Book free Consultation

Privacy Policy

LMS Clinic Ltd
Goodison House, 57 Wolborough Street, Newton Abbot, Devon TQ12 1JQ

Last updated: 1st April 2026

1. Who We Are

LMS Clinic Ltd (“LMS Clinic”, “we”, “us”, “our”) is a medical laser clinic providing laser hair removal, laser tattoo removal, and skin treatments. We are the data controller for the personal information we collect about you.

Registered address: Goodison House, 57 Wolborough Street, Newton Abbot, Devon TQ12 1JQ
Email: hello@lms.clinic
Phone: 07453 553788
If you have any questions about how we use your personal information, please contact us using the details above.

2. What Information We Collect

We collect and process the following categories of personal information:

# Contact and Enquiry Information
– Your name
– Email address
– Telephone number
– The content of messages you send via our contact form

# Appointment and Booking Information
– Appointment date, time, and treatment type
– Booking history
– Payment records (processed securely by our payment provider — we do not store card details)

# Health and Medical Information (Special Category Data)
As a medical laser clinic, we may collect health information that is necessary to ensure the safety and suitability of your treatment. This may include:

– Medical history relevant to laser treatment suitability (e.g. skin conditions, medications, pregnancy status)
– Contraindication questionnaire responses
– Fitzpatrick skin type assessment
– Treatment records and clinical notes
– Photographic records (before/after treatment, where consent is given)

This information constitutes special category data under Article 9 of the UK GDPR. We process this information only where you have given us explicit consent and where it is necessary to provide the healthcare service you have requested.

# Website Usage Information
– IP address (anonymised)
– Pages visited and time spent on each page
– Browser type and device type
– Referral source (how you found our website)

This data is collected via Google Analytics (GA4) and is used in aggregated, anonymised form. No individually identifiable web analytics data is shared with third parties.

3. Legal Basis for Processing

We process your personal information on the following legal bases:

| Type of Data | Legal Basis |
|—|—|
| Contact and enquiry data | Legitimate interests (responding to your enquiry) or contract (where you are booking a service) |
| Appointment and booking data | Contract — processing is necessary to fulfil the service you have booked |
| Health and medical data | Explicit consent (Article 9(2)(a) UK GDPR) and provision of health care (Article 9(2)(h) UK GDPR) |
| Marketing communications | Consent — we will only send you marketing emails if you have opted in. You may withdraw consent at any time. |
| Website analytics | Legitimate interests — understanding how our website is used to improve our service |

4. Special Category Health Data

Your health information is classified as special category data under UK GDPR and is given the highest level of protection. We collect this data only:

– Where you provide it explicitly as part of a consultation or treatment questionnaire
– Where it is necessary for the safe and effective delivery of your treatment
– With your explicit consent

Health data is stored securely, accessed only by clinical staff directly involved in your care, and is never shared with third parties for commercial purposes.

5. How We Use Your Information

We use your personal information to:

– Respond to your enquiries and provide information about our treatments
– Schedule, confirm, and manage your appointments
– Carry out pre-treatment health assessments and consultations
– Deliver your treatments safely, taking into account your medical history
– Send you appointment reminders and post-treatment follow-up communications
– Send you marketing communications about our services (only where you have given consent)
– Comply with our legal obligations, including clinical record-keeping requirements
– Improve our website and services

6. Who We Share Your Information With

We do not sell your personal information to any third party.

We may share your information with the following categories of third parties, only where necessary and under appropriate data protection agreements:

– Booking and appointment software provider — to manage appointment scheduling
– Payment processor — to process payments securely (we do not store payment card data)
– Google Analytics — aggregated, anonymised website usage data only
– Email service provider — to send appointment confirmations and communications
– IT and website service providers — for the purpose of maintaining our website and systems

All third-party providers are required to handle your data in accordance with UK GDPR and are engaged only under written data processing agreements.

We may also disclose your information where required by law, regulation, or court order, or to protect the vital interests of you or another person.

7. How Long We Keep Your Information

| Data Type | Retention Period | Reason |
|—|—|—|
| Clinical and treatment records | 8 years from last treatment (adults); until age 25 for records created when a patient was a child | NHS Records Management Code of Practice (HM Government, 2021) |
| Booking and appointment data | 3 years | Operational and dispute resolution purposes |
| Contact and enquiry records | 2 years from the date of last contact | Legitimate interests |
| Marketing consent records | Until consent is withdrawn, plus 1 year | ICO guidance on consent |
| Website analytics | 26 months (GA4 default) | Operational analysis |
| Payment transaction records | 7 years | Legal requirement (HMRC) |

After the applicable retention period, data is securely deleted or anonymised.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal information:

Right of access — You may request a copy of the personal information we hold about you (known as a Subject Access Request).

Right to rectification — You may ask us to correct any inaccurate information we hold about you.

Right to erasure — In certain circumstances, you may ask us to delete your personal information. Note that clinical records may need to be retained for the periods set out in Section 7 above.

Right to restrict processing — You may ask us to limit how we use your information in certain circumstances.

Right to data portability — Where we process your data by automated means on the basis of consent or contract, you may request a copy in a machine-readable format.

Right to object — You may object to processing based on our legitimate interests. You also have an absolute right to object to your data being used for direct marketing at any time.

Right to withdraw consent — Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at hello@lms.clinic or write to us at the address above. We will respond within one calendar month. We may need to verify your identity before processing your request.

9. Cookies

Our website uses cookies. These include:

– Strictly necessary cookies — required for the website to function (cannot be disabled)
– Analytics cookies — used by Google Analytics to understand how visitors use our site. These are only placed with your consent.
– Marketing cookies — used by third-party advertising and social media platforms. These are only placed with your consent.

You may manage your cookie preferences at any time using our cookie preference tool [available at the bottom of every page]. You may also clear cookies from your browser settings at any time.

10. Data Security

We take the security of your personal information seriously. We implement appropriate technical and organisational measures including:

– Secure HTTPS encryption on our website
– Password-protected systems with role-based access controls
– Secure storage of clinical records
– Staff training on data protection obligations

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

11. International Transfers

We do not routinely transfer your personal information outside the United Kingdom. Where third-party service providers process data outside the UK, we ensure appropriate safeguards are in place, such as UK adequacy decisions or Standard Contractual Clauses.

12. How to Complain

If you are unhappy with how we have handled your personal information, please contact us in the first instance using the details in Section 1 above. We will investigate and respond within 30 days.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

– Website: https://ico.org.uk/make-a-complaint/
– Telephone: 0303 123 1113
– Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Changes to This Privacy Policy

We may update this privacy policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Where changes are material, we will notify you by email or a prominent notice on our website.

*This privacy policy was last reviewed on 1st April 2026. LMS Clinic Ltd is registered in England and Wales.*

Skin Rejuvenation
& Anti-Ageing

Restore a youthful glow, smooth lines, and improve overall skin health.

Vascular
Concerns

Treat visible veins, redness, and vascular birthmarks for a clearer complexion.

Pigmentation
& Sun Damage

Target uneven skin tone, dark spots, and sun-related skin changes.

Scarring
& Texture Repair

Reduce the visibility of scars, stretch marks, and textural irregularities for smoother skin.

LASER HAIR REMOVAL
For Women >

Laser Hair Removal for Women

LASER HAIR REMOVAL
For men >

Laser Hair Removal for Men