This notice outlines what personal data we hold with regards to you and how we manage and process that data. We commit to handling your personal data in line with General Data Protection Regulations (GDPR). We maintain a database including demographic information (name, DOB) and contact details (address, phone number, email) for all our clients. This information is held electronically on a password protected computer, as well as in paper form within a client file which is stored securely. The purpose of retaining this information is in order to maintain a record of who we have worked with professionally and also to enable us to contact you to provide aftercare following a treatment, to check client satisfaction in line with our auditing and clinical governance processes, to remind you when your next treatment / review is due and to provide you with information about the services we provide and about any new treatments that we think might be of interest to you. The lawful basis for the processing of this data under article 6 of the GDPR is “legitimate interests”. We need to be able to seek feedback on our services in order that we can audit our practice to maintain high clinical standards. We would also like to be able to contact you from time to time for marketing purposes. We will ask you when you first consult with us if you are happy for us to do this. Under article 6 of the GDPR this would constitute “consent”. We commit to not market excessively, to never apply pressure to encourage you to undergo a procedure that you do not wish to have, and to allow you to opt out of marketing correspondence at any stage should you wish to do so. In order to do this, please email us at Opting out of such correspondence will not in any way impact on the care that you will receive. In addition to the demographic and contact details, we are required to retain medical information including your past medical history as detailed on the initial health screening questionnaire and details of any treatments / procedures undertaken. This information is held under article 9(2)(h) of the GDPR under “provision of health care”. For medicolegal purposes, data of this nature is required to be retained for 5 years after the conclusion of your treatments with Youthful Solution. This information cannot be deleted or destroyed before this date unless there is reason to suspect that it is factually inaccurate or incorrect. We commit to maintaining the confidentiality of your personal and health data and will not disclose any information about your health without your express consent, except in such circumstances as to provide information required for your emergency medical care in such circumstances where you are incapacitated and unable to consent. Further information regarding your rights and our responsibilities with regards data processing can be found on the Information Commissioner’s Office website: