Privacy Policy

At Zorah Clinic, absolute discretion and the safeguarding of your personal information are foundational to our medical practice. We treat your privacy with the same uncompromising standard of care as your clinical treatments. This policy outlines our strict adherence to the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018, detailing precisely how we collect, process, and protect your data. Because we are a medically-led aesthetic clinic, the information we require extends beyond standard contact details to include comprehensive medical histories and clinical photography. The Information Commissioner’s Office (ICO) classifies this health information as Special Category Data, meaning it is legally subject to the highest possible levels of security and protection.

To ensure your information is impenetrable, Zorah Clinic operates as a paperless practice. All sensitive clinical records, consent forms, treatment notes, and medical photographs are housed exclusively within Aesthetidocs, a highly secure, encrypted, and fully GDPR-compliant clinical management system specifically designed for the medical aesthetics sector. Your data is never stored on personal devices or unsecured local networks. Access to your electronic medical file is strictly restricted to your direct clinical care team, ensuring that your medical history and aesthetic journey remain entirely confidential.

We will never sell your personal data to third parties, nor will we use it for external marketing purposes without your explicit, opt-in consent. However, the safe provision of aesthetic medicine requires coordinated care. To facilitate your bespoke treatment plans, it is a clinical necessity to share specific, relevant patient details with heavily regulated medical third parties. This strictly includes registered external pharmacies for the sole purpose of ordering Prescription Only Medicines (POMs), such as anti-wrinkle treatments or emergency dissolving agents, prescribed specifically for your care. These regulated partners are equally bound by stringent UK data protection laws and medical confidentiality agreements.

In accordance with UK medical governance and standard aesthetic insurance regulations, Zorah Clinic is legally mandated to retain your comprehensive medical records for a minimum period of 10 years following your final clinical appointment. This retention period ensures a complete historical baseline of your treatments should you ever require future medical care or face delayed clinical complications. While you possess the absolute right to opt out of our marketing communications at any time, please be advised that the GDPR “right to be forgotten” (the right to erasure) does not supersede our legal and medical obligation to retain your clinical records for this mandated 10-year period.

Under data protection law, you possess absolute transparency regarding your personal information. You have the right to request a complete copy of the data we hold about you, known as a Subject Access Request. If you wish to request your records, update your personal details, or alter your marketing preferences, please direct your correspondence to our management team at hello@zorahclinic.com. We are committed to responding to all formal data requests promptly and within the legal timeframe of 30 days, ensuring you remain in complete control of your digital footprint at Zorah Clinic.