Privacy Policy

This Privacy Policy applies to Ruth McKibben Skin Clinic, a sole-trader beauty and skincare clinic operated by Ruth McKibben, based in Bangor, County Down, Northern Ireland.

Contact: [email protected]

Ruth McKibben Skin Clinic is the data controller responsible for your personal data.

We may collect and process the following categories of personal data:

• Identity data: your name and date of birth (where relevant for treatment suitability).
• Contact data: phone number and email address.
• Health and skin data: information you provide on consultation forms about your skin concerns, medical history, allergies, and current skincare routine. This is special category data under UK GDPR.
• Appointment data: records of treatments received, dates, and products used.
• Communications data: messages sent via email, WhatsApp, Instagram, or Facebook.
• Website usage data: anonymised analytics data collected via cookies (see our Cookie Policy).

We collect your data in the following ways:

• When you complete a consultation form prior to or during your appointment.
• When you contact us by phone, email, WhatsApp, or social media to enquire or book.
• When you book an appointment through our booking system (GetHarley).
• When you visit this website (via cookies and analytics tools).

We process your personal data on the following legal bases under UK GDPR:

• Contract performance: to provide the treatments and services you have booked.
• Legitimate interests: to manage appointments, send appointment reminders, and maintain treatment records.
• Explicit consent: for health and skin data collected on consultation forms, and for any marketing communications. You may withdraw consent at any time.
• Legal obligation: to comply with applicable laws and regulations.

Your personal data is used to:

• Book, manage, and confirm your appointments.
• Provide safe, personalised skincare treatments and recommendations.
• Maintain accurate client records and treatment histories.
• Send appointment reminders and follow-up skincare advice.
• Respond to your enquiries and messages.
• Improve our services and website experience.

We will never sell your personal data to third parties or use it for unsolicited marketing without your explicit consent.

We do not sell or share your personal data with third parties for their own marketing purposes. Your data may be shared with the following trusted service providers solely to operate our business:

• GetHarley — our online booking and client management platform. Their privacy policy is available at getharley.com.
• AlumierMD — for processing product orders placed through our referral link. Their privacy policy is available at alumiermd.co.uk.
• Website hosting provider — for hosting this website securely.

All third-party providers are required to process your data securely and in accordance with UK GDPR.

We retain your personal data for the following periods:

• Client consultation and treatment records: 7 years from your last appointment, in line with best practice for beauty and healthcare records.
• Appointment and contact data: 3 years from your last contact with us.
• Marketing consent records: until you withdraw consent.

After these periods, your data will be securely deleted or anonymised.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: to request a copy of the data we hold about you.
• Right to rectification: to request correction of inaccurate data.
• Right to erasure: to request deletion of your data (subject to legal obligations).
• Right to restrict processing: to request that we limit how we use your data.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to object: to object to processing based on legitimate interests.
• Right to withdraw consent: at any time, where processing is based on consent.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

We take the security of your personal data seriously. Consultation forms and client records are stored securely and accessed only by Ruth McKibben. Digital communications are protected by standard encryption provided by the relevant platforms (email, WhatsApp, etc.).

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform you without undue delay.

If you have any concerns about how we handle your personal data, please contact us in the first instance at [email protected].

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We may update this Privacy Policy from time to time. The most current version will always be available on this page, with the date of last update shown at the top. We encourage you to review this policy periodically.