Opening hours: Mon – Fri 9 am to 6 pm | Sat: 10 am to 1  pm

Mona Lisa Cosmedics Logo
Mona Lisa Cosmedics Logo

Privacy Policy

Home Privacy Policy

Privacy Policy

Mona Lisa Cosmedics aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner’s website, as well as our professional guidelines and obligations.

The data controller is Dr Basirat. The Information Governance Lead and Data Protection Officer is also Dr Basirat.

This Privacy Notice is available on the Mona Lisa Cosmedics website. You can also request a copy at reception, by emailing info@monalisacosmedics.co.uk, or by calling 020 8449 3411.

When you register with us, you will be asked to provide personal information. The purpose of processing your personal data is to provide you with safe and effective cosmetic and aesthetic treatments, health advice, and prevention.

Categories of Data We Process

  • Personal data for the provision of cosmetic and aesthetic treatments
  • Personal data for treatment plans, recall appointments, reminders, and estimates
  • Personal data such as emergency contact details or family information (where applicable)
  • Personal data for employment and engagement of team members
  • Personal data for communication purposes (important announcements, new services, marketing updates by post, email, or text)
  • Personal data such as IP addresses to help us improve our website and understand patient preferences
  • Special category data (including medical and health records) for the delivery of treatments and compliance with legal obligations
  • Special category data for equality and diversity compliance (Equality Act 2010)
  • Special category data relating to criminal record checks (for staff and contractors)

We minimise the data we collect and retain it only as long as necessary.

Data Sharing

We never share your personal data with third parties unless required by law, or where we have a data processing agreement in place. If we refer you to another practitioner, clinic, or secondary care provider, we will seek your permission before sharing your information.

  • Personal data may be stored in the UK/EU in digital or hard copy format.
  • In some cases, personal data may be stored securely in the US, but only with providers certified under the EU–US Data Privacy Framework.

For full details on storage, please request a copy of our Information Governance Procedures (M 217C).

Lawful Bases for Processing

Personal data:

  • The legitimate interests of Mona Lisa Cosmedics
  • Contractual necessity (to provide services)
  • Consent of the individual
  • Compliance with legal obligations

Special category data:

  • Processing is necessary for health care and treatment purposes
  • Processing is required to monitor or promote equality of opportunity
  • Processing is based on consent (e.g. criminal record checks for staff)

Why We Process Your Data

We process your personal and special category data to:

  • Maintain accurate treatment and clinical records
  • Provide you with cosmetic and aesthetic treatments and health advice
  • Manage financial transactions with you
  • Send treatment plans, reminders, estimates, and essential communications
  • Communicate with emergency contacts where necessary
  • Refer you to other healthcare or aesthetic specialists when required
  • Carry out employment checks (including criminal record disclosures)
  • Recover debts where necessary
  • Improve the services and care we provide

Personal Data We Hold

We may hold information including:

  • Name, address, contact details, date of birth, gender
  • Medical and treatment history relevant to your care
  • Payment details for processing transactions
  • GP or medical professional details (if relevant to your treatment)
  • Sensitive data such as ethnicity, religion, or sexual orientation (only where necessary for treatment or to meet legal obligations under the Equality Act 2010)

Retention periods:

  • Patient records: minimum of 10 years (longer for complex cases or legal requirements)
  • Staff records: 6 years
  • Other personal data: 2 years after last use

Your Rights

You have the right to:

  • Be informed about how your data is collected and used
  • Access a free copy of your personal data within one month
  • Correct inaccurate or incomplete data
  • Request deletion of personal data (subject to legal/clinical requirements)
  • Restrict how your data is processed
  • Request data portability (transfer to another provider)
  • Object to the processing of your data
  • Rights regarding automated decision making and profiling

If you are a patient, you can withdraw consent for newsletters, marketing, or non-essential communications at any time.

Comments, Suggestions & Complaints

If you have any questions or concerns about your data, please contact our Information Governance Lead:

Mrs. Sadaf Basirat
Mona Lisa Cosmedics
83 Station Road, Barnet, EN5 1PX
info@monalisacosmedics.co.uk
0208 275 0853

We take all feedback and complaints seriously.

If you are unhappy with our response, you can contact the Information Commissioner’s Office (ICO):

  • Tel: 0303 123 1113
  • Online chat available via the ICO website
  • More information: www.ico.org.uk
derma-institute
athm

CONTACT US TO
BOOK A CONSULTATION

Or To Find Out More About The Range Of Treatments Available From Mona Lisa Cosmedics

Contact Us
Mona Lisa Cosmedics Logo

Mona Lisa Cosmedics, 83 Station Road, Barnet, EN5 1PX
Copyright © 2025 Mona Lisa Cosmedics. All rights reserved
Designed by: Smart Media, KomTek Ltd

020 8275 0853