Abela Medical Privacy Policy

Abela Medical (“we”, “us”, “our”) is a private medical aesthetics clinic registered in England and Wales, operating from 1 Sizers Ct, Yeadon, Leeds LS19 7DP, United Kingdom. For the purposes of UK GDPR we are the data controller for personal information collected through this website and during the delivery of our services.

We collect personal data when you contact us or use our services, including:

• Identity data — name, date of birth where required for treatment
• Contact data — phone number, email address, postal address
• Enquiry data — the treatment you are interested in and any details you choose to share
• Marketing preferences — whether you have consented to receive updates from us
• Clinical data — collected only after you become a patient, including medical history and treatment records required to provide safe care
• Technical data — IP address and browser user-agent string, captured on form submissions for security and audit

We process your personal data only where we have a lawful basis to do so:

• To respond to your enquiry — legitimate interest in assisting prospective patients.
• To provide medical treatment — performance of a contract and the provision of healthcare.
• To meet our regulatory obligations — legal obligation under medical and aesthetics regulations.
• To send marketing communications — only with your explicit, opt-in consent.
• To improve our website — legitimate interest in a secure, well-functioning digital presence.

We do not sell your personal data. We share it only with carefully chosen processors who help us deliver our services:

• Our customer-enquiry system (LeadPipeline) and hosting infrastructure (Vercel and Neon), which store data within the UK or EEA.
• Medical professionals directly involved in your treatment, under strict clinical confidentiality.
• Regulators, law enforcement, or insurers when legally required.

All processors are bound by written data-processing agreements and are vetted for UK GDPR compliance.

Enquiry data is kept for up to twenty-four months unless you become a patient. Clinical records are retained in line with NHS and professional-body guidance, typically for at least eight years after your last treatment. Marketing preferences are kept until you withdraw consent.

Under UK GDPR you have the right to:

• Request access to a copy of the personal data we hold about you.
• Ask us to correct any information that is inaccurate or incomplete.
• Request erasure where the data is no longer needed and no legal duty to retain applies.
• Restrict or object to specific uses of your data.
• Withdraw consent for marketing at any time by emailing us or clicking the unsubscribe link.
• Lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

Our website uses a minimal set of cookies. Strictly necessary cookies keep the site secure and functional and do not require consent. We may also use analytics cookies to understand how visitors use the site; these are only set after you accept them via our cookie banner.

You can change your cookie preferences at any time by clearing your browser cookies for this domain. Most browsers also let you disable cookies entirely; doing so may affect site functionality.

We use appropriate technical and organisational measures to protect your information. All form submissions travel over TLS, the database is encrypted at rest, and access to clinical records is restricted to authorised staff. We notify the ICO of any qualifying personal-data breach within seventy-two hours of discovery.

Our services are intended for adults. We do not knowingly collect personal data from anyone under the age of eighteen.

We may update this policy from time to time. Material changes will be highlighted at the top of this page. The current version is dated as of the time you last loaded this page.

Questions or requests about your personal data? Please contact our team directly.