Your Trust is Our Priority.

At TOX BOX Aesthetics, we are committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect the personal and medical information you provide to us.

Introduction

Welcome to TOX BOX Aesthetics (“we,” “our,” or “us”). We are an aesthetics clinic based at 66 York Road, Weybridge, KT13 9DY.

For the purpose of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the Data Controller. This means we are responsible for deciding how we hold and use personal information about you.

Information We Collect

To provide safe and effective aesthetic treatments, we must collect certain personal data. This includes:

Identity Data: Name, date of birth, gender.
Contact Data: Billing address, email address, and telephone numbers.
Medical Data: Medical history, current medications, allergies, previous treatments, and before/after photographs (necessary for insurance and medical records).
Transaction Data: Details about payments and services you have purchased from us.
Technical Data: IP address, browser type, and usage data when you visit our website.

How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Performance of Contract: To book your appointment, carry out your treatment (e.g., Dermal Fillers, SPMU), and send appointment reminders.
Medical Safety: To assess your suitability for treatment and ensure your safety during procedures.
Legal Obligation: To keep medical records as required by our insurance providers and UK law.
Marketing: With your explicit consent, we may send you newsletters or offers via email or SMS. You can opt-out of this at any time.

Medical Confidentiality & Photos

Your medical records are stored securely and treated with the strictest confidence.

Photographs: We take “before and after” photos for your medical file (insurance requirement). We will never post your photos on social media (Instagram/Facebook) or our website without your specific, written consent.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

Digital Records: Stored on secure, password-protected booking systems and cloud storage with encryption.
Physical Records: Kept in locked storage at our clinic premises.
Access: Access to your data is limited to employees and contractors (e.g., our Medical Director) who have a business need to know.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Medical Records: We are generally required to keep aesthetic medical records for a minimum of 7-10 years to comply with insurance and industry regulations.

Your Legal Rights

Under the GDPR, you have rights regarding your personal data, including:

Request Access: You can ask for a copy of the personal data we hold about you.
Request Correction: You can ask us to correct incomplete or inaccurate data.
Request Erasure: You can ask us to delete your data (note: this may not apply to medical records we are legally required to keep).
Withdraw Consent: You can withdraw consent for marketing communications at any time.

Third-Party Links

Our website may include links to third-party websites (e.g., Instagram, Facebook, Booking Systems). Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

TOX BOX Aesthetics
66 York Road, Weybridge, KT13 9DY
Email: info@toxboxsurrey.co.uk
Phone: +44 7598 406444

Last Updated: 01/01/2026