Privacy Policy

Skin Within - Skin Clinic
Last updated: 01-31-2026

Skin Within (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you book appointments online, attend treatments, visit our website, or communicate with us.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are
Business Name: Skin Within
Location: Scotland, United Kingdom
Data Controller: Skin Within

Contact details:
Email: info@skin-within.co.uk
Phone: 07542 934 096

2. Online Booking & Phorest Salon Software
We use Phorest Salon Software to manage online bookings, client records, communications, and payments.

When you book online or in-clinic, Phorest collects and securely stores your information on our behalf. Phorest acts as a Data Processor, and Skin Within remains the Data Controller.

Phorest is fully UK GDPR compliant, and data is stored securely within their systems in accordance with data protection laws.

3. What Information We Collect
a) Personal Information
  • Full name
  • Date of birth
  • Address
  • Email address
  • Phone number
  • Occupation

b) Health & Treatment Information
(Special Category Data)
  • Medical history
  • Skin conditions and concerns
  • Consultation notes
  • Treatment records
  • Before and after photographs (with consent only)

c) Booking & Payment Information
  • Appointment history
  • Payment records

We do not store full card details. Payments are handled securely via Phorest’s integrated payment systems.

d) Communication Data
  • Emails, SMS messages, and booking confirmations
  • Messages sent via contact forms or social media

4. How We Use Your Information
We use your data to:
  • Provide safe and appropriate skin treatments
  • Carry out consultations and treatment planning
  • Manage online bookings and appointment reminders
  • Process payments and maintain business records
  • Meet insurance, legal, and regulatory obligations
  • Communicate with you about appointments, aftercare, or queries
  • Send marketing communications only where consent has been given

5. Legal Basis for Processing
We process your personal data under the following lawful bases:
  • Consent – marketing, photographs, and special category health data
  • Contract – delivering treatments and services
  • Legal obligation – health, safety, and insurance requirements
  • Vital interests – protecting client safety during treatments
  • Legitimate interests – operating and improving our business

6. Special Category (Health) Data
Health-related information is handled with the highest level of confidentiality and is processed:
  • Only for treatment suitability and safety
  • With explicit client consent
  • In line with UK GDPR Article 9

7. Automated Communications
Phorest may automatically send:
  • Appointment confirmations
  • Appointment reminders
  • Follow-up or aftercare messages

These are considered essential service communications and do not require marketing consent.

8. Marketing Communications
Marketing messages (email or SMS) are only sent if you have opted in via:
  • Online booking
  • In-clinic consent forms
  • Phorest client profile settings

You can withdraw consent at any time via:
  • Unsubscribe links
  • Contacting us directly

9. Sharing Your Data
Your data is never sold.

It may only be shared with:
  • Phorest Salon Software
  • Payment providers
  • Insurance providers (if required)
  • Regulatory or legal authorities where legally required

All third parties are GDPR compliant.

10. Data Storage & Security
We protect your data by:
  • Using secure, GDPR-compliant software (Phorest)
  • Restricting staff access to authorised personnel only
  • Using password-protected devices and systems
  • Securely storing or shredding paper records

11. Data Retention
We retain client records in line with insurance and legal requirements:
  • Client treatment records: typically up to 7 years
  • Financial records: as required by HMRC

Data is securely deleted when no longer needed.

12. Your Rights
You have the right to:
  • Access your personal data
  • Correct inaccurate data
  • Request erasure of data
  • Restrict or object to processing
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: https://ico.org.uk

13. Photography & Social Media
Photographs or videos are only taken and used:
  • With clear, written consent
  • For specific purposes explained to you
  • With the option to withdraw consent at any time

14. Changes to This Policy
We may update this policy periodically.
The most recent version will always be available on our website and in-clinic.

15. Contact Us
If you have any questions about your data or this policy, please contact:

Skin Within
Email: info@skin-within.co.uk
Phone: 07542 934 096


Privacy Policy

Terms & Conditions

Site Made by Rove

© 2026 Skin Within

Editor’s Note Light Italic
Inter Italic