• BAAPS
  • British Association of Plastic Reconstructive and Aesthetic Surgeons
  • General Medical Council

Book a consultation:
+44 (0) 203 733 2069

Privacy Policy

Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is requested from the time when you start communicating with The Plastic Surgery Group Ltd.

By using our website, you agree to the collection and use of your information in accordance with this notice.

The Plastic Surgery Group (TPSG) is committed to protecting your privacy.

This Privacy Notice explains how we collect, use, store, and protect your personal data when you visit our website www.thepsg.co.uk or interact with our services.

It explains your rights under the law relating to your personal data. We will tell you if providing some personal data is optional, including if we ask for your consent to process it.

1. Who is the Plastic Surgery Group?

The Plastic Surgery Group (PSG) is a provider of specialist surgical and non-surgical aesthetic treatments. The Plastic Surgery Group LTD trading as The Plastic Surgery Group is a UK company registered in England under company number 10236739 and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Registered Address/Trading Address:

The Plastic Surgery Group
7 Hansen Street
London
W1W 6TE
Telephone: 02037332069
Web: www.thepsg.co.uk
Email: [email protected]

2. Who is the Senior Information Risk Owner (SIRO)

Mr Mohamed Akhavani
The SIRO is a key executive role responsible for overseeing and managing information risks and ensuring effective systems and processes are in place to support information governance.

3. What is considered Personal Data?

Personal data is any information that can be used to identify a person. It includes your name, contact details, hospital numbers, medical records, and correspondence.

4. What Personal Data Do We Collect?

We may collect and process the following types of personal data:

  • Identity & Contact Information: Name, phone number, email address, postal address.
    Health Information: Medical history, consultation details.
    Payment Details: If you make a booking or purchase.
    Technical Data: IP address, browser type, device information, and website usage analytics.

5. How Do We Collect Your Data?

When you fill out a contact or booking form on our website.
When you schedule a consultation.
When you make an enquiry by telephone or email.
Through cookies and website analytics tools (see Section 9).

6. How Do We Use Your Data?

To respond to your enquiries and provide consultations.
To schedule and manage your appointments.
To decide how best to provide treatment to you.
To process payments and invoices.
To improve our website and services through analytics.
To comply with legal or regulatory obligations.
To support good governance, accounting, and auditing our clinical and business operations.
When you exercise your rights under Data Protection Laws and make requests.

We will only use your data where we have a lawful basis:

Your consent.
A contractual obligation (e.g. booking an appointment).
A legal requirement (e.g. medical records retention).
Our legitimate interests (e.g. website security and service improvement).

You can withdraw your consent at any time, but this may impact our ability to provide services.

7. How Do We Share Your Data?

We only share your data under these circumstances:

With healthcare professionals treating you.
With other healthcare providers to improve your care.
With sub-contractors providing healthcare services.
With service providers in your extended care.
With legal, professional advisors, and auditors.
With government agencies, regulators, and HMRC.
With the ICO and courts when required.
In emergencies to protect your vital interests.
With payment providers like Stripe, Salesforce.
Where you have given consent or it is required by law.

All third parties must comply with strict data protection agreements.

8. How Long Do We Keep Your Data?

We follow the IGA Records Management Code of Practice (2016) and our Records Retention Policy.

To deal with future queries.
For potential legal claims.
For legal and regulatory obligations after services.

9. How and Where Do We Store or Transfer Your Data?

Your data is stored in the UK under the UK GDPR and Data Protection Act 2018 according to our internal Data Protection Policy and Computer and Data Security Procedures.

Cookies & Tracking Technologies

We use cookies to:

Understand website traffic patterns.
Remember your preferences.
Enhance website security.

You can manage cookies in your browser settings.

10. Your Data Protection Rights

Complaints can be made to the Information Commissioner’s Office (ICO).

Under UK GDPR, you have the right to:

Access your data via a “subject access request”.
Correct inaccurate or incomplete data.
Request deletion of your data (where legally possible).
Object to processing (e.g. marketing).
Withdraw consent at any time.

11. How is Your Data Secure?

We apply the TPSG Computer and Data Security Procedure, including:

Encryption of sensitive data.
Access controls.
Secure cloud backups.
Cybersecurity monitoring.

In the event of a data breach, we will notify the ICO and affected individuals as required.

12. Updates to This Privacy Notice

We may update this notice. The latest version will always be on our website.

Last Updated: March 2025

For questions, contact our Data Protection Officer (DPO): Miss Lucy Deakin or SIRO: Mr Mohamed Akhavani on 02037332069.

You can also complain to the UK ICO at www.ico.org.uk.
Telephone: 0303 123 1113
Textphone: 18001 0303 123 1113
Monday to Friday, 9am to 5pm