logo

Privacy Policy

Aesthetidocs Limited ("Aesthetidocs") is committed to protecting your personal information and respecting applicable data protection laws around the world. This privacy policy explains how we do this, and it applies to your use of our websites, products, and services.

How we use your personal information

We use personal information in order to promote and provide the Aesthetidocs software service, to ensure the security of our websites, and to run our business. We have set out below more information on the categories of personal information that we collect, the specific ways in which that personal information is processed by us, the legal bases which permit us to do this, and the types of partners with whom we share your personal information.

What information does Aesthetidocs collect?

  • Your name, username, and password
  • Your address, email address, and phone number
  • Your payment details
  • Your marketing preferences, including any consents you have given us
  • Information related to the browser or device you use to access our websites
  • Records of your use of Aesthetidocs services
  • Any personal medical information you submit to us when completing any of our forms, documentation or otherwise provided by you as part of booking and managing your appointment with your chosen clinic

How does Aesthetidocs use your information?

We use your information as follows:

  • To fulfil a contract with you or take steps at your request before this:
    • When you use our platform to create and manage a booking with a clinic
    • Providing information and technical support if you ask for this
    • Contacting you with information about changes to services
    • Handling credit card information provided through our websites using PCI-compliant payment services
    • Storing and analysing your information in order to review and progress your job application if you apply to work with us
  • As required by Aesthetidocs to conduct our business and pursue our legitimate interests, in particular:
    • Giving you access to our products or services
    • Providing you with different content within a product or service, depending on how you use that product or service
    • Letting you know about Aesthetidocs products and services by post, email, and phone in accordance with your marketing preferences and laws relating to direct marketing
    • Analysing how you use Aesthetidocs products and services so we can improve our levels of service and develop future products and services, including through the use of surveys
    • Ensuring the security of Aesthetidocs websites and information technology systems and protecting our rights.
  • Where you give us consent:
    • Where we need your consent to process your medical and other sensitive personal information
    • If we need your consent in order to send marketing for Aesthetidocs products and services to you
  • For purposes which are required by law:
    • Sharing your personal information in order to comply with legal obligations to which Aesthetidocs is subject.

How will Aesthetidocs share your information?

We share your personal details:

  • Within Aesthetidocs in order to carry out the processing described above
  • With such clinics or treatment providers with whom you are seeking to make and manage a booking or appointment
  • With third party service providers who process your information on Aesthetidocs’s behalf for the purposes above – such as payment processors, or IT service providers

We will also share your personal information:

  • If we think this is necessary to in order to protect the rights, property, or safety of Aesthetidocs, our employees, our commercial partners, or our customers. This includes sharing information for the purposes of fraud protection and credit risk reduction
  • With government authorities and/or law enforcement officials if required by law.

Giving and withdrawing your consent, and updating your personal information

Where your consent is required for us to process your personal information, we will ask for your consent at the point at which you provide your data. You have the right to withdraw that consent at any time. You can also update your personal information at any time. If you wish to do either, contact us at support@aesthetidocs.com .

Storing your personal information

Your personal information may be stored and processed outside of the country where it is collected, including outside of the United Kingdom or the European Economic Area. When transferring information to others, within the UK, the EEA or otherwise, we ensure that appropriate and suitable safeguards and technical measures are in place to protect your personal data. To do this, we make use of standard contractual clauses that have been approved by the UK authorities and the European Commission with our suppliers, or we implement other similar measures required by laws around the world.

We will only keep records of your personal information for as long as is reasonably necessary for the purposes for which we have collected it, and in order to comply with any statutory or regulatory obligations in relation to retention of records. We respect requests to stop processing your personal data for marketing purposes. This includes keeping a record of your request indefinitely so that we can respect your request in future.

Your rights

You have the right to request access to and rectification or erasure of personal information, the right to restrict processing of your personal information, and the right to object to processing of your personal information. You have the right to object to your personal information being processed on the grounds of Aesthetidocs’s legitimate interests. You have the right to object to us sending you direct marketing and profiling you for the purposes of direct marketing. You have the right to lodge a complaint regarding our processing of your personal information with a data protection supervisory authority in a country where you live, work, or where you believe a breach may have occurred.

Contacting us

The data controller for our websites, products and services is Aesthetidocs Ltd of Lockview House, 49 Lockview Road, Belfast, Northern Ireland, BT9 5FJ.

You can contact us by email at support@aesthetidocs.com .

If you wish to contact our Data Protection Officer, please email dataprotection@aesthetidocs.com .


MedsHut Clinic – Privacy Policy

Effective from: 20 January 2026This Privacy Policy explains how MedsHut Clinic (“we”, “us”, “our”) collects, uses, stores, and shares your personal data when you book or use our in-clinic and online services.

Who we are (Data Controller): Nojen Clinical Ltd (trading as MedsHut / MedsHut Clinic). Address: PDQ Workspace, Prospect House Business Hub, Factory Road, Sandycroft, Deeside, Flintshire, CH5 2QJContact (privacy queries/rights): info@medshut.com | 0330 043 0301

Booking platforms used (processors):

1) The data we collect

A. Identity and contact data

Name, date of birth, gender (where relevant), contact details (email/phone)

Address (including billing/delivery where relevant)

Emergency contact details (if you provide them)

B. Booking and account data


Appointment requests, booking history, cancellation/rescheduling notes

Messages you send to us (email, web forms, chat), and call notes

C. Health and clinical data (special category data)

Medical history, symptoms, allergies, medications, lifestyle information relevant to treatment

Consultation notes, clinical assessments, outcomes, treatment plans, aftercare advice

Photographs (only if required for clinical documentation/consent and you provide them)

Test results (if applicable) and clinician correspondence

Health data is special category data and needs extra protection under UK GDPR. 

D. Payment and transaction data

Deposit/payment status, invoices/receipts

We do not normally store full card details; payments are handled by regulated payment providers.

E. Technical and usage data (when you use our websites/booking portal)

IP address, device/browser information, log files, cookies, and analytics data (where used)

Pages visited and actions taken on our sites

2) How we collect your data

We collect data when you:

book an appointment (online or in clinic),

complete forms/questionnaires or submit photos,

contact us by email/phone,

attend consultations and receive treatment,

use our website/booking portal (cookies/technical logs).

3) Why we use your data (purposes)

We use your data to:

provide safe clinical care (assess suitability, deliver treatment, and arrange follow-up),

manage bookings, deposits, and appointment administration,

communicate with you about your appointment and aftercare,

maintain accurate clinical records and patient safety,

meet legal and regulatory obligations (including pharmacy/clinical governance requirements),

prevent and detect fraud and protect platform security,

improve services and customer experience (in a proportionate way).

The ICO expects privacy notices to clearly explain purposes like these. 

4) Lawful bases (UK GDPR) – including health data

When we process your data we rely on:

Article 6 (personal data) lawful bases

Common bases include:

Contract – to provide the services you book/request.

Legal obligation – where we must comply with healthcare/pharmacy or other laws.

Legitimate interests – to run and protect our services (e.g., preventing fraud, improving service delivery).

Consent – where required, e.g., some marketing communications (you can withdraw this at any time). 

Article 9 (special category health data) conditions

Because we process health data, we also identify an Article 9 condition (in addition to Article 6). Commonly, processing is necessary for healthcare/medical purposes and for the management of health or social care systems and services, with appropriate safeguards. 

5) Sharing your data (who we share it with)

We only share your information when necessary and with appropriate safeguards. Depending on your care, we may share data with:

Clinicians and pharmacy professionals involved in your care

Booking/clinic management platform providers (e.g., AesthetiDocs) to manage appointments, forms, consent documentation, and patient records on our behalf 

Payment providers to process deposits and payments

Delivery partners (where products/medicines need delivering)

Laboratories/test providers (where you choose/require testing)

IT and security providers who support our systems (hosting, email, backups)

Regulators and authorities where required by law (e.g., to comply with statutory obligations)

We do not sell your personal data for marketing. 

6) International transfers

We aim to keep your data in the UK. Where any service provider stores/processes data outside the UK, we will ensure appropriate safeguards are in place (such as UK adequacy regulations or approved contractual protections).

7) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes above and to comply with legal/regulatory/insurance requirements. The ICO requires that you are told either a retention period or the criteria used to set it. 

Clinical records: retained in line with applicable professional, legal, and insurer requirements (criteria include the nature of treatment, follow-up needs, limitation periods, and regulatory expectations).

Prescription/order records (where applicable): retained for minimum periods required by pharmacy rules (our pharmacy privacy information notes prescription records are kept for at least 2 years). 

Marketing preferences: if you opt out, we may keep a minimal record of that preference to ensure we respect it.

8) Your rights

Under UK data protection law, you have rights including:

access to your data,

correction of inaccurate data,

deletion (in some cases),

restriction of processing,

objection (including to direct marketing),

data portability (where applicable),

withdrawal of consent (where consent is used). 

Important: some rights are not absolute and may be limited where we must keep records for legal/regulatory reasons (for example, maintaining clinical/pharmacy records). 

To exercise your rights, contact info@medshut.com. 

9) Automated decision-making

We may use online questionnaires and form logic to help collect information efficiently, but we do not make purely automated decisions that produce legal or similarly significant effects without appropriate human/clinical review.

10) Cookies and analytics

Our sites may use cookies and similar technologies for essential site functions and (where enabled) analytics. You can control cookies through your browser and any cookie settings presented on our site. The ICO provides guidance on cookies and privacy notices. 

11) Keeping your data secure

We use appropriate organisational and technical measures designed to protect personal data, such as access controls, secure systems, and staff confidentiality obligations. No online system is 100% secure, but we work to protect data and respond appropriately to suspected incidents.

12) Children’s data

Our services are generally intended for adults. If any service is offered to under-18s, we will make the applicable consent/guardian requirements clear at the time of booking.

13) How to complain

If you have concerns about how we use your data, please contact us first so we can help:

info@medshut.com

14) Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in services, systems, or legal requirements. The latest version will be available on our website.