Dr Naz Clinics
Last updated: [19th November 2025]
Dr Naz Clinics, is committed to protecting the privacy, confidentiality and security of your personal information. This Privacy Policy explains how we collect, use, store and protect your data when you receive treatment or engage with our clinic or website.
We comply with UK GDPR, the Data Protection Act 2018, and all relevant medical and regulatory standards.
—
1. Data Controller
Dr Naz Clinics
Clinical Lead: Dr Nazreen Morley (MBChB, MRCGP)
ICO Registration Number: ZB047762
—
2. Information We Collect
Identification & Contact Details
Name
Address
Date of birth
Email address
Telephone number
Medical Information
Medical history
Medication history
Allergy information
Treatment history
Consultation notes
Consent forms
Images
Clinical photographs for medical documentation
Clinical photographs for marketing only with explicit written consent
Financial Information
Payments processed securely through third-party providers
No card details are stored by Dr Naz Clinics
Digital/Website Information
Enquiry forms
Cookies and basic browsing information
—
3. Why We Collect Your Information
We collect and use your information in order to:
Provide safe, appropriate and personalised medical aesthetic treatment
Assess suitability for treatments and record clinical decisions
Maintain accurate medical records
Contact you regarding appointments, aftercare or follow-up
Comply with legal, regulatory and professional obligations
Manage complaints, incidents or insurance queries
Use photographs for marketing only when you have given clear written consent
—
4. Consent for Photographs & Marketing
A) Marketing Images
We will only use your photographs for marketing (e.g., website, Instagram, printed materials) if:
You have given explicit written consent, and
You understand exactly where the images will be used.
Written consent may be provided via signed form, digital signature, email or written messaging, provided it clearly states how the images may be used.
You may withdraw consent for marketing at any time. Withdrawal applies to future use only.
—
B) Clinical Images
Clinical photographs taken for documentation form part of your medical record.
Consent for medical documentation cannot be withdrawn retrospectively once treatment has been provided.
—
5. Withdrawing Consent
You may withdraw marketing consent at any time, and we will stop using your images in future materials.
You cannot withdraw consent for a procedure that has already been performed, or for clinical documentation that is required to be retained as part of your medical record.
—
6. How Your Information is Stored & Protected
Your data is stored securely using encrypted clinical systems, password protection and restricted access protocols. We use secure, GDPR-compliant clinical software and encrypted storage solutions.
—
7. How Long We Keep Your Data
Retention follows regulatory and medical guidelines:
Medical records: 8 years from the date of last treatment
Consent forms: 8 years
Financial records: 6 years (HMRC requirement)
Marketing consent: retained until withdrawn
—
8. Sharing Your Information
We may share data when necessary and appropriate:
With other healthcare professionals where this benefits your care
With insurers or regulators in the event of a complaint
With legal authorities when required by law
With providers who deliver secure clinical or administrative systems
We do not sell your data to any third parties.
—
9. Your Rights
You have the right to:
Access your information
Request corrections
Request deletion (where appropriate)
Restrict processing
Request transfer of data
Withdraw marketing consent
Make a complaint to the Information Commissioner’s Office (ICO)