NOVALUX MEDICAL GROUP

PRIVACY POLICY

NovaLux Medical Group (“NovaLux”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, website, or providing your personal information, you agree to the terms outlined below.

1. DATA CONTROLLER

NovaLux Medical Group is the data controller responsible for your personal data.

For any data protection queries, please contact us via our official communication channels.

2. INFORMATION WE COLLECT

We may collect and process the following categories of personal data:

Personal Information:

  • Full name
  • Date of birth
  • Address
  • Email address
  • Telephone number

Medical Information:

  • Medical history
  • Medication details
  • Treatment history
  • Skin or health-related information relevant to treatment

Financial Information:

  • Payment details (processed securely via third-party providers)
  • Transaction records

Technical Data:

  • IP address
  • Browser type and device information
  • Website usage data (via cookies and analytics tools)

3. HOW WE COLLECT YOUR DATA

We collect data through:

  • Consultation forms (online or in-clinic)
  • Booking systems
  • Website forms and enquiries
  • Direct communication (email, phone, messages)
  • Automated technologies such as cookies

4. HOW WE USE YOUR DATA

Your data is used for the following purposes:

  • Providing consultations and treatments
  • Maintaining accurate medical records
  • Managing appointments and bookings
  • Processing payments
  • Communicating with you regarding your treatment
  • Complying with legal, regulatory, and professional obligations
  • Improving our services and customer experience

We will only use your data where we have a lawful basis to do so.

5. LAWFUL BASIS FOR PROCESSING

We process your data under the following legal bases:

  • Consent – where you have given clear permission
  • Contract – to provide services requested
  • Legal obligation – to comply with regulatory requirements
  • Legitimate interests – to operate and improve our business

Special category (medical) data is processed strictly for healthcare purposes and in accordance with applicable laws.

6. DATA SHARING

We do not sell your data.

We may share your data with:

  • Regulated healthcare professionals involved in your care
  • Payment processing providers
  • IT and system providers
  • Regulatory bodies where required by law

All third parties are required to respect your data and comply with data protection laws.

7. DATA STORAGE & SECURITY

  • Your data is stored securely using appropriate technical and organisational measures.
  • Access is restricted to authorised personnel only.
  • We take reasonable steps to protect your data from loss, misuse, or unauthorised access.

8. DATA RETENTION

  • Medical records are retained in accordance with legal and clinical requirements (typically up to 7–10 years or longer where required).
  • Personal data is only kept for as long as necessary for the purposes outlined in this policy.

9. YOUR RIGHTS UNDER GDPR

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure of your data (where applicable)
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request data portability

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

10. COOKIES & WEBSITE TRACKING

Our website may use cookies and tracking technologies to:

  • Improve website performance
  • Analyse visitor behaviour
  • Enhance user experience

You can manage cookie preferences through your browser settings.

11. MARKETING COMMUNICATIONS

  • We may contact you with relevant offers or updates where you have provided consent.
  • You can opt out of marketing communications at any time.

12. CONFIDENTIALITY

All personal and medical information is treated as strictly confidential and handled in line with professional, ethical, and legal standards.

13. THIRD-PARTY LINKS

Our website may contain links to third-party websites. NovaLux is not responsible for their privacy practices, and we encourage you to review their policies separately.

14. CHILDREN’S DATA

We do not knowingly collect personal data from individuals under the age of 16 without parental or guardian consent.

15. CHANGES TO THIS POLICY

NovaLux Medical Group reserves the right to update this Privacy Policy at any time. Updated versions will be published on our website.

16. CONTACT

For any questions regarding this Privacy Policy or your data, please contact us via our official communication channels.