top of page

PRIVACY POLICY

1. Introduction

Westfield Clinic (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal data in a safe, transparent, and lawful manner. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website or receive our services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

2. Information We Collect

We may collect and process the following personal data:

  • Name

  • Address

  • Email address

  • Telephone number

  • Date of birth (where applicable)

  • Medical history relevant to treatment

  • Appointment and treatment history

  • Payment information (processed securely via third-party providers)

  • IP address and device information

  • Website usage data (pages visited, time spent, interactions)

We do not store full card payment details on our systems.

 

3. How We Collect Your Information

We collect information when you:

  • Book an appointment or consultation

  • Complete consultation or medical forms

  • Contact us by email, phone, or website forms

  • Make payments or purchase services

  • Browse our website (via cookies and analytics tools)

 

4. How We Use Your Information & Communications

We use your data to:

  • Provide safe and effective treatments

  • Manage appointments and bookings

  • Maintain medical and treatment records

  • Process payments

  • Respond to enquiries and provide customer support

  • Send important service-related communications

  • Improve our services and website experience

  • Comply with legal and regulatory obligations

We may also send marketing communications where you have provided consent, which you can opt out of at any time.

 

5. Legal Basis for Processing

We process your personal data under the following lawful bases:

  • Contract – to provide treatments and services you have requested

  • Legal obligation – to comply with medical, tax, and regulatory requirements

  • Legitimate interests – to operate and improve our business

  • Consent – for marketing communications or optional data usage

 

6. How We Store Your Information

We use secure systems and third-party platforms to store and manage your data, including:

  • Wix (website hosting and booking system)

  • Vagaro (clinic management and booking software, if applicable)

Your data is stored on secure servers protected by firewalls and encryption.

We take appropriate technical and organisational measures to protect your information from loss, misuse, or unauthorised access.

 

7. Data Sharing

We do not sell your personal data.

We may share your information with trusted third parties where necessary, including:

  • Website hosting providers

  • Payment processors

  • Booking and clinic management systems

  • IT and data storage providers

  • Professional advisors or regulatory bodies (if required by law)

All third parties are required to handle your data securely and in compliance with UK GDPR.

We may also disclose information where required by law or to protect legal rights.

 

8. International Transfers

Some service providers may store or process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR.

 

9. Data Retention

We retain personal and medical records for a minimum of 8 years after your last treatment, in line with clinical and insurance requirements.

After this period, your data will be securely deleted or anonymised.

 

10. Your Rights

Under data protection law, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data (where applicable)

  • Object to processing in certain circumstances

  • Withdraw consent for marketing at any time

  • Request restriction of processing

  • Request data portability

To exercise your rights, please contact us using the details below.

 

11. Cookies

Our website uses cookies and similar technologies to:

  • Improve website functionality

  • Analyse website traffic and usage

  • Enhance user experience

  • Support marketing and advertising (where applicable)

You can manage or disable cookies in your browser settings. Some website features may not function properly if cookies are disabled.

 

12. Third-Party Services

We may use third-party tools such as:

  • Wix (website and bookings)

  • Analytics tools (e.g. Google Analytics, if enabled)

  • Payment providers

These services may collect limited data as part of their functionality.

 

13. Security & Clinical Governance

We take data security and clinical safety seriously and use appropriate safeguards including:

  • Encrypted systems

  • Secure servers

  • Access controls

  • Staff confidentiality obligations

We maintain internal clinical governance procedures to ensure safe and appropriate treatment delivery.

 

14. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

 

15. Contact Details

If you have any questions about this Privacy Policy or your data, you can contact us:

Westfield Clinic
2 Westfield Close
Keynsham
Bristol
BS31 2HQ
United Kingdom

bottom of page