Privacy Policy

Last Updated: 9 May 2024

Welcome to PRP London Clinic. PRP London Clinic is a trading name of MEDSQUARE LTD. We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This privacy policy ("Policy") explains how we collect, use, share, and protect your personal information when you visit our website (www.prp-london.com) (the "Site"), use our services, or otherwise interact with us.

This Policy applies to individuals located in the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

PRP London Clinic ("we", "us", "our") is a trading name of MEDSQUARE LTD, a company registered in England and Wales under company number 11861526. We are a provider of aesthetic and regenerative medical treatments, operating clinics in London and Essex. Our registered office address is Unit 11, Flamingo Court, 81 Crampton Street, London, United Kingdom, SE17 3BF. For the purpose of the UK GDPR, MEDSQUARE LTD is the data controller.

2. Information We Collect

We collect information about you directly when you provide it to us, automatically when you navigate our Site, and sometimes from third parties. The types of personal data we may collect include:

Information You Provide Directly:

  • Contact Information: Your name, email address, phone number when you fill out contact forms, book appointments, or subscribe to newsletters.
  • Booking Information: Details related to your appointments or course bookings, which may include your treatment interests and medical history relevant to the treatment you are seeking.
  • Communication Data: Records of your correspondence with us via email, phone, our website forms, or social media.
  • Account Information (if applicable): Usernames, passwords, and other details if you create an account on our Site (e.g., for B2B training purposes).
  • Feedback and Survey Information: Information you provide when you participate in surveys or provide feedback on our services.

Information Collected Automatically:

  • Technical Data: Your IP address, browser type and version, operating system, device information, and time zone setting.
  • Usage Data: Information about how you use our Site, such as pages visited, time spent on pages, links clicked, navigation paths, and referring websites. This is collected via server logs and potentially through cookies (see section 5).

Information from Third Parties:

  • Payment Processors: When you make a payment for services or products, our third-party payment processor (e.g., Stripe) may provide us with transaction details (such as payment confirmation and transaction ID), but we do not store your full card numbers.
  • Booking Platforms: If you book through a third-party platform, they may share your booking information with us.
  • Social Media Platforms: If you interact with us on social media, we may collect information that you make publicly available or information you provide directly to us.

We use cookies and similar technologies. Please see our Cookie Policy for more details.

3. How We Use Your Information

We use your personal data for the following purposes, based on the lawful bases set out in the UK GDPR:

To Provide and Manage Our Services (Performance of a Contract, Legitimate Interests):

  • To schedule and confirm your appointments.
  • To provide you with the treatments and services you have requested.
  • To communicate with you about your appointments, treatments, or any changes to our services.
  • To manage your account (if applicable).
  • To process payments for our services.

To Improve Our Site and Services (Legitimate Interests):

  • To understand how our Site is used and to improve its functionality and user experience.
  • To analyse trends and gather demographic information for service improvement.
  • To conduct research and analysis to enhance our treatments and offerings.

For Marketing and Communications (Consent, Legitimate Interests):

  • To send you newsletters, promotional materials, and information about new treatments or special offers, where you have consented to receive such communications or where we have a legitimate interest (e.g., for existing clients about similar services, with an opt-out option).
  • To respond to your enquiries and provide customer support.

For Legal and Regulatory Compliance (Legal Obligation, Legitimate Interests):

  • To comply with applicable laws, regulations, and legal processes.
  • To maintain accurate medical records as required by law and professional standards.
  • To protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others.
  • To prevent and detect fraud or other illegal activities.

4. How We Share Your Information

We do not sell your personal data. We may share your personal information with the following categories of third parties in certain circumstances:

  • Service Providers: We engage third-party service providers to perform functions on our behalf. These may include IT and system administration services (e.g., website hosting, data backup), payment processors (e.g., Stripe), appointment booking system providers, marketing and communications platforms (e.g., email marketing services, if you subscribe), and analytics providers (e.g., Google Analytics). These providers are contractually bound to protect your data and only use it for the purposes for which we disclose it to them.
  • Medical Professionals: If necessary for your treatment, we may share relevant information with other medical professionals involved in your care (e.g., specialists to whom we might refer you, with your consent).
  • Legal and Regulatory Authorities: We may disclose your information to law enforcement agencies, courts, regulators, government authorities, or other third parties where we are legally required to do so or to protect our legal rights.
  • Business Transfers: In the event of a merger, acquisition, reorganisation, bankruptcy, or other similar event, your personal information may be transferred as part of the transaction, subject to appropriate confidentiality agreements.

We will only transfer your personal data outside the UK or European Economic Area (EEA) if appropriate safeguards are in place, in accordance with UK GDPR requirements.

5. Cookies and Tracking Technologies

We use cookies and similar technologies (such as web beacons and pixels) to operate and improve our Site, analyse usage, personalise content, and support our services and marketing efforts. For detailed information on the cookies we use, the purposes for which we use them, and how you can manage your cookie preferences, please see our Cookie Policy.

6. Data Security

We have implemented appropriate technical and organisational security measures designed to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. These measures include, but are not limited to, using encrypted connections (SSL/TLS) for data transmitted via our website, implementing strict access controls to patient data, and ensuring our staff are trained in data protection best practices.

Despite these measures, the transmission of information via the internet is not completely secure. While we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Medical records will be retained in accordance with applicable medical record retention periods in the UK.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances, you can ask us to delete your data: see "Your Rights" below for further information.

8. Your Rights

Under the UK GDPR, you have several rights in relation to your personal data. These include the right to:

  • Access: Request access to your personal data (commonly known as a "data subject access request").
  • Rectification: Request correction of inaccurate personal data we hold about you.
  • Erasure: Request erasure of your personal data in certain circumstances.
  • Restrict Processing: Request restriction of processing of your personal data in certain circumstances.
  • Data Portability: Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format in certain circumstances.
  • Object to Processing: Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Withdraw Consent: Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).

9. Children's Privacy

Our Site and services are generally not intended for individuals under the age of 18. We do not knowingly collect personal data relating to children under 16 without explicit parental consent. For individuals aged 16 and 17 seeking certain treatments, we require explicit parental/guardian consent and may also require consultation with their General Practitioner (GP) before proceeding with any treatment. We reserve the right to refuse treatment if we deem it not in the best interest of a minor, even with consent.

10. Links to Other Websites

Our Site may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your rights, please contact MEDSQUARE LTD at:

Email: [email protected]

Alternatively, you can write to our Data Protection Lead at our registered office:
MEDSQUARE LTD
Unit 11, Flamingo Court, 81 Crampton Street, London, United Kingdom, SE17 3BF

Please ensure you mark any postal correspondence clearly for the attention of the "Data Protection Lead".