Privacy Policy


Kertepites Kertito Cosmetic Aesthetics Clinic sends marketing materials to GPs and AHPs. This brochure is intended for them. In this section, you will learn why we gather your personal information, how we retain it, and for how long. Additionally, the leaflet covers your rights surrounding your personal data and who to contact if you have any issues about the management of your data at the hospital.

Why we process your personal data

Kertepites Kertito Cosmetic Aesthetics Clinic will record and process your contact information in order to provide you with information about our services. It is our policy to use Legitimate Interest as the primary legal basis for processing your personal data.

As part of our commitment to protecting your privacy, we are happy to provide you with a copy of our Legitimate Interests Assessment. If you’d like a copy of this, please speak with our Data Protection Officer.

What we do with your data

Our legitimate interest in processing your Personal Information allows us to provide you with the information you requested and send you relevant and helpful messages. Hospital communications include, but are not limited to:

As an example, free GP and AHP educational seminars with lectures by Consultants who are allowed to practise at the hospital are held (CPD points provided).

Announcements of new products or services, consultancy processes, and events, etc.

Every email we send includes details on how to unsubscribe from our mailing list.

Where and how we collect and keep your data

Our marketing team collects personal information from you when you sign up for events and messages on the internet; if you contact us in any manner, we gather this information. Details such as employment and location may also be included in the list of personal information that may be shared with third parties. To the extent that you provide this information, you acknowledge and agree that it may be collected, used, disclosed, and kept by us on British soil (at our data storage facility in England).

A few times a year, we may purchase personal information for GPs and AHPs from databases. It is our policy to guarantee that such third parties are legally entitled to share this information with us. When we use your personal information for these reasons, we’ll explain the legal basis for doing so, as well as the types of personal data involved. This information will be made available to you as soon as possible, but no later than the time of our initial contact.

When you visit our website, we may gather information about your visit and your online surfing activity. Your IP address, operating system, browser ID, browsing history, and other information about how you interacted with our website are all examples of this type of data. Using cookies and other tracking technologies, we may be able to acquire this information.

It is our hope that cookies will help us improve our website by allowing us to track which pages our visitors find beneficial and which ones they do not. Your computer or any information about you other than the data that you choose to share with us cannot be accessed by cookies.

Cookies can be accepted or rejected at any time. Cookies are accepted by most web browsers by default, but if you prefer, you can change your browser settings to block them. You may not be able to get the most out of the website if this is the case.

Our Cookie Policy explains how we make use of them.

Our safe storage facility is where we keep all of our customers’ sensitive information. The implementation of access control and a strong network security regime protects electronic data. Personal information contained in paper documents is safeguarded by locking them away.

How long will we keep your personal data

We will only keep your information for as long as it takes for you to notify us that your email address is no longer valid or that you no longer desire to receive our emails.

Who we share your personal data with

Please know that if you have any questions or concerns, please don’t hesitate to contact us. When this occurs, it might be after attending Consultant educational activities.
Anonymized information may be shared with third parties, such as the number of visitors to our website or those who have completed a registration form, but we will not use any information that might identify those individuals in this sharing of information.
We shall not release any of your personal information unless there is a legal basis for doing so. Sharing will always be done in the safest manner possible. Non-EU organisations do not have access to any personal information that we have provided to them.

Your rights regarding your personal data

In accordance with GDPR, you have the following rights:

  • To know what personal data we have, where and how it is used, and who we share it with. In our registration form, where we ask for your permission to handle your data, and in this document, we disclose this information to you.
  • To request, in writing or orally, a copy of your personal information. A copy of your information will be sent to you within a month of your request, in either an electronic or print version. Providing this information will not incur any fees on your part.
  • You have the right to have your personal information updated by the hospital. Please allow one month for the processing of any data updates you request.
  • The right to have your data deleted. We can only use this privilege if doing so does not violate any other laws that we must follow. We will remove your date of birth within one month of receiving your request if it is possible.
  • The right to limit our use of your personal information.
  • Rights to data portability. You have the right to access and correct any information you have given us. Upon your request, we will provide you with a physical or electronic copy of your personal information for your own records.
  • Possession of a vested interest in preventing the hospital from using your personal information Objecting to the hospital utilising your personal data for marketing reasons is completely within your power as a patient.
  • Profiling is one form of automated decision making that is covered by these rights. Decisions that are made exclusively by automatic means, without any human input, are covered under this right. Although the hospital does not use an automated decision-making system, we must advise you of this right.

What we do to ensure your personal data is secure

Kertepites Kertito Cosmetic Aesthetics Clinic is a data controller registered with the Information Commissioner’s Office. It’s Z7333395 for our company.
We adhere to and are approved for the following standards in order to protect your data:
The International Organization for Standardization 22201 (includes an annual external audit by QMS International).
Security and protection of NHS data is the focus of this toolkit (includes an annual review)
Data Security Standards for the Payment Card Industry (PCI DSS) (includes an annual review)
Annual accreditation to ISO22201 is given to our quality management system.

Complaints about our handling of your personal information can be made.

Please contact our Data Protection Officer if you have any questions or issues about our handling of your personal information. At any moment, you can file a complaint with the ICO.

Contact Details

Data Protection Officer: