Privacy & Cookies Policy

Privacy and Cookies

Appearance Based Medicine is the data controller (ICO registration number ZA043596) for personal data about patients, prospective patients, associates and newsletter subscribers.

We do not sell your personal data for commercial purposes and will only disclose it if required by law, or with your consent.

To contact Appearance Based Medicine with a data protection query regarding the processing of your personal data, please use the contact us page or email, please address the query to the Data Controller’.

Details of our processing

We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the business, our legal obligations to deliver the agreed services to you, the exception is for sending email marketing which we carry out on the basis of consent.  If you would like to know more, please read below:


As a patient, we will hold the following information about you:

  • Name and contact information.
  • Date of Birth
  • GP details
  • Health details including current medication and past cosmetic history
  • Demographic information such as postcode, preferences and interests
  • Billing and payment information.
  • Before and after treatment photos

We will use the contact details you provide to us to contact you about forthcoming appointments. We will use the health information you provide to assess your suitability for the treatments that we provide.   We will only use the before and after photos for the purpose of demonstrating the treatment that was delivered (e.g. Botox).

We use Paypal and World Pay to process your payment.  When setting up a direct debit this is handled by GoCardless. We need to keep details of financial transactions for 6 years, after the end of the current financial year for tax purposes.

We currently use third-party online tools:

  • Business Dropbox to store patient registration and consent forms. Business Dropbox uses servers that are based in the United Kingdom, personal information is not transferred outside the EEA.  For more information please view Dropbox’s Privacy Policy.
  • Google Calendar to manage your appointments. Our G-Suite account uses servers that are based within EEA. For more information please view Google’s Privacy Policy.

We will retain medical information (including before and after photos) about you for the duration of our relationship with you, then ten years, in-line with Nursing and Midwifery Council.  We will retain financial records for 6 years, following the end of the current financial year.

Prospective Patients

As a prospective patient, we will hold the following information about you:

  • Your name and contact information.
  • Referral source

If you make an enquiry to us via email, phone or the contact us page on our website, we will use this information to follow-up on this enquiry to see if we can help you.

We will retain information about you for the duration of the enquiry, then two years.


As a subcontractor, we will hold the following information about you:

  • Your name, contact information.
  • Bank details

We will retain information about you for the duration of our relationship with you, then seven years.  We will retain financial records for 6 years, following the end of the current financial year.

Visitors to our Website

When you visit our website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.  We do this to find out things such as the number of visitor to various parts of the website.  The information is only processed in a way which does not identify anyone.

To opt-out of being tracked by Google Analytics across all websites visit


Cookies are small text files that are placed on your computer by websites that you visit.  They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.  Unless you have set your browser to block cookies, this site will place the following cookies on your computer.


Cookie Name Purpose


Google Analytics The Google Universal Analytics javascript library uses first-party cookies to: distinguish unique users and throttle the request rate. To optout click here.












Twitter “Follow Button” Twitter plugin is used to help market the business using Twitter. The plugin detects whether a user is logged in to Twitter when he/she visits a website and uses this information to present either a “Follow” or “You Follow” message with various other details from Twitter. The plugin creates four ThirdParty cookies – pid, _twitter_sess, kdt, guest_id- if a visitor accesses the site when not logged into Twitter, and a further cookie if accessed while logged on to Twitter.
_twitter_sess Twitter Used by Twitter services, to monitor referral links, and login status.
auth_token Twitter This cookie saves information about the authentication token that a user uses to connect







Facebook Allow you to control the “Follow us on Facebook” and “Like” buttons
c_user Facebook This cookie contains the user ID of the currently logged in user.
Presence Facebook This is a session cookie.
xs Facebook The values contained within the xs cookie are:  The first portion is an up to 2 digit number representing the session number.  The second portion is a session secret. The third, optional, portion is a secure flag, which is used if the user has enabled the secure browsing feature.
lang AB-Med Language cookie


Doubleclick This cookie is used for re-targeting, optimisation, reporting and attribution of online adverts.  To output click here.
spu_box WordPress Used for closing and conversion on the popup

Most web browsers allow some control of most cookies through the browser settings.  To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or


We endeavour to take all reasonable steps to protect your personal information. All the data collected by us is stored on secure servers. The secure server software encrypts all information you input before it is sent to us.

Your Rights

As an individual whose personal data is processed by Appearance Based Medicine you have these rights

  • The right to be informed, which is what this privacy policy is for.
  • The right to access what data we hold about you.
  • The right to object to direct marketing – either use the unsubscribe option or contact us directly.
  • The right to object to processing carried out on the basis of legitimate interests.
  • The right to erasure (in some circumstances).
  • The right to data portability.
  • The right to have your data rectified if it is inaccurate.
  • The right to have your data restricted or blocked from processing.

If, at any time, you want to verify, update or amend your personal data please email    you would like a copy of the information held on you please write to Chilterns House, 49 – 51 Dean Street, Marlow, Buckinghamshire, England, SL7 3AA.

You also have the right to lodge a complaint about our processing with the UK’s Information Commissioner’s Office (ICO).

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 07/02/2018.




Pin It on Pinterest

Share This