Privacy policy

Last updated: January 29, 2026

Who are we 

When we refer to 'we’ (or 'our’ or 'us’), that means Laser and Skin Clinics Limited  (hereinafter referred to as "Laser and Skin Clinics" or by our trading name). Laser and  Skin Clinics acts as the Data Controller for the purposes of the General Data Protection  Regulation (EU) 2016/679 ("GDPR") and the Data Protection Act 2018 (as amended) in  respect of your personal data. 

Privacy notice overview 

This Privacy Notice describes how and why we, as Data Controller, obtain, store and  process personal data. 'Personal data’ means any information relating to an identified or  identifiable natural person. An identifiable natural person is one who can be identified,  directly or indirectly, in particular by reference to an identifier such as a name, an  identification number, location data, an online identifier or to one or more factors specific  to the physical, physiological, genetic, mental, economic, cultural or social identity of that  natural person. We commit to processing your personal data fairly, lawfully, and  transparently. In the spirit of data privacy principles, we will only collect and use your  personal data for the following purposes, to: 

• Provide our services 

• Improve our services 

• Make our marketing more relevant 

• Meet our legal responsibilities 

Please do not hesitate to contact us if you have questions in addition to the information  provided in this Privacy Notice at info@laserandskin.ie. 

As a laser and skin clinic, we process special category personal data, including health  data, within the meaning of Article 9 of the GDPR. This includes, but is not limited to: 

• Medical history and health conditions relevant to treatment 

• Skin conditions, allergies, and sensitivities 

• Treatment records and clinical notes 

• Before and after photographs for treatment purposes 

• Medication information 

• Consultation notes and treatment plans 

• We process this special category data on the following legal bases: • Your explicit consent (Article 9(2)(a) GDPR), which we obtain prior to any  consultation or treatment 

• Where processing is necessary for the provision of health or social care  treatment (Article 9(2)(h) GDPR) 

• Where processing is necessary for reasons of public health (Article 9(2)(i) GDPR) 

You have the right to withdraw your consent to the processing of your health data at any  time. However, please note that withdrawal of consent may affect our ability to provide  treatment services to you, and certain health records must be retained in accordance with  our legal obligations as set out in the 'Retaining Your Data' section below. 

Photography and Imaging

We may take photographs or other images of treatment areas before, during, and after  treatment for the following purposes: 

• Clinical record-keeping and treatment monitoring 

• Training and quality assurance (with your explicit consent) 

• Marketing and promotional materials (with your separate explicit consent) 

We will always obtain your explicit written consent before taking any photographs. You  may consent to clinical photography while declining consent for marketing use.  Photographs used for marketing purposes will be anonymised unless you provide specific  consent for identifiable images to be used. 

Special Category Data (Health Information) 

The personal data we collect 

Depending on the type and level of engagement you have with us, we may collect the  following categories of personal data: 

• Identifying and Demographic Information: such as your full name, date of birth,  email address and phone number (if provided) 

• Billing Information: such as payment preferences, address, bank account details  (if provided) 

• Communications: such as a records of our interactions with you using one or  multiple of the following; direct messages, emails, posts, phone conversations • User Feedback: while using our services, occasionally you may be asked to  provide feedback. Providing this feedback is entirely optional. 

When you visit our website, we collect technical data such as: 

• Usage data: (if permitted) we collect certain information related to your device,  such as your device’s IP address, what pages your device visited, and the time  that your device visited our website (for more information please see 'Our Use of  Analytics' section) 

• Cookies: (if permitted) your IP Address and other information provided to us by  cookies (for more information please see our Cookies Policy) 

• Video Recordings: such as CCTV footage in any of our physical premises. Please  contact us at info@laserandskin.ie for more information on our data retention  policy for CCTV footage. 

• Children's Data 

• Our services are designed for a general audience. We do not knowingly collect  personal data from, or direct our services to, children under the age of 16. If you  are under the age of 16, you are not permitted to use our website or submit your  personal data to us without verifiable parental or guardian consent. 

• Where we provide treatment services to individuals under the age of 16, we  require written consent from a parent or legal guardian prior to any consultation  or treatment. The parent or guardian must be present during consultations and  treatments for minors. 

• If we become aware that we have collected personal data from a child under 16  without appropriate parental consent, we will take steps to delete that information  as soon as reasonably practicable. If you believe we may have collected 

information from a child under 16 without proper consent, please contact us  immediately at info@laserandskin.ie. 

How we collect your data 

We may collect your personal data in one of the following ways: 

• When you create an account with us 

• When you provide additional information directly into our products and services • When you visit our website 

• When you express an interest to use our services 

• When you contact us for service related queries 

• When you engage with us on social media 

• When you review our services 

• When you interact with our website (see our Cookies Policy for more details) • When you apply for an employment vacancy with us 

• When you subscribe to our newsletter or blog 

• When you contact us with queries using our website chatbot 

• When you buy products/services using our online checkout 

We may also receive data about you from various third parties, including: 

• Technical data from analytics providers. Please see further information in the  section entitled 'Our Use of Analytics' 

• Technical data from our website and cookies providers. Please see further  information in the section entitled 'Our Use of Cookies' 

• Contact and/or transactional data from our trusted third party providers. Please  see further information in the section entitled 'How We Share Your Data' 

How we use your personal data 

We will only collect and process your personal data where we have a legal basis to do so.  As a data controller, the legal basis for our collection and use of your personal data varies  depending on the manner and purpose for which we collected it. We will only collect  personal data from you when: 

• We have your consent to do so, or 

• We need your personal data to perform a contract with you, or 

• We are pursuing our legitimate interests in a way that you might reasonably  expect to be a part of running our business and that does not significantly impact  your interests, rights, and freedoms. For example, communicating with you if we  have a sufficient legal ground based on the e-marketing laws in your country 

• We have a legal obligation to collect or disclose personal data from you (for  example, in suspected instances of fraud we may need to give personal data to  relevant government bodies), or where processing is necessary for the  establishment, exercise or defence of legal claims, or where processing is  necessary for reasons of substantial public interest. 

Why we process your personal data

We process your personal data in order to fulfil any of the activities below: 

• Setting up an account with us 

• Providing, operating, and maintaining our services 

• Providing communications to existing customers or subscribed users • Processing and completing transactions, and sending related information,  including transaction confirmations and invoices 

• Managing our customers’ use of our services, responding to enquiries and  comments, and provide customer service and support 

• Sending customers technical alerts, updates, security notifications, and  administrative communications 

• Investigating and preventing fraudulent activities, unauthorised access to our  services, and other illegal activities 

• Complying with our legal and regulatory obligations, including medical record keeping requirements under Irish law and guidance from the Medical Council of  Ireland 

How we share your data 

We sometimes share your personal data with our trusted categories of third parties we  use to conduct our business. Our trusted categories of third parties include: 

• Website provider 

• Cloud service (SaaS) providers 

• Social media providers 

• Professional services providers (e.g., our lawyers, accountants, and insurance  providers) 

• E-marketing providers 

• Advertising providers 

• Recruitment partners 

• Payment providers 

• Medical insurance providers (where applicable and with your consent) • Referring healthcare practitioners (where applicable and with your consent) • Medical device and product suppliers (where necessary for treatment purposes) 

A full list of our data sub-processors can be found in our Privacy Center on our website. 

As part of fraud monitoring and prevention, we may be legally required to share your  personal data with government bodies and law enforcement. Please note that these  bodies may retain a record of the information that we provide to them for this purpose. 

Marketing preferences 

We may send you marketing communications, product information and promotional offers: 

• If you have consented to receiving such communications from us, or • If you have recently created an account with us and not opted out of receiving  such communications from us, or 

• If you have bought a product or service from us and have not opted out of  receiving communications from us, or

• If you are from a country where the laws permit us to send you such  communications 

You will always have full control of your marketing preferences. If you do not wish to  continue receiving marketing information from us at any time: 

• You can unsubscribe or 'opt-out’ by using the unsubscribe link included in the  footer of any marketing message from us; or 

• You can unsubscribe by managing your preferences using the our Privacy Center  on our website 

We will process all opt-out requests as soon as possible, but please note that due to the  nature of our IT systems and servers it may take a few days for any opt-out request to be  implemented. 

Our use of cookies 

Our website uses cookies. They help us to provide you with the very best experience when  you browse our website and to make improvements to our website. You can accept or  reject cookies by clicking on the cookie consent banner on our website or by navigating  to the 'Cookies Preferences’ Area in our Privacy Center on our website. 

For detailed information on the cookies which we use and the reasons why we use them,  please refer to our Cookie Policy and Cookie Declaration in our Privacy Center on our  website. 

Our use of analytics 

We use analytics tools on our website and services. For example, we use tools such as  Google Analytics to analyse and improve our suite of product features, website content,  knowledge center content and marketing campaigns. 

If you would like any further information about the data collected by these third parties or  the way in which the data is used, please contact us on info@laserandskin.ie . 

Our use of targeted advertising 

We use targeted advertising tools to advertise our services, including (but not limited to): 

• Google Analytics 

• Facebook (including Instagram) 

• TikTok 

• LinkedIn 

• Google Ads 

We use these tools to deliver relevant content to you in marketing communications (where  applicable), and to measure the effectiveness of the advertising provided. 

If you would like any further information about the data collected by these third parties or  would like to opt-out of targeted advertising, please contact us on info@laserandskin.ie. 

Links to other websites and third parties

Our website may include links to social media platforms and other websites. If you follow  a link to any of these platforms or websites, please note that they their own privacy policies  and that we do not accept any responsibility or liability for these policies. Please check  these policies before you submit any personal data to their platforms or websites. 

Securing your data 

The communication between your browser and our website uses a secure encrypted  connection wherever your personal data is involved. 

We have put in place physical, electronic and managerial security procedures in the  storage and disclosure of your personal data to protect it against accidental loss,  destruction or damage. Nevertheless, any data transmission over the internet or by any  other means can never be fully secure, such is the character of the internet, and provision  of personal data by you to us is at your own risk. We take all reasonable measures to  protect your personal data by putting appropriate technical and operational security  measures in place. 

When we disclose your personal data to trusted third parties (for the purposes set out in  this Privacy Notice and our list of Data Sub-Processors), we require all third parties to  have appropriate technical and operational security measures in place to protect your  personal data, and we work with them to ensure that your data privacy rights are  respected. Where your personal data is shared with a third party, it must only be used for  the purposes for which it was supplied. 

In the unfortunate event of a personal data breach that is likely to result in a risk to your  rights and freedoms, we will notify the Data Protection Commission within 72 hours of  becoming aware of the breach in accordance with Article 33 of the GDPR. Where the  breach is likely to result in a high risk to your rights and freedoms, we will also notify you  without undue delay in accordance with Article 34 of the GDPR. 

Retaining your data 

We will not keep your personal data for longer than is necessary for the purposes for which  it was collected. When we no longer need to keep your personal data, we will securely  destroy, delete or anonymise it in accordance with our Data Retention Policy. Specific  retention periods include: 

• Medical and treatment records: A minimum of 7 years from the date of last  treatment for adult patients, or until the patient reaches the age of 25 (or 7 years  from the date of last treatment, whichever is longer) for patients who were minors  at the time of treatment, in accordance with Medical Council of Ireland guidelines 

• Financial and transaction records: 6 years from the end of the relevant financial  year, in accordance with Irish tax legislation 

• CCTV footage: [INSERT PERIOD, typically 30 days unless required for  investigation purposes] 

• Marketing consent records: Until consent is withdrawn, plus a reasonable period  thereafter to maintain suppression lists 

• Employment application records: 12 months from the date of application (unless  consent is given for longer retention)

Having obtained your consent (or other legal basis) to contact you, we will retain your  personal data for marketing and analysis purposes until you withdraw your consent or  unsubscribe. If you choose to withdraw your consent or unsubscribe from marketing, we  will delete your personal data from our systems, unless we have another legal basis to  retain it, which may include performance of our contract with you or to maintain your  contact details on an 'unsubscribed list' to ensure we do not send you further  communications. 

We may need to retain your personal data to satisfy our legal obligations, to deal with  complaints and queries, in order to resolve, litigate or defend a dispute and to prevent  fraud and abuse. 

Data transfers 

Our servers are located in the European Union. However, the personal data we collect  from you may be transferred to, and stored at, destinations outside the European  Economic Area ("EEA") using legally provided mechanisms to lawfully transfer data across  borders, including Standard Contractual Clauses approved by the European Commission,  adequacy decisions, or other appropriate safeguards as required under Chapter V of the  GDPR. Where we rely on Standard Contractual Clauses, we conduct transfer impact  assessments to ensure adequate protection of your personal data. It may also be  processed by staff operating outside the EEA who work for us or for one of our suppliers.  Such staff may be engaged in, among other things, the provision of our services to you.  We will take all steps necessary to ensure that your data is treated securely and in  accordance with this privacy notice. Please contact us if you want further information on  the countries to which we may transfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA – info@laserandskin.ie 

Your rights and our commitment to you 

You have rights under data privacy laws and Laser and Skin Clinics is committed to you  being able to freely exercise your Rights. Where possible, we have incorporated  automated tools on our website that enable you to facilitate your rights in real-time. Use  the Laser and Skin Clinics Privacy Center to access and manage your personal data that  we process and manage your preferences. You are not required to pay any charge for  exercising your rights. Your rights include, under certain circumstances, the right to: 

Be informed: you have the right to be informed if and how your personal data is being  processed. 

Access, rectification, or erasure: you have the right of access to personal data we hold  about you in our records. You are also entitled to have your personal data corrected if it is  inaccurate, or to have it erased if we do not have a legitimate reason for retaining your  data. Please note that your right to erasure may be limited where we are required to retain  medical records in accordance with our legal obligations or professional guidelines, or  where retention is necessary for the establishment, exercise or defence of legal claims 

To request data portability: for personal data which you have provided to a controller,  where processing was based on your consent, or where processing is done by automated  means, you have the right to obtain a digital copy of your personal data, request the 

transfer of your personal data to another company or request to move your data from one  IT system to another in a safe and secure way. 

To request restriction of processing: you have the right to restrict the processing of your  personal data where you are contesting the accuracy of that information, you have  objected to processing (as described below), or where the processing is unlawful. Where  processing is restricted, we are may need to retain sufficient information about you to  ensure that the restriction is respected in future. 

To object to automated decision-making including profiling: you have the right not to be  the subject of any automated decision-making or profiling by us. 

To withdraw consent: in cases where we are relying on your consent for the processing of  your personal data, you have the right to withdraw your consent at any time. In respect of  the e-marketing we conduct, an unsubscribe option is included with every e-marketing  communication we send. 

To object to processing: where your personal data is being processed based on the  legitimate interests of a data controller or third party, you have the right to object to that  processing. 

To complain to the relevant supervisory authority: should you have any concerns or  complaints regarding the way in which we process your data, you also have the right to  make a complaint to the Data Protection Commission (DPC), the Irish supervisory  authority. We would, however, appreciate the chance to deal with your concerns before  you approach a Supervisory Authority, so please do contact us in the first instance  info@laserandskin.ie. The contact details of European Supervisory Authorities can be  found here: www.dataprotection.ie or by post to: Data Protection Commission, 21  Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland 

Cookies Preferences: you can accept or reject cookies by navigating to the ‘Cookies  Preferences’ Area in our Privacy Center on our website. You can also do so by adjusting  your web browser controls. Please consult our Cookie Policy for more information about  our use of cookies on the website and how to accept and reject them. 

Automated Decision-Making and Profiling 

We do not use automated decision-making, including profiling, that produces legal effects  concerning you or similarly significantly affects you without human intervention. Any  treatment recommendations are made by qualified practitioners following individual  consultation. 

We may use profiling for marketing purposes to segment our customer base and provide  you with more relevant communications. You have the right to object to this profiling at  any time by contacting us or using the preference management tools in our Privacy Center. 

Changes to this privacy notice 

We may update this privacy notice from time to time and we will inform all our paying  customers and users subscribed to receive communications from us of any changes. 

How to contact us

We welcome feedback and are happy to answer any questions you may have about your  data. You can contact us at: 

Email: info@laserandskin.ie 

This notice was most recently updated: 26th January, 2026