procedures constitutes special category data under UK GDPR (Article 9). Where you share such information in your enquiry or consultation, we process it on the basis of:
We will never use health information for any purpose other than managing your care and enquiries, and will process it in accordance with Article 9 of UK GDPR and Schedule 1 of the Data Protection Act 2018.
We use the personal information we collect for the following purposes:
We rely on the following lawful bases under UK GDPR to process your personal data:
We do not sell, rent, or trade your personal data. We may share your information in the following limited circumstances:
When a consultation is confirmed, necessary details will be shared with the relevant partner facility (Cadogan Clinic in London or Kat & Co. Clinic in Birmingham) for the purpose of administering your appointment. These facilities operate under their own data protection frameworks and healthcare confidentiality obligations.
We may use third-party service providers to help operate the Website (such as web hosting, form processing, and email delivery services). These providers act as data processors and are contractually required to process your data only on our instructions and in compliance with UK GDPR.
We may disclose your information where required by law, court order, or regulatory authority, including to the General Medical Council (GMC), Care Quality Commission (CQC), or any other body with lawful authority to require disclosure.
We aim to keep your data within the United Kingdom and European Economic Area (EEA) wherever possible. Where any third-party service provider processes data outside the UK or EEA, we ensure that appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses, in compliance with UK GDPR Chapter V.
Our Website uses cookies – small text files placed on your device – to support the functioning of the Website and to help us understand how visitors use it. The types of cookies we may use include:
You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Website. By continuing to use the Website without changing your cookie settings, you consent to our use of cookies as described above.
We may update our cookie practices in line with changes to relevant technology or regulation. Please revisit this policy periodically for updates.
We retain your personal information only for as long as is necessary for the purposes described in this Policy, or as required by law or professional regulation.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These measures include secure email communications, access controls, and encrypted data transmission via HTTPS.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours, and you will be notified directly where required.
Under UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, please contact us at contact@clinicplasticsurgery.com. We will respond to your request within one calendar month. We may need to verify your identity before processing your request.
If you are not satisfied with how we handle your data or respond to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Our Website is not directed at children under 18. We do not knowingly collect personal data from individuals under 18 without appropriate parental or guardian consent. If you believe we have inadvertently collected data from a minor without consent, please contact us immediately and we will take steps to delete that information.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. We will indicate the date of the most recent revision at the top of this page. Your continued use of the Website following any update constitutes your acceptance of the revised Policy.
For material changes that significantly affect how we use your data, we will make reasonable efforts to notify you directly where we hold valid contact details.
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
.webp)
