Privacy Policy
Last updated: May 2026
1. Who We Are
Hidden Clinic (“we”, “our”, “us”) is a clinical aesthetics and diagnostic clinic based in Muswell Hill, London N10. We are the data controller for the personal information we collect from you. You can contact us at support@hiddenclinic.com.
2. Information We Collect
We may collect the following personal data:
- Identity data: name, date of birth, gender
- Contact data: email address, phone number, postal address
- Health data: medical history, treatment records, blood test results, photographs, scalp imaging, and diagnostic reports
- Financial data: payment information (processed securely via third-party providers)
- Technical data: IP address, browser type, device information, and cookies when you visit our website
- Communication data: correspondence via email, phone, WhatsApp, or our website contact form
3. How We Use Your Data
We process your personal data for the following purposes:
- To provide clinical consultations, diagnostics, and treatments
- To communicate with you about appointments and follow-up care
- To maintain accurate medical records as required by law
- To process payments for our services
- To send marketing communications (only with your explicit consent)
- To improve our website and services through anonymised analytics
- To comply with legal and regulatory obligations
4. Legal Basis for Processing
We process your personal data under the following legal bases under UK GDPR:
- Consent: for marketing communications and non-essential cookies
- Contract: to provide the services you have requested
- Legal obligation: to maintain medical records and comply with healthcare regulations
- Legitimate interest: to improve our services and ensure the security of our systems
- Vital interests: in rare medical emergencies
5. Health Data
As a clinical practice, we process special category data including health information. This is processed under Article 9(2)(h) of UK GDPR — for the provision of health care and treatment. All health data is stored securely and access is restricted to authorised clinical personnel only.
6. Data Sharing
We do not sell your personal data. We may share data with:
- Laboratory partners (for blood tests and diagnostics) — under strict data processing agreements
- Payment processors — to handle transactions securely
- IT service providers — for hosting and technical support
- Regulatory bodies — where required by law
7. Cookies
Our website uses essential cookies to ensure functionality and, with your consent, analytics cookies to understand how visitors use our site. You can manage your cookie preferences at any time. We use Google Analytics to collect anonymised usage data — this is only activated when you accept cookies via our consent banner.
8. Data Retention
Medical records are retained for a minimum of 8 years from the date of last treatment, in accordance with NHS and regulatory guidelines. Contact and marketing data is retained until you withdraw consent. Website analytics data is retained for 26 months in anonymised form.
9. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure of your data (subject to legal retention requirements)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with the Information Commissioner's Office (ICO)
To exercise any of these rights, contact us at support@hiddenclinic.com.
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption, access controls, secure hosting, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
11. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
12. Contact
For any questions about this policy or your personal data, please contact us: