Skip to content
Home Treatments The Clinic Journal Results Contact Book Appointment
✦ Privacy

Privacy Policy

How we collect, use and protect your personal and medical information — written plainly, in line with the UK GDPR and Data Protection Act 2018.

Home/Privacy Policy
Last updated · 3 May 2026  ·  UK GDPR & Data Protection Act 2018

Gracious Contours takes your privacy seriously. This policy explains what personal information we collect, how we use it, and your rights. It is written plainly. If anything is unclear, please contact us at hello@graciouscontours.co.uk.

Who we are

Gracious Contours is a private aesthetic clinic operating from:

1a Lighthouse View
Seaham
County Durham
SR7 7PR

Email: hello@graciouscontours.co.uk
Phone: 07514 751180

We are the data controller for the personal information we collect about our clients and website visitors.

What information we collect

We only collect information that is necessary to operate the clinic and provide your treatments safely.

When you book an appointment

  • Your full name
  • Email address
  • Phone number
  • Date of birth
  • The treatment booked, date and time
  • Your booking reference

When you complete a medical consultation form

  • Health and medical history relevant to treatment
  • Current medication
  • Allergies and contraindications
  • Any other information you choose to share for your safety

This medical information is classified as special category data under UK GDPR. We hold it under the lawful basis of explicit consent, which you give when you complete the consultation form, and the additional condition of health or social care purposes.

When you make a payment

Payments are processed by Stripe. We do not see, store or have access to your full card details. We only receive a confirmation that your payment succeeded, the amount, and a Stripe transaction reference.

When you visit our website

  • Anonymous data about how you use the site (only if you accept analytics cookies — see our Cookie Policy)
  • Information you provide if you submit a contact form

How we use your information

We use your information for the following specific purposes:

  • To deliver your treatment safely — your medical history is reviewed before each appointment and during treatment.
  • To manage your booking — confirmation emails, appointment reminders, the option to add the appointment to your calendar.
  • To process payment — through Stripe, our payment processor.
  • To contact you — only about your appointment, your treatment, or a question you have raised with us.
  • To send a thank-you message after your visit — including an optional invitation to leave a Google review.
  • To meet our legal and regulatory obligations — for example, retaining treatment records as required for clinical and insurance purposes.

We do not use your data for marketing, automated decision-making or profiling. We do not send promotional newsletters unless you have specifically asked to be added to a mailing list.

Lawful basis for processing

Under UK GDPR we must have a lawful basis for processing your data. Ours are:

  • Contract — to deliver the treatment you have booked.
  • Legal obligation — to retain medical and treatment records as required by law and our insurers.
  • Explicit consent — for special category (health) data, given when you complete the consultation form.
  • Legitimate interest — for limited operational purposes such as preventing fraud and securing our website.

Who we share your information with

We share data only with the small number of trusted services we use to operate the clinic:

  • Stripe — payment processing. Stripe is PCI-DSS compliant and stores card data on our behalf. Stripe's privacy policy.
  • Google Workspace — for clinic email (hello@graciouscontours.co.uk). Google's privacy policy.
  • Our website host — hosting infrastructure for graciouscontours.co.uk.

We do not sell, rent or trade your information to anyone, ever.

We may disclose information if required by law (for example in response to a court order or legitimate request from law enforcement). Where this happens we will only share the minimum data necessary.

How long we keep your information

  • Booking and contact details — kept for as long as you remain a client and for two years after your last appointment.
  • Medical consultation records — retained for a minimum of seven (7) years from your last visit, in line with professional and insurance requirements for clinical record-keeping.
  • Payment records — kept for six (6) years to meet HMRC requirements.
  • Website data and cookies — see our Cookie Policy for specific retention periods.

After these periods, your information is securely deleted or anonymised.

How we keep your data safe

  • Our website uses HTTPS encryption for every page
  • Booking and consultation data is stored on a password-protected, access-restricted system
  • Payment data is handled entirely by Stripe and never touches our servers
  • The practitioner is the only person with access to your medical consultation records
  • Paper records, where used, are stored in a locked location at the clinic

We review our security practices regularly and will notify you and the Information Commissioner's Office within 72 hours of becoming aware of any data breach that affects your rights.

Your rights

Under UK GDPR you have the following rights regarding your personal information:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct anything that is inaccurate or incomplete
  • Erasure — ask us to delete your data, where we are not legally required to retain it
  • Restriction — ask us to limit how we use your data while a query is resolved
  • Objection — object to certain types of processing
  • Portability — receive your data in a portable format to transfer elsewhere
  • Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, please email hello@graciouscontours.co.uk with your full name and the nature of your request. We will respond within one calendar month.

You will not be charged for exercising these rights unless requests are clearly unfounded or excessive.

Complaints

If you are unhappy with how we have handled your information, please contact us first — we will always try to put things right.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

Changes to this policy

We may update this policy from time to time to reflect changes in the law, our services or our practices. The version published on this page is the current version. We recommend you review it occasionally.

Contact

For any questions about this Privacy Policy or how we handle your information:

Gracious Contours
1a Lighthouse View, Seaham, County Durham, SR7 7PR
Email: hello@graciouscontours.co.uk
Phone: 07514 751180