Effective Date: 7 July 2025
Last Updated: 7 July 2025

1. Introduction

Bijoux Medispa, a trading name of Calapoint Limited, is committed to protecting and respecting your privacy. This Privacy and Cookie Policy explains how we collect, use, store, and protect your personal data when you engage with us—whether in person, through our website, or by other means.

Registered Address:
Bijoux Medispa
149 Ebury Street
Belgravia
London
SW1W 9QN
United Kingdom

Company Number: 15974227

2. Who We Are

Bijoux Medispa offers advanced medical aesthetics and skin treatments. We act as a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For any queries regarding your data, please contact our Data Protection Officer (DPO):

Email: [email protected]
Phone: [Insert clinic phone number]
Address: As above

3. What Information We Collect

We collect personal data from you directly when you engage with our clinic or website.

1. a) Identification and Contact Data:

• Full name
• Date of birth
• Gender
• Address, email, phone number

1. b) Medical and Treatment Information:

• Relevant health information and medical history
• Treatment records and progress notes
• Photographic records (before/after images)
• Prescriptions, referrals, or diagnostic notes

1. c) Payment Information:

• Payment details (securely processed by third-party providers)
• Billing and transaction history

1. d) Website Data:

• IP address
• Device/browser details
• Usage data such as time on page, navigation paths
• Cookie preferences and interactions
  
  

4. How We Use Your Information

We use your personal data to:

• Provide clinical and aesthetic treatments
• Maintain accurate medical records
• Manage appointments and communicate with you
• Process payments and provide receipts
• Comply with healthcare regulations
• Respond to queries or complaints
• Improve our website and service delivery
• Send you marketing messages (with your consent)
  
  

5. Legal Basis for Processing

We process your data under the following legal bases, depending on the context:

• Consent – for marketing or specific medical photographs
• Contract – to deliver treatment or respond to enquiries
• Legal Obligation – to comply with regulations and tax laws
• Vital Interests – where necessary for emergency care
• Legitimate Interests – for routine business operations
• Special Category Data (Health) is processed under Article 9(2)(h) – for the provision of health care
  
  

6. Data Storage and Security

All personal data is stored securely in clinical systems and databases that meet strict UK data protection standards.

Our measures include:

• Encrypted storage and SSL protection for online transfers
• Password protection and restricted access
• Secure clinical recordkeeping systems
• Regular data protection training for staff

Retention:

We retain personal data in accordance with NHS recordkeeping guidance, usually for a minimum of 8 years following your last appointment, or until age 25 if under 18 at last contact.

7. Sharing Your Data

We do not sell your data. We may share it only where necessary and lawful:

• With healthcare professionals involved in your care
• With regulators such as the CQC or ICO
• With IT or software providers under strict confidentiality
• With legal, insurance, or payment service providers

All third-party service providers are required to comply with applicable data protection laws.

8. Cookies and Website Use

What Are Cookies?

Cookies are small files stored on your device to enhance your browsing experience and allow our website to function properly.

Types of Cookies We Use:

• Strictly Necessary Cookies – For website security and functionality
• Performance Cookies – To help analyse traffic and improve content (e.g. Google Analytics)
• Functionality Cookies – To remember preferences
• Targeting Cookies – Used for remarketing (only with consent)

Managing Cookies:

Upon visiting our site, you’ll be prompted to accept or reject certain types of cookies. You can also control cookies via your browser settings.

Please review our [Cookie Notice] (add hyperlink) for full details on cookies used.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access – To request copies of your personal data
• Right to Rectification – To correct inaccurate data
• Right to Erasure – To request deletion (where legally permitted)
• Right to Restriction – To limit how your data is used
• Right to Data Portability – To transfer data elsewhere
• Right to Object – To certain types of processing
• Right to Withdraw Consent – At any time for non-essential data
• Right to Lodge a Complaint – With the ICO
  
  

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

10. Marketing Communications

With your explicit consent, we may send you updates about treatments, offers, or events via:

• Email
• SMS
• Phone calls

You may withdraw consent at any time by:

• Clicking “unsubscribe” in marketing emails
• Contacting [email protected]

We will never share your data for third-party marketing.

11. Changes to This Policy

We may update this Privacy and Cookie Policy periodically to reflect legal updates or changes in our services.

Last updated: 7 July 2025

The latest version will always be accessible via our website.

12. Contacting Us

To request access to your data or exercise any of your rights, please contact:

Data Protection Officer
Bijoux Medispa
149 Ebury Street
Belgravia
London SW1W 9QN
Email: [email protected]