Skip to content
Preview — our new website is under construction. We’re putting the finishing touches to it; some details are still being confirmed.
KMKM AestheticsNurse-Led Medical Aesthetics
Legal · Your data

Privacy Notice

How we collect, use and protect your personal information — including the health information you share with us — written plainly. We hold your trust as carefully as we hold your data.

Last updated June 2026

Who we are

The data controller.

KM Aesthetics Ltd (“we”, “us”, “the clinic”) is the data controller responsible for your personal data. We are an aesthetics clinic based in Pencoed, Bridgend.

KM Aesthetics Ltd

36 Penybont Road, Pencoed, Bridgend CF35 5RA

Email: info@kmaesthetics.com

ICO registration reference to be confirmed before go-live.

What we collect

The information we hold.

We only collect what we genuinely need to care for you safely and to run the clinic responsibly.

Identity & contact

Your name, email address, mobile number and postal area — used to book, confirm and care for your appointments.

Health information

Medical history, medications, skin and treatment details, consultation notes and consent records. This is special-category (health) data and we treat it with extra care.

Booking & website

Appointment history, deposit and payment confirmations (we do not store full card details), and limited technical data such as device and analytics information.

Lawful bases

Why we are allowed to use it.

Under UK GDPR we must have a lawful basis for everything we do with your data. Ours are set out below.

Contract

To provide the treatment or consultation you book, take your deposit and manage your appointment.

Legal obligation

To keep clinical and financial records we are required by law and professional standards to retain.

Legitimate interests

To run and improve the clinic, secure our systems and respond to your enquiries — balanced against your rights.

Consent

For optional marketing messages and for any use of your health information beyond your direct care, including marketing. You can withdraw consent at any time.

Explicit consent / healthcare (special-category data)

For health information, we additionally rely on your explicit consent and/or the provision of healthcare. We never build marketing audiences from your health data without separate, explicit consent.

Special-category data

Your health information.

Anything you tell us about your health, medications or the treatment you are interested in is special-category data under UK GDPR. We use it solely to assess your suitability, treat you safely and keep the clinical records we are required to hold. We will never use it to target marketing at you unless you give us separate, explicit consent to do so.

  • Used only for your care

    Assessment, treatment, aftercare and the records we must keep.

  • Never segmented for marketing

    Your treatment interest is not used to build audiences without explicit consent.

  • Always your choice

    You can ask what we hold, correct it or ask us to delete it where the law allows.

Marketing

Consent & opt-out.

We will only send you marketing messages — by email, SMS or messaging app — where you have given us consent for that specific channel, or where we are permitted to do so under PECR’s soft opt-in for our existing clients in relation to similar treatments. Consent is asked for separately from any enquiry or booking, is never pre-ticked, and is recorded per channel.

Every marketing message includes a simple way to opt out. You can unsubscribe at any time, with no effect on your care. To stop all marketing, reply to any message or email info@kmaesthetics.com.

We do not sell your data, and we do not use your health information to target marketing without your separate, explicit consent.

Cookies & analytics

How our website behaves.

Our website uses a small number of cookies. Strictly necessary cookies keep the site working and are always on. Any analytics or measurement cookies are only set where you have given consent, and you can change your choice at any time.

Booking is handled by our booking provider on their own platform; when you proceed to book, their privacy terms also apply to the information you enter there.

A full cookie list will be confirmed alongside our cookie banner before go-live.

Retention

How long we keep it.

We keep personal data only for as long as we need it. Clinical and consent records are retained in line with healthcare record-keeping standards and our legal and insurance obligations; routine enquiry and marketing data is held only while it is relevant or until you ask us to stop. When data is no longer needed, we securely delete or anonymise it.

Specific retention periods to be confirmed before go-live.

Your rights

What you can ask of us.

Under UK GDPR you have rights over your personal data. To exercise any of them, just get in touch.

Access

Ask for a copy of the personal data we hold about you.

Rectification

Ask us to correct anything that is inaccurate or incomplete.

Erasure

Ask us to delete your data where we are not required to keep it.

Restriction & objection

Ask us to pause certain uses, or object to processing based on legitimate interests.

Portability

Ask to receive certain data in a portable, machine-readable format.

Withdraw consent

Withdraw any consent you have given, at any time, without affecting your care.

If you have a concern we can’t resolve, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

Questions about your data?

We’re happy to help.

Email us and we’ll respond promptly. For anything clinical, your privacy is always protected.

Email info@kmaesthetics.com

See also our booking terms and aftercare guidance.

Book Enquire