Register Now
Register Now

Privacy Policy

Privacy Policy

Privacy Policy

Last updated: 2025-09-01

This Privacy Policy explains how Saulė Ra Dermatology Clinic (hereinafter – “Clinic”, “we”, “our”) processes your personal data when you visit our website sauleraclinic.uk (hereinafter – “Website”), register and use our services, communicate with us, or apply for a job position.

When processing personal data, we comply with the UK GDPR (United Kingdom General Data Protection Regulation), the Data Protection Act 2018, and, where applicable, the, EU GDPR and other relevant legislation.

1. Data Controller

  • Name: Saulė Ra Dermatology Clinic [juridinio asmens forma, jei yra – „Ltd“ ir registracijos nr.]

  • Adress: Unit 5, Shinwell House, Merrielands Cres, Dagenham, RM9 6FL

  • Mail: saulera.clinic@gmail.com

  • Number: +44 7743 467235

Jei šią Politiką atnaujinsime, nauja redakcija bus paskelbta Svetainėje su atnaujinimo data.

2. What data do we collect and why?

2.1. Website visitors and cookies

Data we collect: IP address, device information, browser type, date/time of visit, pages visited, interaction with content.

Legal bases:

  • Necessary cookies – legitimate interest (Website functionality and security).

  • Analytics and marketing cookies – consent (if provided via the cookie banner).

  • Security and protective measures (e.g., anti-spam) – legitimate interest.

Cookie categories:

  • Analytics – traffic and performance statistics (e.g., Google Analytics, if used).

  • Marketing – personalised advertising, remarketing (e.g., Meta/Google Ads tags, if used).

2.2. Communication and enquiries

Data processed: name, surname (if provided), email address, phone number, message/enquiry content, date, time, our response, social media account name (if you contact us via social media).

Legal bases:

  • Contract conclusion and performance (when communicating about services).

  • Legitimate interest (internal administration, ensuring service quality).

  • Legal obligation (when we must respond to authorities or retain records).

Social media: when communicating via platforms (e.g., Facebook, Instagram, LinkedIn), your data is also processed by those platform providers in accordance with their privacy policies.

2.3. Service registration and medical documentation

Data processed: name, surname, phone number, email, chosen service/procedure, clinic location, additional information, registration date and time. special category data (health data): medical history, diagnoses, test results, treatment plan, prescriptions, photographs (if required for medical purposes), etc.

Legal bases:

  • Legal bases: (registration, appointment administration).

  • Healthcare purposes (UK GDPR Art. 9(2)(h)) provision of treatment, medical diagnostics.

  • Legal obligation (medical records management in line with applicable laws).

  • Legitimate interest (service quality, incident management).

2.4. Direct marketing and newsletters

Data processed: email address, name (if provided), subscription preferences.

Legal bases:

  • Consent (when you voluntarily subscribe to the newsletter).

  • Legitimate interest to inform existing clients about similar services (you may opt out at any time).

You can unsubscribe at the bottom of each email or by contacting us directly.

3. Sources of data

  • From you directly when filling forms, writing, calling, or visiting us.

  • From your device via cookies and similar technologies.

  • From other healthcare providers or insurance companies (when necessary for service provision and legally permitted).

  • From publicly available sources (e.g., professional networks during recruitment).

4. Who we share data with

  • Service providers (processors): – IT, hosting, email, CRM, call management, messaging, analytics, security, accounting, newsletters, marketing, and advertising platforms – only to the extent necessary for service provision.

  • Medical institutions/specialists – when required for treatment and legally justified.

  • Insurance companies – for payment/compensation purposes.

  • Public authorities – when required by law.

  • Lawyers/consultants – for dispute resolution based on legitimate interest.

We always ensure appropriate contractual and organisational security measures.

5. International transfers

If data is transferred outside the UK/EEA (e.g., to cloud service providers), we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK IDTA/Addendum, adequacy decisions, or other lawful guarantees.

6. Data retention periods

  • Registration data: up to 1 year from the registration date (if no appointment takes place), or longer if required for accounting/legal defence.

  • Medical records: according to UK law (retention periods vary depending on the type of service – we comply with applicable rules).

  • Newsletters: up to 5 years from consent or last activity, unless consent is withdrawn earlier.

  • Candidate data: up to 4 months after the end of recruitment, unless longer retention is consented to.

Retention periods may be extended if necessary for legal disputes or compliance with laws.

7. Your rights

Under the UK GDPR you have the following rights (with exceptions):

  • Right of access (obtain a copy of your data).

  • Right to rectify inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”) – where applicable.

  • Right to restrict processing in certain circumstances.

  • Right to data portability – receive data in a structured, commonly used format and/or transmit it to another controller.

  • Right to object to processing, including direct marketing.

  • Right to withdraw consent (where processing is based on consent).

  • Right not to be subject to decisions based solely on automated processing (if applicable).

Requests can be submitted by email at [saulera.clinic@gmail.com] or by post to our address. We respond within 1 month (this may be extended up to 3 months for complex requests). We may request proof of identity.

Complaints: you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk, tel. 0303 123 1113. We encourage you to contact us first – we will aim to resolve the issue.

8. Security

We apply technical and organisational measures (access control, encryption, audits, staff confidentiality obligations) to protect data from unauthorised access, loss, or disclosure. However, transmission over the internet cannot be considered fully secure.

9. Third-party links

The Website may contain links to third-party websites or services. We are not responsible for their privacy practices. We recommend reviewing their respective privacy policies.

10. Intellectual property

All material on the Website (texts, photos, graphics, logos, trademarks) belongs to the Clinic or is lawfully used and protected by law. Copying, publishing, distributing, or otherwise using it without permission is prohibited. Permissions are granted in writing.

Additional information:

  • We use platforms such as: website management system, hosting provider, email service, booking system, payment collection services (if applicable), analytics (e.g., Google Analytics), advertising platforms (e.g., Google/Meta).