07428 483883

Privacy Policy

Last updated: 19/01/2026

Kalesthia Aesthetics (“we”, “us”, or “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, process, and store your personal data when you visit our website or become a patient at our clinic. We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Important Information and Who We Are

The Controller

Despoina Tampakou (trading as Kalesthia Aesthetics) is the controller and responsible for your personal data.

Contact Details

If you have any questions about this privacy policy or our privacy practices, please contact us:

  • Full name of legal entity: Despoina Tampakou t/a Kalesthia Aesthetics
  • Email address: dtampakou@yahoo.gr
  • Postal address: 150 Duchy Drive, TQ3 1EW
  • Telephone number: 07428483883

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

  • Identity Data: First name, last name, date of birth, gender.
  • Contact Data: Billing address, home address, email address, and telephone numbers.
  • Financial Data: Bank account or payment card details (processed securely via third-party payment providers).
  • Transaction Data: Details about payments to and from you and details of treatments you have purchased from us.
  • Technical Data: IP address, browser type, time zone setting, and operating system (if you use our website).

Special Category Data (Medical Information)

Due to the nature of our business (Medical Aesthetics), we strictly collect Special Category Data. This includes:

  • Medical history (allergies, pregnancy status, current medications, past procedures).
  • Medical photographs (before and after photos of treatment areas).
  • Notes on treatment outcomes and adverse reactions.

We require this information to ensure your safety, assess your suitability for treatment, and comply with our insurance and legal obligations.

3. How We Collect Your Personal Data

We use different methods to collect data from and about you, including:

  • Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms (online or in-clinic) or by corresponding with us by post, phone, email, or social media.
  • Medical Consultations: Detailed medical history is taken during your face-to-face consultation.
  • Automated technologies: As you interact with our website, we may automatically collect Technical Data about your equipment and browsing actions via cookies.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  1. Performance of Contract: To register you as a new client, book your appointment, and deliver the medical/aesthetic treatment you have requested.
  2. Vital Interests: To ensure your physical safety (e.g., in the event of a medical emergency during treatment).
  3. Legal Obligation: To comply with tax laws, insurance requirements, and medical record-keeping standards.
  4. Legitimate Interests: To run our business, recover debts, and keep our records updated.
  5. Consent: We rely on your explicit consent for:
    • Processing your Special Category (Medical) Data.
    • Using your before/after photos for marketing purposes on social media or our website.
    • Sending you marketing communications (newsletters/offers). You may withdraw consent for marketing at any time.

5. Disclosures of Your Personal Data

We typically do not share your personal data with third parties. However, we may have to share your data with strictly defined third parties for the purposes set out above:

  • Service Providers: IT and system administration services (e.g., booking software, email providers).
  • Professional Advisers: Accountants, insurers, and lawyers.
  • Medical Professionals: If a referral to a doctor or emergency services is required regarding a complication.
  • HM Revenue & Customs: For tax reporting purposes.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

  • Digital records are stored on password-protected devices/software.
  • Physical records (if any) are stored in locked cabinets.
  • Access is limited strictly to employees or contractors who have a business need to know.

7. Data Retention

How long will you use my personal data for? We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Medical Records: We are generally required by insurance and medical standards to keep treatment records for a minimum of 7 to 10 years after your last treatment.
  • Marketing Data: We keep this until you notify us that you no longer wish to receive marketing.

8. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data (a “data subject access request”).
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data (note: we may not always be able to comply with your request of erasure for specific legal reasons, such as the mandatory retention of medical records for insurance).
  • Object to processing of your personal data.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party.
  • Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us at dtampakou@yahoo.gr.

9. Third-Party Links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.