Book a Treatment

Privacy Policy

1. Introduction

Foundation Studio Ltd respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, contact us, book a consultation or treatment, purchase products or services, or otherwise interact with us. Please read this policy carefully. It explains what personal data we collect, why we collect it, how we use it, and the rights you have in relation to your personal data. Under UK data protection law, privacy information should be clear, transparent, and easy to understand.

2. Who We Are

Foundation Studio Ltd is the data controller responsible for your personal data.

Registered company number: 16754532
Registered office: 4th Floor Silverstream House, 45 Fitzroy Street, Fitzrovia, London, United Kingdom, W1T 6EB
Email: hello@foundationstudio.uk

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details above.

3. The Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data, including:

  • identity data, such as your name, title, and date of birth
  • contact data, such as your email address, telephone number, billing address, and postal address
  • appointment and enquiry data, such as information you provide when booking or contacting us
  • medical and health information relevant to your treatment, including consultation forms, treatment history, allergies, medications, contraindications, and clinical photography where applicable
  • payment and transaction data, such as details of payments made to us
  • technical data, such as your IP address, browser type, operating system, and device information
  • usage data, such as how you use our website, including pages visited and time spent on pages
  • marketing and communications data, such as your preferences in receiving marketing from us

Where we collect health information, this is special category data and we will only process it where we have a lawful basis to do so. The ICO requires organisations to identify both the data collected and the lawful basis relied on.

4. How We Collect Your Data

We collect personal data in a number of ways, including:

  • when you fill in forms on our website
  • when you contact us by email, phone, social media, or contact form
  • when you book a consultation, treatment, or membership
  • when you complete medical questionnaires, consent forms, or consultation documents
  • when you subscribe to receive marketing or editorial content
  • when you browse our website, through cookies and analytics tools
  • from third-party booking, payment, or clinic management systems you use to interact with us

We may also receive personal data from third-party service providers involved in appointment booking, payments, email marketing, website hosting, or analytics.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • to respond to enquiries and provide customer support
  • to arrange and manage consultations, treatments, reviews, and memberships
  • to assess suitability for treatment and provide safe clinical care
  • to maintain patient records and comply with medical, legal, and regulatory obligations
  • to process payments and manage accounts
  • to send service communications, such as appointment confirmations, reminders, aftercare, and policy updates
  • to improve our website, services, and patient experience
  • to send marketing communications where you have consented or where we are otherwise permitted by law
  • to protect our business, website, patients, and staff from fraud, misuse, or legal claims

A privacy notice should explain the purposes for processing, the lawful basis relied on, retention periods, and rights available to individuals.

6. Our Lawful Bases for Processing

We rely on one or more of the following lawful bases under UK data protection law:

  • Contract — where processing is necessary to take steps at your request before entering into a contract or to perform our contract with you, such as booking and delivering consultations or treatments
  • Legal obligation — where we need to comply with legal or regulatory requirements
  • Legitimate interests — where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms
  • Consent — where you have given clear consent, for example to receive certain marketing communications
  • Special category condition — where we process health data for the purposes of providing health or aesthetic care, assessing suitability for treatment, or maintaining clinical records, in accordance with applicable law

The rights people have can vary depending on the lawful basis relied on, and the right to withdraw consent should be clearly explained where consent is used.

7. Marketing Communications

We may send you marketing emails about treatments, services, products, events, or editorial content where you have opted in, where you have requested information from us, or where we are otherwise permitted to do so under applicable law. You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. Withdrawing consent for marketing will not affect service-related communications, such as appointment reminders or aftercare messages.

8. Cookies and Analytics

Our website may use cookies and similar technologies to distinguish you from other users, improve your browsing experience, and help us understand how our website is used.

These may include:

  • strictly necessary cookies
  • analytics or performance cookies
  • functionality cookies
  • advertising or targeting cookies, if used

We may use analytics tools such as Google Analytics or similar services to collect website usage data, such as page visits, browser type, time spent on site, and how users interact with content. The ICO says privacy notices should explain cookie use clearly and in plain language, and users should be given accessible information about cookies and their choices. You can manage cookies through your browser settings and through any cookie banner or preference centre made available on the website.

9. Who We Share Your Data With

We may share your personal data with trusted third parties where necessary, including:

  • website hosting providers
  • booking and clinic management software providers
  • payment processors
  • email marketing platforms
  • analytics providers
  • professional advisers, such as accountants, lawyers, insurers, or compliance consultants
  • regulators, law enforcement, courts, or government authorities where required
  • carefully selected contractors or service providers who support our business operations

We require third parties to respect the security of your personal data and to process it in accordance with the law.

10. International Transfers

Some of our third-party providers may store or process personal data outside the UK. Where this happens, we will take appropriate steps to ensure your personal data remains protected and transferred lawfully, including by relying on approved safeguards where required.

11. Data Retention

We will retain your personal data only for as long as necessary for the purposes for which it was collected, including for legal, regulatory, tax, insurance, clinical, and record-keeping requirements. Retention periods may vary depending on the type of data and the reason it was collected. If we do not have a fixed retention period, we will use appropriate criteria to determine how long data should be kept. The ICO says privacy notices should explain either the retention period or the criteria used to decide it.

12. Data Security

We take appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, misuse, alteration, or disclosure. These measures may include secure systems, password protection, restricted staff access, encrypted services, and reputable third-party platforms. Although we do our best to protect your data, no method of transmission over the internet is completely secure.

13. Your Rights

Under UK data protection law, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate or incomplete data
  • request erasure of your personal data in certain circumstances
  • request restriction of processing in certain circumstances
  • object to processing where we rely on legitimate interests
  • request transfer of your data to you or another provider, where applicable
  • withdraw consent at any time where consent is the lawful basis for processing
  • make a complaint to the Information Commissioner’s Office

The ICO says individuals must be told about the rights available to them, and if consent is used they should be told they can withdraw it as easily as they gave it. Subject access requests generally must be handled without undue delay and, in most cases, within one month.

To exercise any of these rights, please contact us at hello@foundationstudio.uk

If you are unhappy with how we use your personal data, you can also complain to the Information Commissioner’s Office via its website.

14. Third-Party Links

Our website may contain links to third-party websites, booking platforms, or social media pages. If you follow a link to any external website, please note that those websites have their own privacy policies and we do not accept responsibility or liability for them. We encourage you to read their privacy policies before submitting any personal data.

15. Children

Our website and services are not directed to children. We do not knowingly collect personal data from children without appropriate authority or legal basis.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal obligations, or business practices. Any updates will be posted on this page and, where appropriate, notified to you by email or through our website.

17. Contact Us

If you have any questions about this Privacy Policy or how your personal data is handled, please contact:

Foundation Studio Ltd
4th Floor Silverstream House, 45 Fitzroy Street, Fitzrovia, London, United Kingdom, W1T 6EB
hello@foundationstudio.uk