This privacy policy sets out how The Malvern uses and protects any information that you provide to us. This policy is effective from 25 September 2025.
The Malvern is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our services, including but not limited to this website, consent forms, client records, and before and after images, it will only be used in accordance with this privacy statement.
At our discretion, we may change our privacy policy to reflect updates to our business processes, practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
What We Collect
We may collect and store personal information from you when you contact us using the form on our website, or contact us via email, social media, or via any similar technologies.
This information can include your full name, email address and telephone number, as well as any additional information you choose to provide.
When you are registered for a client account, we may collect and store any / all of the following information:
Your full name, date of birth, postal address, telephone number, and email address.
When you book an appointment for the first time, you may be asked to complete a consultation form, either online or in clinic. When you submit this form, we may collect and store the following information:
Your full name, date of birth, postal address, telephone number, email address, any relevant medical information, including your GP contact details, your medical history, skin treatment and procedure history, allergies, and medication.
When you book an appointment, either yourself online, by phone, or in clinic, we will collect and store appointment details that may contain your personal information, including your full name, records, and any additional information you choose to provide. Upon attending an appointment, we may collect and store your personal information via a treatment record. If you so choose, we may also collect and store “before and after” images of your treatment(s). For this purpose and others, we may require you to complete and sign consent forms, where we may also collect and store personal information.
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
What We Do with the Information We Gather
We require your contact information in order to contact you with any clinic updates, newsletters, and essential clinic information. We collect your personal and medical information to ensure your safety and suitability for treatment. All personal data, including medical history and personal information is stored securely with Ovatu. See their privacy policy below for more information.
We will not sell, distribute or lease your personal information to third parties other than sharing it with Ovatu (our booking and client account system) and Mailchimp (our Newsletter distribution company). Click the links below for more information about their respective privacy policies.
Ovatu Pty Ltd Privacy Policy – https://ovatu.com/policy/privacy
Mailchimp (Intuit) Privacy Policy - https://www.intuit.com/privacy/statement/
Data Protection
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
All data stored and shared with Ovatu and Mailchimp (Intuit) is subject to their respective privacy and data protection policies.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. We will comply with laws applicable to us in respect of any data breach.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.
Data Retention
We will retain your data for as long as necessary to fulfil the purposes for which it was collected, including meeting any legal, accounting, or reporting obligations. We may retain your personal information for archiving purposes, scientific, or historical research purposes or statistical purposes.
When determining the appropriate retention period, we consider:
The amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for processing and whether these can be achieved through other means, applicable legal requirements.
For example:
Tax purposes: We are legally required to keep basic customer information (including contact, identity, financial, and transaction data) for six years after you cease being a customer.
Insurance purposes: We are legally required to retain customers’ medical and treatment records for seven years after they stop receiving treatment.
Many customers choose to keep their client account after completing their treatment so they can return in the future. Your customer/client account and all associated data may not be removed unless you request this specifically. If you no longer wish to be classified as a customer for data retention purposes, please notify us so we can update our records accordingly. As above, some data may still be retained for tax, insurance, and other legal purposes.
Providing the requirements of these purposes have been met, we may retain, permanently delete, or anonymise your data without notice.
If you believe that any of your information stored with us is incorrect or incomplete, please send an email to The Malvern as soon as possible using the email address at the foot of all the site pages. We will promptly correct any information found to be incorrect.
Contact Us
For any questions or concerns regarding your privacy, or our privacy policy, you may contact us using the following details:
0118 932 1817
enquiries@themalvern.co.uk
