Privacy Policy for Dr Frati – Private Cosmetic & Medical Surgical Practice

Last updated: {{11/11/2025}}

At Dr Frati Cosmetic Surgery (“we”, “our”, “the Clinic”), we are committed to protecting the privacy, confidentiality, and security of the personal information entrusted to us. This Privacy Policy explains how we collect, use, store, share, and protect your data in accordance with UK GDPR, the Data Protection Act 2018, and guidelines applicable to the private medical and cosmetic surgery industry.

This policy applies to all patients, website visitors, prospective patients, and individuals who contact or engage with Dr Frati and the Clinic through our website, online forms, phone consultations, email communications, and in-person appointments.

1. Who We Are

Dr Frati Cosmetic Surgery
Private Medical & Cosmetic Surgical Practice
(139 Harley Street, London W1G 6BG)

Dr Frati is a recognised consultant-level cosmetic surgeon providing private medical procedures, clinical assessments, follow-up care, pre-operative and post-operative consultations, and non-surgical aesthetic treatments. Our services require the collection and processing of sensitive medical data, and we maintain the highest levels of confidentiality under UK medical privacy standards.

2. Data We Collect

We collect information necessary to provide safe, effective, and legally compliant medical care. This includes:

2.1 Personal Identification Information

• Full name
• Date of birth
• Address
• Email address
• Phone number
• Emergency contact details

2.2 Medical & Clinical Information (Special Category Data)

We may collect sensitive health information necessary for diagnosis, medical assessments, and surgical planning, including:

• Medical history
• Photographs for clinical assessment
• Medication lists
• Allergy information
• BMI, weight, height
• Past surgeries
• GP details
• Diagnostic information
• Clinical notes and follow-up reports

Processing of this data is required for medical purposes, under UK GDPR Article 9(2)(h).

2.3 Payment Information

• Billing address
• Payment method
• Transaction history
  (We do not store card details; payments are processed securely via approved third-party providers.)

2.4 Online & Website Data

We collect basic website usage data to improve user experience and SEO performance, including:

• IP address
• Browser type
• Device information
• Cookies & analytics data
• Behavioural and interaction data on site pages

This helps us enhance the quality, accessibility, and visibility of our medical content.

3. How We Use Your Data

Your data is used strictly for legitimate medical, administrative, and legal purposes, including:

• Booking consultations
• Conducting clinical assessments
• Preparing personalised treatment plans
• Providing medical and surgical treatment
• Managing aftercare and follow-up appointments
• Communicating essential health information
• Maintaining accurate medical records
• Responding to enquiries
• Processing payments and invoices
• Meeting regulatory and professional obligations

For website visitors, data may be used for:

• Improving site performance and patient experience
• Monitoring SEO metrics
• Analysing patient interest in services
• Marketing approved medical information (with consent)

We do not use patient medical data for advertising.

4. Lawful Basis for Processing

We process your information under the following lawful bases:

• Medical diagnosis and treatment
• Performance of a contract
• Legitimate interests (e.g., appointment management)
• Legal obligations (e.g., regulatory documentation)
• Explicit consent (e.g., marketing opt-in, before/after photos)

---

5. Sharing Your Information

Data is shared only when necessary and lawfully permissible. This may include:

• Specialist medical professionals involved in your care
• Accredited laboratories (if required)
• Your GP (only with consent unless necessary for safety)
• Payment processors
• Medical indemnity insurers (where relevant)
• Regulatory bodies (if legally required)

We never sell patient information to third parties.

6. How We Protect Your Data

We use robust physical, digital, and procedural safeguards:

• Encrypted medical records
• Secure, password-protected clinical systems
• Restricted access for authorised clinical staff only
• Encrypted email systems for sensitive communication
• Regular cybersecurity audits
• Secure storage for paper-based records (if used)

We comply fully with UK medical confidentiality standards.

7. How Long We Keep Your Data

We retain medical records for the period required under UK medical legislation:

• Adult medical records: usually 8 years
• Surgical records: minimum of 8 years
• Financial records: 6 years
• Before/after photos: until consent is withdrawn
• Marketing preferences: until you unsubscribe

After these periods, data is securely deleted or destroyed.

8. Your Rights Under UK GDPR

You have rights regarding your personal data, including:

• Access to your medical records
• Correction of inaccurate information
• Request deletion (where applicable)
• Restrict processing
• Data portability
• Withdraw consent (for marketing/photography)
• Object to processing (in limited cases)

9. Cookies & Online Tracking

Our website uses cookies for performance, security, and analytics.
These help:

• Improve site speed
• Monitor SEO metrics
• Understand patient browsing behaviour
• Enhance user experience

You can manage cookie preferences in your browser settings.

10. Marketing & Communication

You will only receive marketing communications (such as newsletters, clinic updates, or cosmetic surgery insights) if you explicitly opt-in.

You can unsubscribe at any time via:

• Email link
• Contacting our team
• Updating your preferences

We never use clinical photos for marketing without written consent.

11. International Data Transfers

If data is transferred outside the UK (for example, via secure software providers), it is protected under legally approved safeguards, such as:

• UK adequacy regulations
• Standard Contractual Clauses (SCCs)

12. Changes to This Privacy Policy

We may update this policy to reflect changes in legislation or clinic practices.
Any updates will be posted with a revised “Last updated” date.

13. Contact Us

For questions about this Privacy Policy, or to exercise your data rights, please contact:

Dr Frati Cosmetic Surgery

139 Harley Street, London W1G 6BG