Privacy Policy
Last updated: June 2025
The PRP Skin Bar ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect information about you when you use our website at theprpskinbar.co.uk or contact us to enquire about our services.
This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully. If you have any questions, contact us using the details provided at the end of this document.
1. Who We Are (Data Controller)
The data controller responsible for your personal data is:
We are registered in England. We recommend consulting the Information Commissioner's Office (ICO) website at ico.org.uk for further information about your rights.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
Contact and Identity Data
Your name, phone number, and email address when you submit an enquiry form or contact us directly.
Enquiry Content
The content of any message you send to us, including details about treatments you are interested in.
Age Confirmation
Confirmation that you are aged 18 or over, as required before we discuss injectable treatments.
Technical and Usage Data
Information such as your IP address, browser type, pages visited, and time spent on the site, collected automatically where analytics cookies are accepted. This data is anonymised and aggregated where possible.
Communications Data
Records of any communications between us, including WhatsApp or telephone correspondence relating to your consultation or treatment.
We do not collect sensitive personal data (such as health information) through our website contact form. Any health or medical information discussed during a consultation is handled separately as part of your clinical record and subject to additional protections.
3. How and Why We Use Your Personal Data
We use your personal data for the following purposes and under the following lawful bases under UK GDPR:
| Purpose | Lawful Basis | Retention |
|---|---|---|
| Responding to your consultation enquiry | Legitimate interests / Pre-contractual steps | 12 months from last contact |
| Booking and managing consultations | Contract performance | Duration of client relationship + 12 months |
| Complying with legal obligations (e.g. clinical record-keeping) | Legal obligation | As required by applicable law (typically 8 years for medical records) |
| Improving our website via analytics | Consent (via cookie banner) | Until consent is withdrawn |
| Sending follow-up information you have requested | Consent | Until consent is withdrawn or 12 months |
4. How Long We Keep Your Data
We will retain your personal data only for as long as necessary to fulfil the purposes set out in this policy and to comply with our legal obligations:
- General enquiry data — retained for 12 months from the date of your last contact with us, after which it will be securely deleted.
- Clinical consultation and treatment records — retained for a minimum of 8 years in accordance with NHS and professional body guidance for aesthetic and medical records, unless a longer period is required by law.
- Analytics cookie data — retained only while consent is active. Withdrawing cookie consent will stop further collection. Historical aggregated analytics data may be retained for up to 26 months as permitted by Google Analytics default settings.
5. Who We Share Your Data With
We do not sell, rent or trade your personal data. We may share it only in the following limited circumstances:
Google LLC
We may use Google Analytics (where analytics cookies are accepted) to understand how visitors use our website. Google may process data on servers outside the UK/EEA. Google participates in the UK-US Data Bridge and applies Standard Contractual Clauses. You can opt out at tools.google.com/dlpage/gaoptout.
WhatsApp / Meta Platforms Ireland Ltd
If you choose to contact us via WhatsApp, your message content and phone number are processed by WhatsApp/Meta. Please refer to WhatsApp's own Privacy Policy at whatsapp.com/legal/privacy-policy.
Legal and Regulatory Bodies
We may disclose personal data to regulators, law enforcement, or legal advisers where required by law or to protect the rights, property, or safety of The PRP Skin Bar, our clients, or others.
6. Cookies
Our website uses cookies — small text files stored on your device — to help the site function correctly and, where you have given consent, to help us understand how you use it.
Essential Cookies (no consent required)
| Cookie Name | Purpose | Duration |
|---|---|---|
| prp-cookie-consent | Stores your cookie preference to avoid repeated prompts | 12 months |
Analytics Cookies (consent required)
| Cookie Name | Purpose | Duration |
|---|---|---|
| _ga | Google Analytics — distinguishes users | 2 years |
| _ga_* | Google Analytics — session state | 2 years |
You can manage your cookie preferences at any time via the cookie consent banner or your browser settings. Most browsers allow you to block or delete cookies — please refer to your browser's help documentation for instructions. Note that blocking essential cookies may affect how the website functions.
7. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
Right of Access
You may request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one calendar month.
Right to Rectification
You may ask us to correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure
You may request that we delete your personal data where there is no compelling reason for us to continue processing it, subject to our legal obligations.
Right to Restrict Processing
You may ask us to pause processing your personal data in certain circumstances, for example while we verify its accuracy.
Right to Data Portability
Where processing is based on your consent or a contract, you may request that we provide your data in a structured, commonly used, machine-readable format.
Right to Object
You may object to processing based on our legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent
Where we rely on your consent to process data, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to Lodge a Complaint
You have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
To exercise any of these rights, please contact us by telephone on 07513 691514. We will respond to all legitimate requests within one calendar month. We may need to verify your identity before fulfilling your request.
8. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Secure HTTPS encryption for all data transmitted via this website.
- Limiting access to personal data to those individuals who need it to perform their duties.
- Regular review of our data handling procedures.
Whilst we take all reasonable steps to protect your data, no transmission over the internet is entirely secure. You provide data to us at your own risk. If you believe your data has been compromised, please contact us immediately.
9. International Data Transfers
Where we use third-party services that transfer personal data outside the United Kingdom (for example, Google Analytics), we ensure that appropriate safeguards are in place, such as adequacy decisions by the UK government, Standard Contractual Clauses approved for use in the UK, or participation in the UK-US Data Bridge framework. If you would like further information about the specific safeguards applied to your data, please contact us.
10. Children and Young Persons
Our services and this website are directed exclusively at adults aged 18 years and over. We do not knowingly collect personal data from individuals under the age of 18. All injectable aesthetic treatments provided by The PRP Skin Bar are for adults aged 18 and over only. If you believe we have inadvertently collected data from a minor, please contact us immediately so that we may delete it.
11. Links to Other Websites
This website may contain links to third-party websites, including our Instagram profile (@prpppure) and WhatsApp. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data to them.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website following any changes constitutes your acceptance of the updated policy.
13. ICO Registration
Organisations that process personal data in the UK are generally required to register with the Information Commissioner's Office (ICO) unless an exemption applies. The PRP Skin Bar is taking appropriate steps to ensure compliance with ICO registration requirements. For more information about data protection law in the UK, visit ico.org.uk.
14. How to Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have any concerns about how we handle your personal data, please contact us:
The PRP Skin Bar
London, United Kingdom
07513 691514We aim to respond to all data protection enquiries within 5 working days. For Subject Access Requests, we will respond within one calendar month as required by UK GDPR.