Privacy Policy

Body Brilliant Ltd 

Last updated: January 2026

  1. Who we are 
    Body Brilliant Ltd provides medical and wellness services to clients internationally. 
    Website: www.bodybrilliant.co.uk 
    Email: hello@bodybrilliant.co.uk 
    We are the data controller for personal data collected through our services and website. 

  2. The data we collect 
    We collect and process the following types of data: 
    Personal information 
    - Name 
    - Date of birth
    - Contact details such as email, phone number, address
    - Booking and appointment details
    - Payment related information (processed securely by third party providers) 
    Special category data (health data)
    Medical history
    - Consultation notes 
    - Test results
    - Treatment records
    - Health questionnaires
    - Prescriptions and treatment plans
    Website data
    IP address
    - Browser and device information
    - Cookies and usage data 

  3. How we collect data
    We collect data when you:
    - Book appointments online
    - Complete medical forms or questionnaires
    - Attend consultations
    - Contact us by email, phone, or website
    - Use our website

  4. Why we use your data
    We use your data to:
    - Provide medical care and treatment
    - Maintain accurate patient health records
    - Manage appointments and bookings
    - Communicate with you about your care
    - Process payments
    - Meet legal and regulatory obligations
    - Improve our services and website 

  5. Legal basis for processing
    Depending on your location, we rely on one or more of the following legal bases:
    - Provision of healthcare or medical services
    - Performance of a contract when you book services
    - Legal or regulatory obligations
    - Legitimate interests in operating and improving our services
    - Consent, where required, including for marketing or certain treatments

    Where required by law, health data is processed for medical diagnosis, treatment, and healthcare management by qualified professionals subject to confidentiality obligations.

  6. International data transfers
    Your data may be stored or processed outside your country of residence.
    Where international transfers occur, we use appropriate safeguards, including:
    - Adequacy decisions
    - Standard contractual clauses
    - Secure systems and access controls

  7. Data storage and security
    We take reasonable and appropriate measures to protect your data.
    - Medical records are stored securely
    - Access is limited to authorised personnel
    - Encryption and secure systems are used where appropriate
    - Staff are trained in data protection and confidentiality

  8. How long we keep data
    We keep records only as long as required.
    - Medical records are retained in line with applicable medical and legal requirements
    - Financial and booking records are kept for accounting and legal purposes
    - Marketing data is kept until you withdraw consent
    Retention periods may vary depending on jurisdiction.

  9. Sharing your data
    We may share data with:
    - Healthcare professionals involved in your care
    - Laboratories and diagnostic providers
    - Booking and practice management software providers
    - Payment processors
    - Legal, regulatory, or professional bodies where required
    We do not sell your personal data.
    All service providers are required to protect your data and use it only for agreed purposes.

  10. Online bookings and payments
    Online bookings are processed through secure third party systems.
    Payment details are handled directly by our payment providers. We do not store full card details.

  11. Cookies
    Our website uses cookies to:
    - Ensure the site works properly
    - Analyse website usage
    - Improve user experience
    You can manage cookie preferences through your browser settings.

  12. Your rights
    You have the right to:
    - Access your personal data
    - Request correction of inaccurate data
    - Request erasure where legally allowed
    - Restrict processing
    - Object to processing
    - Data portability
    - Withdraw consent at any time
    To exercise your rights, contact us using the details above.

  13. Complaints
    If you have concerns about how we handle your data, please contact us first. 
    You may also have the right to complain to a data protection authority in your country of residence.

  14. Changes to this policy
    We may update this policy from time to time. 
    The current version will always be available on our website.