Matt Newbery Professional – Privacy Policy

1. Introduction

This Privacy Policy explains how Matt Newbery Professional (“we”, “us”, “our”) collects, uses, stores, and protects your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We may collect the following personal data:

- Name, contact details, and date of birth

- Medical history and health information for treatment suitability

- Treatment notes and consultation forms

- Payment and billing details

- Marketing preferences and communication history

- Technical data such as IP address and cookies (see Cookie Policy)

3. How We Collect Your Information

We collect data directly from you through:

- Our Ovatu online booking system

- Consultation and consent forms completed via Faces Consent (stored securely on Amazon Web Services servers)

- Direct communication by phone, email or in-person

- Website contact forms or newsletter sign-ups

4. Purpose of Data Collection

We use your data to:

- Provide and manage bookings and treatments

- Maintain accurate medical and treatment records

- Process payments and issue invoices

- Send appointment reminders and follow-ups

- Deliver marketing messages (only if you’ve opted in)

- Comply with legal and insurance requirements

5. Lawful Basis for Processing

Completed treatments are non-refundable. We do not provide refunds for dissatisfaction with expected outcomes, as individual results vary. Refunds for gift vouchers are available within 14 days of purchase only. After 14 days, vouchers become non-refundable but remain valid until expiry.

6. Gift Vouchers

We process your data under one or more of these lawful bases:

- Consent – for marketing or health information you provide voluntarily

- Contract – to deliver the treatment or service you have booked

- Legal obligation – to maintain treatment and financial records

- Legitimate interest

– to operate, secure and improve our services

6. Data Storage & Security

Your information is stored using secure, GDPR-compliant systems.

- Faces Consent and Ovatu use encrypted storage and secure cloud servers (AWS).

- We take appropriate organisational and technical steps to protect data from unauthorised access, alteration, or loss.

7. Data Retention

Client and medical records are kept for seven (7) years after your last treatment, in line with UK insurance and regulatory standards. After this period, data is securely deleted or anonymised.

8. Marketing

If you opt in, we may send you updates or promotions via email or SMS. You can withdraw consent at any time by clicking “unsubscribe” or contacting us directly.

9. Your Rights

You have the right to:

- Access your personal data

- Request correction or deletion of inaccurate data

- Restrict or object to certain processing

- Withdraw consent for marketing at any time

- Lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your rights are being infringed

10. Data Sharing

We never sell or trade personal data. We only share data with trusted service providers (such as Ovatu and Faces Consent) who are contractually bound to maintain confidentiality and data protection compliance.

11. Cookies

Our website uses cookies to enhance user experience and analyse website performance. See our separate Cookie Policy for full details.

12. Updates to This Policy

We may update this Privacy Policy occasionally. The latest version will always be published on our website and supersede previous versions.