Our Terms and Conditions

General Data Protection Regulation (GDPR)


Our IT Security policy is defined internally and in line with Information Security Management System (ISMS) ISO/IEC 27001-2017

We have undertaken a risk assessment of our Information Management Systems and the information we process, record and store.

In all cases, we are satisfied that our internal policies and procedures provide our clients and us with a high level of mitigation against data breach and loss of data to a third party.

Our policies and controls enable us to assess and manage the risk of a potential breach or loss of an information processing asset or loss of data relating to our financial systems or data we hold on our clients and patients.

Our personnel are bound by Confidentiality and Privacy agreements. The obligations on the employees endure post end of employment.

Whilst in a public place or amongst relatives or friends our policy prohibits our personnel to discuss, voice or talk about their work; patients or relay any information which may bring the Practice into disrepute or make confidential details public unknowingly. 

Our password policy states strong passwords and personnel MUST NOT ever write passwords down such that they are available to colleagues or any third party.

Regarding email, we ensure that there are enough controls to mitigate any risk of an email being accessed by a third party. We cannot guarantee the safe and confidential transmission of the content once it is transmitted over the Internet.

Our internet protocol (IP) network is a private address non-routable and all critical systems are hard-wired to the local area network and not wireless. For wireless devices connected to the network, there is a stated level of security by way of encryption, authentication, MAC address verification, and network isolation. We do not operate a Guest network.

We only use licensed software applications from recognised suppliers and do not implement or undertake any software modifications or development of applications.

Software upgrades are not implemented automatically but are released in a controlled fashion such that any negative impact can be assessed to mitigate the risk of loss of data.

Our operating system upgrades are undertaken manually on a test node and then rolled out after verification, to critical information processing systems. Our cookie policy is not to accept any cookies unless from a trusted source and certificate. All our systems actively run licensed virus detection software and updates are automatic.

We do not store or retain any data relating to our clients or patient information on our premises. The entire medical, imaging and treatment data and private individual data is hosted and stored in a secure facility in the Cloud which is inherently safe by way of anonymity of our service providers and their hosting facilities.

 We are legally obliged to retain data on our clients and their treatments. In particular for imaging data for a minimum period of six months. Data on individuals relate to citizens of 18+ years. We do not hold any data or information on minors/children.

Our back up system enables us to continue to operate in case of a failure of our information processing assets. In case of a network failure, we have alternative connectivity to the Internet and thus able to continue processing information without interruption.

Regarding physical security, all our premises have CCTV recording systems and are remotely monitored for intrusion and by the emergency services. There are fire detection systems in place including smoke alarms and the entire practice is designated as a “No Smoking Zone.”

We do not have a business continuity policy in place in case of a utility failure or physical destruction of our location. In case of a utility power failure, we can operate using hand-held devices and instrumentation with little or no impact on our operational capability.

With respect to our IT applications and in particular our Patient Management systems our partners have satisfied us that their policies and procedures comply with GDPR. We have an assurance from our suppliers that the existing hosting environment for the service which they provide to us is in line with ISMS standards.

For any requests by our clients for information or change in the dataset which we hold on them, we can respond within 24 business hours of the application. Our security or policy does not allow for our clients to directly gain access to such information without our intervention. We do not charge for the provision of such a service or request.

Requests: You can contact our designated GDPR responsible person by emailing: ar@arclinics.co.uk

Attention: Governance Compliance and Risk Management Officer & GDPR Director


Terms and Conditions: http://www.arclinics.co.uk/content/tac

Web Site Use Policy: http://www.arclinics.co.uk/content/wup

Privacy and Data Protection Policy: http://www.arclinics.co.uk/content/pdp



Book a Consultation

If you are considering aesthetics refinement and require advice in confidence, or have any questions, then please do not hesitate to call us, email, or Skype us.

Alternatively, why not make an appointment for a face-to-face no obligation consultation - We look forward to meeting you.

Aesthetics Refined Clinics

Aesthetics Refined Clinics is a strictly private, personal and professional aesthetics clinic. Our knowledge is based on experience. We are passionate about every detail in what we undertake and with one goal in mind: the wellbeing of our clients.

Medical Insurance

Get in touch

Aesthetics Refined Clinics Limited
London Road

Call 01753-307-161



Connect with Us

Sign up to our newsletter:
I am not a robot
8 + 1 =

Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.