Scope of the Policy and Consent

Your use of the Bell Moon  London website, via desktop, mobile, or any other online platform operated by us, constitutes your full consent to this Privacy Policy, including any future updates. If you do not agree with these terms, please refrain from using our website and services. This policy applies to all visitors, users, and subscribers across any channel or platform through which our services are provided.

Data Controller

Entity: Bell Moon London (“the Clinic”)
Registered Address: 15 Hanover Square Mayfair London
Privacy Contact Email: info@bellmoonaesthtika.com

Data We Collect

We collect the following information:

Information provided directly by you: contact forms, appointment requests, newsletter sign-ups, participation in promotions or activities.

Technical data: IP address, browser type, device and operating system, access times, cookies and similar tracking technologies.

Business information: company name, field of activity (where applicable), content of inquiries.

We do not knowingly collect data from individuals under the age of 13. If such data is identified, it will be deleted promptly. We also encourage parents and guardians to monitor their children’s online activity.

Legal Basis for Processing

We process your personal data under the following lawful bases:

Consent: where you have explicitly opted in, e.g., subscribing to newsletters or marketing communications.

Contract performance: to provide and manage the services you request, including appointments and treatments.

Legal obligations: compliance with tax, accounting, and regulatory record-keeping requirements.

Legitimate interests: improving our services, maintaining site security, and conducting analytics.

Use of Personal Data

Your personal data is used for the following purposes:

To provide and manage our services and respond to inquiries.

To schedule and administer appointments and treatments.

To manage billing and invoicing.

To communicate with you, including marketing communications only where you have explicitly opted in to receive them (in compliance with the Privacy and Electronic Communications Regulations – PECR). All marketing communications will include a clear option to unsubscribe.

To improve and customize the user experience on our website and services.

To conduct internal analytics and statistical analysis in anonymized form.

To protect the security of our systems and prevent fraud or misuse.

Your Rights Under UK GDPR

You have the right to:

Access your personal data held by us.

Request correction of inaccurate or incomplete data.

Request deletion of your personal data (“right to be forgotten”), subject to legal and contractual obligations.

Request restriction of processing.

Object to processing based on legitimate interests, including profiling.

Request data portability – to receive your data in a structured, machine-readable format.

Withdraw consent at any time without affecting the lawfulness of prior processing.

Lodge a complaint with the Information Commissioner’s Office (ICO) or relevant supervisory authority.

Requests can be made by contacting us at info@bellmoonaesthtika.com . We will respond within one calendar month. In line with the law, Subject Access Requests (SARs) are free of charge unless they are excessive or repetitive, in which case we may charge a reasonable fee.

Third-Party Service Providers

We may share personal data with trusted third-party service providers who assist us in operating the website and delivering services under strict confidentiality and data protection agreements. Examples include:

Web hosting and IT services.

Email and marketing platforms.

Analytics providers such as Google Analytics (using anonymized data).

Transfers of personal data outside the UK or EEA will only occur where adequate safeguards exist, such as Standard Contractual Clauses or adequacy decisions in line with UK GDPR. We regularly review these safeguards to ensure they remain up to date and effective.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enable proper site functionality, improve user experience, and perform anonymous analytics via Google Analytics.

Visitors from the UK are presented with a cookie consent banner in compliance with UK GDPR and ePrivacy regulations, allowing them to accept or reject non-essential cookies.

You can manage or block cookies at any time via your browser settings.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Generally, data will not be kept longer than 7 years after the end of the client relationship unless retention is legally mandated.

Security Measures

We implement appropriate technical and organizational security measures including:

SSL encryption for data transmission.

Access controls and permissions restrictions.

Regular software updates and security patches.

Routine data backups.

Data Breach and Notification

In the event of a personal data breach likely to pose a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) and affected individuals as required by law, within the prescribed timeframes.

Data Use and Access Act 2025 (DUAA)

In addition to compliance with UK GDPR, we also adhere to the requirements of the Data (Use and Access) Act 2025 (“DUAA”), which came into effect in June 2025. This legislation enhances responsible data use, innovation, and transparency while maintaining rigorous data protection standards.

Key points relevant to our data processing include:

Enabling greater clarity and control over your personal data, including improved mechanisms to access and manage the use of your data.

Ensuring timely and proportionate responses to your Subject Access Requests, including the ability to pause response times if necessary to obtain additional information from you (“stop the clock” rule).

Safeguards around automated decision-making processes that may have legal or significant effects on individuals, ensuring human oversight and the ability to challenge such decisions where applicable.

Considerations for protecting data subjects who are children or vulnerable when designing digital services.

Clear and responsible sharing of data with third parties, with appropriate safeguards to protect your privacy.

We continually monitor changes and best practice guidance related to the DUAA to ensure ongoing compliance and transparency in how we manage your data.

Data Protection Officer (DPO)

Given the nature and scale of our business, we are not legally required to appoint a Data Protection Officer. However, we take data protection seriously and have designated a privacy contact who oversees compliance and can be reached at info@bellmoonaesthtika.com.