Privacy Policy
Gentle Procedures UK
Effective date: September 2025
Gentle Procedures UK (“we”, “our”, “us”) is committed to protecting your privacy and ensuring your personal information is handled safely and responsibly. This Privacy Policy explains how we collect, use, store, and share your data when you use our website www.gentleprocedures.co.uk, book an appointment, or contact us.
1. Who We Are
Gentle Procedures UK is operated by LBC Consultants Ltd (Company No. 15580501), the UK Master Franchise holder, in partnership with locally registered CQC-regulated clinics (trading as Gentle Procedures by MeJuvenate and others).
- LBC Consultants Ltd manages bookings, payments, website services, and centralised patient systems.
- Your chosen clinic provides medical services and is responsible for your clinical care and medical records.
For data protection purposes:
- LBC Consultants Ltd is the Data Controller for enquiries, bookings, payments, and the website.
- The clinic you attend is the Data Controller for your medical information and treatment records.
2. Information We Collect
We may collect and process the following personal data:
- Identity data: name, date of birth, gender, address.
- Contact data: phone number, email address.
- Health data: medical history, consultation notes, treatment details (only collected when booking treatment).
- Payment data: billing address and payment confirmations (processed securely via Semble Pay; we do not store full card details).
- Technical data: IP address, browser type, website usage (via cookies).
3. How We Use Your Information
We use your personal data to:
- Manage bookings and provide healthcare services.
- Process payments through Semble Pay.
- Send appointment confirmations, reminders, and essential updates.
- Store patient records securely in Semble (hosted on AWS).
- Manage contact and enquiry data in Bitrix24.
- Communicate securely via Microsoft 365 email services.
- Comply with legal and regulatory obligations (CQC, ICO, HMRC).
- With consent, send newsletters or updates (opt-out at any time).
4. Legal Basis for Processing
We rely on the following lawful bases under UK GDPR to process your personal data:
- Consent – where you have given clear consent for us to process your data (e.g. newsletters, cookies).
- Contract – where processing is necessary for providing healthcare services or managing bookings.
- Legal obligation – where we are required to comply with laws or regulations (e.g. CQC record-keeping, HMRC).
- Vital interests – in rare cases, to protect your life or someone else’s.
- Legitimate interests – for purposes such as improving our website and managing enquiries, provided this does not override your rights.
- Special category data (health information) – processed under Article 9(2)(h) UK GDPR for the provision of health and social care.
5. Sharing Your Information
We only share personal data when necessary and lawful:
- With your chosen Gentle Procedures clinic for treatment purposes.
- With trusted service providers:
- Hostinger UK – website hosting services. All website data and associated files are stored on servers managed by Hostinger UK. For further details regarding data handling and security, refer to Hostinger UK’s Hosting Agreement and Privacy Policy.
- Semble – patient management and payment system (Semble Pay).
- WordPress – website platform.
- Bitrix24 – CRM and enquiry management.
- Microsoft 365 – secure email hosting.
- With regulators (CQC, ICO, HMRC) where legally required.
We never sell your data.
6. Children’s Data
We provide services for infants, children, and young people.
- Personal and health data for under-18s is collected from a parent or legal guardian.
- We require parental authority for booking and processing a child’s data.
Children’s medical records are kept in accordance with NHS/CQC retention guidelines (until age 25 or 8 years after treatment, whichever is longer).
7. International Data Transfers
We do not transfer or share your personal data outside the United Kingdom. All patient and enquiry data is processed and stored on secure UK-based systems, including Semble, Semble Pay, WordPress, Bitrix24, and Microsoft 365.
8. Data Security
We protect your data through:
- Encryption and secure hosting on UK servers.
- Role-based access so only authorised staff can see relevant information.
- Secure payments handled via Semble Pay.
- Microsoft 365 secure business email and storage.
Ongoing staff training on data protection.
9. Data Retention
- Medical records: retained in line with NHS and CQC rules (normally 8 years, or until a child reaches 25).
- Enquiry/contact data: up to 2 years.
- Financial/payment records: at least 6 years.
- Automated Decision-Making
- We do not use automated decision-making or profiling in relation to your personal data.
10. Your Rights
You have the right to:
- Access your data.
- Request corrections or deletions (where lawful).
- Restrict or object to processing.
- Request data portability.
- Withdraw consent for marketing communications.
Email requests to: info@gentleprocedures.co.uk. We will respond within 30 days.
11. Cookies
Our website (built on WordPress) uses cookies:
- Essential cookies – required for site operation.
- Analytics cookies – to understand site use.
- Marketing cookies – only with your consent.
- You can manage cookies via your browser settings.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies.
13. Contact Us
Data Protection Officer
LBC Consultants Ltd
2040 The Crescent
Birmingham Business Park
Birmingham, B37 7YE
Email: info@gentleprocedures.co.uk
If you are not satisfied with our response, you may complain to the Information Commissioner’s Office (ICO): www.ico.org.uk.
