Privacy Policy

In line with the new General Data Protection Regulation (effective from 25.5.18) require you to read the below Privacy Notice which clearly outlines how we use and store your personal data, in order to provide you with our services.



Data Privacy Notice Created: May 2018 V1




The purpose of this Data Privacy Notice is to outline ANGELIS MEDICAL LTD approach to

responsibilities regarding the legal protection of data collected, handled and stored throughout the

course of the Company’s business activities. It is also to ensure compliance to the European General

Data Protection Regulations (GDPR).

ANGELIS MEDICAL LTD strive to ensure accountability and transparency with regards to the handling

of personal data at all times.

The Company’s policies and procedures are designed to ensure that we provide data subjects with

easily accessible and meaningful information to ensure that they know what personal data is

collected about them, as well as why and how it is being processed, their rights in connection with

that processing and the exercising of those rights. The Company is committed to the continuous

improvement of the management of personal data.

Personal data means any information relating to an identified or identifiable natural person – known

as a “data subject” – and can include, for example, names, ID numbers, location data, online

identifiers and factors specific to the physical, physiological, genetic, mental, economic, cultural or

social identity of a data subject. The data protection legislation also recognizes ‘special categories’

of personal data, the processing of which are subject to stricter regulation than other forms of

personal data. This category of personal data includes data revealing racial or ethnic origin, political

opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data used

to uniquely identify natural persons, data concerning health or data concerning an individual’s sex

life or sexual orientation.

All activities relating to personal data (e.g. collection, structuring, alteration, storage, retrieval,

consultation, use, adaptation, disclosure, erasure or destruction), whether using automated means

or not, are known as “processing” for the purposes of the data protection legislation.

The data protection legislation makes a distinction between those who process data as “controllers”

and those who process it as “processors” and imposes different obligations on controllers and

processors. “Controllers” are individuals or organizations that determine the purposes and means of

the processing of personal data. “Processors” are individuals or organizations that process personal

data on behalf of a controller.



A data controller is a person or organization who determines the purposes for which and the way

any personal data is to be processed. In the case of ANGELIS MEDICAL LTD the company acts as a

controller. The contact details are as follows:



Tel: 07778958282 / 0208 292 4517

Email: angelis.medical@yahoo.co.uk

Address: ANGELIS MEDICAL Limited, Southgate Office Village, 286a Chase Road, London, N14 6HF


ANGELIS MEDICAL LTD provide medical services and is trading as GOLD ANGELS AESTHETICS LTD

providing consultation, advice and aesthetic treatments to its clients and patients. The company

collects and processes clients and patient’s personal data in order to enable appropriate care and

treatment to assist with ongoing care and refer to other healthcare practitioners according to the

clients and patients’ needs and to maintain the follow relationship and service provision following

the securing of a role. You may give your personal details to the company directly, when enquire

online via our website, or when you book an appointment for consultation, occasionally limited data

are collected through social media.

Our process is to contact clients and patients and to discuss potential treatments and establish

clients and patients interest and availability for a face to face consultation. Clients and patient’s

details are retained on our database system and filed manually following strict security processes.

Our database is paper based safely stored in secure protected area, and there is no clients and

patient’s information being held on any online server. Access to the databased is only available to

the doctor providing the consultation and consequently the treatment. Clients and patient’s details

are retained on this databased for a reasonable time for as long as treatment is provided, for follow

up and reminders of appointments and reviews of the effectiveness of treatment. These activities

are recorded on the database to ensure accuracy of information and ongoing patient care.

This notice is to explain what ANGELIS MEDICAL LTD do with personal data – how we collect, use and

process the data. It also outlines what our legal obligations are and what rights data subjects have.

This notice covers the personal data of ANGELIS MEDICAL LTD, clients, suppliers and website

visitors and anyone that the Company may contact for any legitimate reasons required to carry out

our business.



ANGELIS MEDICAL LTD lawful Basis for the processing of your personal data is to pursue our

legitimate business interests, described in more detail below, although we will also rely on the

Lawful Basis of legal obligation and the Lawful Basis of consent for specific uses of data.

We will rely on legal obligation if we are legally required to hold information on to you to fulfil our

legal obligations.

We will rely on consent for use of your data and in these circumstances, you will be asked for your

express consent, whenever legally is required. Examples of when consent may be the lawful basis

for processing include Special Category (sensitive information).


Our legitimate interests in collecting and retaining your personal data are described below:

The company provides aesthetic medical treatments and consultations to clients and patients and

has a legitimate interest to process personal data in order to be able to provide these services – in

doing so, the Company acts as a Data controller.

The Company needs to check the identity of clients and patients, accuracy of the information

provided, as well as process payments and manage certain statutory rights. It is therefore in the

legitimate interests of all parties involved (the clients and patients, the doctor providing treatment,

advice or consultation and ANGELIS MEDICAL LTD to be able to process personal data.


Data is mainly collected directly from Data subjects – either by direct contact to us by phone or

email, or web enquiry. Data may also come from third parties such as online or offline media

research or referees. The following list is not exhaustive but includes personal data that may,

dependent on specific circumstances, be needed to allow ANGELIS MEDICAL LTD to undertake its

activities The company will only collect and process data that is deemed necessary and only in

jurisdictions where there are no restrictions imposed, and will vary depending on which services you

engage us to deliver and the payments process.

The personal information we collect:

 Date of birth

 Marital status

 Contact details (address, email, telephone number/s)

 Gender

 Nationality

 National Insurance number

 General Medical Practice registration details

 Past Medical History details

 Employment details

 Diversity information

 Interview notes

 Proof of address

 Proof of ID (UK/Eu Passport/ID Card, non-EU Visa, birth/adoption certificate, marriage/civil

partnership certificate, HMForces ID card, Firearms licence)

 Financial information including bank details (for background checks and/or payment)

 The dates, times and frequency with which you access our services – including notes on

progress of treatment, consultations arranged feedback, treatments offered

 Notes regarding your treatments requirements and needs

 Any additional information as required by Health regulations (CQC for Healthcare


 Digital Photographs of the before and after treatment areas

 Your IP address, which pages you may have visited on our website and when you accessed


 Any additional information you choose to provide


If you do not provide certain information when requested, we may not be able to proceed with your



When personal data is stored on paper or has been printed out for business reasons, it is always kept

in a secure place with only authorized personnel having access. ANGELIS MEDICAL LTD apply the

following business practices:

  • When not required, the paper or files must be kept in a locked drawer or filing cabinet.
  • Employees must ensure that paper and printouts are not left where visible to unauthorized


  • Data printouts should be shredded/disposed of securely when no longer required.

When data is stored electronically, it must be protected from unauthorized access, accidental

deletion and malicious hacking attempts:

  • Data is protected by strong passwords that are changed regularly and never shared.
  • If data is stored on removable media (like a CD or DVD), these are locked away securely when not

being used.

  • Data is only stored on designated drives, and only be uploaded to approved cloud computing


  • Drivers containing personal data are sited in a secure location, away from general office space.
  • Data is backed up frequently and are tested regularly, in line with the company’s standard backup


  • Where data is kept on laptops or other mobile devices like tablets or smart phones due to the

requirement to provide services out of office hours, this will be removed as soon as there is no

longer a legitimate business need to store it.

  • All servers and computers containing data are protected by approved security software and a


Recognize that personal data if accessed could cause risk of loss, corruption or theft and apply the


  • When working with personal data, employees must ensure that their computer screens are always

locked when left unattended.

  • Personal data should not be shared informally and never be sent by email.



ANGELIS MEDICAL LTD automatically collect data from the company website via cookies, as deemed

useful to help improve user experience and manage the services provided.

This information includes:

 The frequency which individuals access our website

 The dates and times which individuals access our website

 Times when traffic is at its highest and lowest

 What information is viewed

 Browser types and locations viewed from


Personal details of clients and patients are collected and are generally used in the following ways:

Marketing activities: Processing personal data to ensure the receipt of relevant and targeted

marketing materials and information

Invoicing and payment processes: Collecting bank details, or keep payment details in order to

process payments for treatments and consultations provided

To assist in establishing, exercising or defending potential legal claims


We will only use your personal information for the purpose for which it was collected unless we

reasonably consider that we need to use it for another reason and that reason is compatible with

the original purpose. If we need to use your personal information for an unrelated purpose, we will

advise you of this and explain the Lawful Basis for us doing so.

You should be aware that we may process your personal information without your knowledge or

consent where this is required or permitted by law.


It is important that the personal information we hold about you is accurate and current. Please be

sure to keep us informed if your iformation changes during your treatments or follow up with us.

We use sensitive personal information, these are special categories of personal data, and include

information about your general health and medical conditions, these informationa are held by as

because is by law obligations for healthcare service providers for health and safety purposes.


ANGELIS MEDICAL LTD use the services of a number of third party providers which may involve the

processing of clients and patient’s personal data in the legitimate interests of conducting a safe

medical treatment.

These may include:

 Our Company’s accountant and auditors

 Our Doctors and treatments or consultations providers

 Regulators such as the National Office of Statistics, Care Quality Commission

 Secure data storage centers

 Indemnity Insurance providers

 Medical Regulatory Organizations

 NHS England / Wales / Scotland / Northern Ireland

 NHS Regulatory bodies and frameworks as specified by contractual requirements

 Various suppliers of checking and vetting services as required for prescribed medications


Should we want or need to rely on consent to lawfully process your data we will request your

consent by asking you to sign a Consent Form for the specific activity we require consent for and

record your response on your file. Where consent is the lawful basis for us to provide our services,

you have the right to withdraw your consent to this particular processing at any time, by completing

a Withdrawal of Consent Form, which can be requested from our Data Protection Officer.


The GDPR provides you with the following rights.

You have the rights to:

 Request correction of the personal information that we hold about you. This enables you to

have any incomplete or inaccurate information the company hold about you corrected

 Request to erase of your personal information. This enables you to ask us to delete or

remove personal information where there is no good reason for the company continuing to

process it. You also have the right to ask us to delete or remove your personal information

where you have exercised your right to object to processing (see below)

 Object to processing of your personal information where the company is relying on a

legitimate interest (or those of a third party) and there is something about your particular

situation which makes you want to object to processing on this ground

 Request the restriction of processing of your personal information. This enables you to ask

the company to suspend the processing of personal information about you, for example if

you want us to establish its accuracy or the reason for processing it.

 Request the transfer of your personal information to another party in certain formats, if



The GDPR gives you the right to access and obtain the personal information held about you. This is

known as a “data subject access request”.

Your right of access can be exercised in accordance with the GDPR. A data subject access request

should be submitted to angelis.medical@yahoo.co.uk (No fee will apply under the terms of the



ANGELIS MEDICAL LTD recognize the data subject’s right not to be subject to a decision based solely

on automated processing, including profiling, which produces legal effects concerning him or her or

similarly significantly affects him or her. However, this does not apply where the decision is:

  1. a) Necessary for the entering into or the performance of a contract between the data subject and a

data controller

  1. b) Authorized by law and suitable safeguards are in place to protect the data subject’s rights

and freedoms and legitimate interests; or

  1. c) Based on the data subject’s explicit consent
  2. d) Regarding (a) and (b), the data subject also has the right to obtain human intervention by the

controller to express his or her views and to contest the decision

ANGELIS MEDICAL LTD providing of clients or patients treatments always involves human decision

making and is never based solely on automated process. In order to analyses or predict suitability of

the treatment offered or requested to meet the requirements of the client or patient we use

medical evidence-based approach and decision making that involve both parties (practitioner –



A personal data breach is a breach that results in the destruction, alteration or unauthorized

disclosure or access to personal data.

ANGELIS MEDICAL LTD will make every effort to contain any personal data breaches identified and

will also undertake an immediate assessment of any potential risks resulting from the breach in line

with our data breach incident process. Should it be considered that there is a high risk to an

individual because of the breach, then ANGELIS MEDICAL LTD will endeavor to inform the individual

as soon as possible.

In such situations where you feel that a breach may have taken place then you must notify our Data

Protection Officer immediately.

It is also the responsibility of our data controller to ensure that ANGELIS MEDICAL LTD has in place

the necessary insurance provision in the event of a personal data breach or a cyber-attack.


ANGELIS MEDICAL LTD is registered with the Information Commissioner’s Office and all records

retained by the company are done so in accordance with data protection laws. It is the policy of

ANGELIS MEDICAL LTD to retain personal data where there is legitimate reason to do so; this reason

is to assess and provide medical aesthetic treatments.

All hard copies of personal data are securely stored and then disposed of in confidential waste bins.

ANGELIS MEDICAL LTD mandate that no personal data is to be held for longer than necessary on

company laptops, phones desktop computers or any other electronic devices and that all personal

data received must be transferred to the company’s database system as soon as possible. All original

records received via Outlook or any other electronic method, or paper-based documents received

must be deleted or destroyed securely as soon as reasonably possible. Employees who fail to comply

will be subject to disciplinary action.


The exception to this is data held by the ANGELIS MEDICAL LTD Compliance and Finance teams

under the terms of the GDPR. This is defined as personnel and financial records that are required to

run the company efficiently and to comply with statutory requirements. The company is not

required to keep the original of all documents – copies can be stored but they must be stored in

writing, including in electronic format.

The type of record will determine the length of time the record must be kept for and will be

assessed in line with the legitimate business needs of the business, including the requirements of

various client contracts in place from time to time.


This notice may be updated, revised, replaced and re-issued from time to time, to ensure it

continues to meet all legislative requirements and relevant developments in data management and

security techniques. Any changes to ANGELIS MEDICAL LTD data processing processes or this privacy

notice will be brought to the attention of all data subjects.


Questions, comments and requests regarding this privacy notice are welcomed and should be sent

to ANGELIS MEDICAL LTD in writing at angelis.medical@yahooo.co.uk

or ANGELIS MEDICAL LTD Address: ANGELIS MEDICAL Limited, Southgate Office Village, 286a Chase

Road, London, N14 6HF

Tel: 07778958282 / 0208 292 4517

You also have the right to raise concerns or make a complaint to a supervisory body which in the

United Kingdom is the Information Commissioner’s Office.

The ICO can be contacted on 0303 123 1113 or at https://ico.org.uk/concerns/

Exercise Your Rights
Request to be removed:

Request Access to your data:

Submit a complaint:
Request rectification: