Privacy Policy

How we collect, use, and protect your personal information

← Back to Home

Last Updated: January 2025

1. Who We Are

Sculpt by Sumera is a sole proprietorship aesthetic practice specialising in HIFU (High-Intensity Focused Ultrasound) treatments and related aesthetic services, operated by Sumera.

Our details:

Business Name: Sculpt by Sumera
Address: 2nd Floor, 180 West Regent Street, Glasgow, Scotland
Email: [email protected]
Phone: 07951 278565
Website: www.sculptbysumera.com

Your Privacy Matters

We are committed to protecting your privacy and handling your personal data in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect different types of information depending on how you interact with our services:

Type of Data	What We Collect	How We Get It
Contact Information	Name, email address, phone number, postal address	When you book appointments, contact us, or sign up for updates
Treatment Information	Medical history relevant to treatments, treatment preferences, consultation notes, treatment records	During consultations and treatment sessions
Payment Information	Payment details for deposits (processed by Stripe - we don't store full card details)	When you make payments or deposits
Communication Data	Records of our communications via email, SMS, WhatsApp, and phone calls	When you contact us or we contact you
Website Usage Data	IP address, browser type, pages visited, time spent on site, device information	Automatically when you visit our website
Marketing Data	Your marketing preferences, engagement with our content, social media interactions	From your interactions with our marketing and social media

Before & After Photos

We may request permission to take before and after photos of your treatments. This is always optional and requires your explicit written consent. These photos may be used for:

Your treatment records
Marketing purposes (only with separate written consent)
Training and educational purposes (anonymised)

3. How We Use Your Information

We use your personal information for the following purposes:

Treatment & Care

Providing aesthetic treatments and related services
Maintaining accurate treatment records
Following up on your treatment progress
Ensuring your safety and the effectiveness of treatments

Business Operations

Managing appointments and scheduling
Processing payments and deposits
Responding to your enquiries
Improving our services

Marketing Communications (with your consent)

Sending you information about our services
Sharing treatment tips and aftercare advice
Informing you about promotions and special offers
Sending appointment reminders

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contractual Necessity

Processing necessary to provide our services, manage appointments, and fulfill our contract with you.

Consent

For marketing communications, photos for marketing use, and certain optional services.

Legitimate Interests

For business operations, improving services, and ensuring safety (where not overridden by your interests).

Legal Obligation

Maintaining treatment records as required by professional standards and regulations.

5. Who We Share Your Information With

We may share your personal information with the following third parties:

Technology Providers

GoHighLevel: Our customer relationship management (CRM) system for managing appointments, communications, and customer records
Stripe: Payment processing for deposits and payments
Facebook/Meta: For advertising purposes through Facebook Pixel (anonymised data)

Professional Requirements

Insurance providers: If required for professional indemnity purposes
Professional bodies: If required for regulatory compliance
Legal advisors: If necessary for legal compliance or protection

Emergency Situations

Healthcare providers: In case of medical emergencies
Law enforcement: If legally required

Third-Party Data Processing

All our third-party providers are required to maintain appropriate security measures and use your data only for the specific purposes we've engaged them for. They cannot use your data for their own purposes.

6. International Data Transfers

Some of our service providers may process your data outside the UK. When this happens:

We ensure appropriate safeguards are in place
We use providers with adequate data protection standards
We implement standard contractual clauses where necessary

7. How Long We Keep Your Information

Data Retention Periods

10 Years

Treatment Records: Medical and treatment records, consultation notes, before/after photos for medical purposes

7 Years

Financial Records: Payment records, invoices, financial documentation

3 Years

Marketing Data: Email marketing lists, communication preferences (unless you opt out sooner)

2 Years

Website Data: Analytics data, website usage information

1 Year

Communications: Email, SMS, and WhatsApp communications (unless part of treatment records)

8. Your Rights

Under UK data protection law, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Ask us to correct any inaccurate or incomplete data

Right to Erasure

Request deletion of your data (subject to legal requirements)

Right to Restrict Processing

Ask us to limit how we use your data

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent for marketing or other consent-based processing

Right to Complain

Lodge a complaint with the Information Commissioner's Office (ICO)

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in the "Contact Us" section below. We will respond within one month of receiving your request.

9. Cookies and Website Tracking

Our website uses cookies and similar technologies to:

Ensure the website functions properly
Remember your preferences
Analyse website usage to improve our services
Provide targeted advertising through Facebook Pixel

Types of Cookies We Use

Strictly Necessary: Required for the website to function
Functional: Remember your preferences and improve your experience
Analytics: Help us understand how visitors use our website
Marketing: Used to deliver relevant advertisements (Facebook Pixel)

You can control cookies through your browser settings, but some website functionality may be limited if you disable certain cookies.

10. Security Measures

We implement appropriate technical and organisational measures to protect your personal data:

Encrypted data transmission and storage
Regular security updates and monitoring
Access controls and user authentication
Regular backups and data recovery procedures
Staff training on data protection
Secure disposal of physical records

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by law.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For clients aged 16-18, we require parental or guardian consent before providing any services.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you by email if you have provided your email address
Post a notice on our website
For material changes, seek your consent where required

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us About Privacy

If you have any questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Email: [email protected]
Phone: 07951 278565
Address: 2nd Floor, 180 West Regent Street, Glasgow, Scotland

Data Protection Contact: Sumera (Practice Owner)

13. Regulatory Information

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the UK's data protection authority:

Information Commissioner's Office (ICO)

Website: www.ico.org.uk
Helpline: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

This privacy policy is designed to be transparent and comprehensive. If you need any clarification on any section, please don't hesitate to contact us.