Privacy Policy

1. Introduction

Palm Springs Aesthetics Training (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect your personal information when you interact with our website or training services.

For the purposes of UK GDPR and the Data Protection Act 2018, the data controller is Lee Pedlar, trading as Palm Springs Aesthetics Training, Mill Farm Industrial Estate, Lisvane, Cardiff, CF14 0SH.

2. Information We Collect

We may collect and process the following types of personal data:

• Contact details: name, email address, telephone number
• Professional information: your medical registration body (NMC, GMC, GDC, GPhC, HCPC), professional role, and registration number (where required for course eligibility)
• Communication records: messages sent via our contact form, emails, or WhatsApp
• Course booking details: courses booked, payment confirmations, attendance records
• Photography and video: images and recordings taken during training sessions (with your consent)

3. How We Use Your Information

We use your personal data to:

• Respond to your enquiries and provide the training services you have requested
• Process course bookings and payments
• Issue CPD certificates upon successful course completion
• Provide post-course support via WhatsApp or email
• Verify your eligibility as a medical professional
• Send you relevant updates about your training (we will not send marketing communications without your explicit consent)
• Comply with our legal, clinical, and regulatory obligations

4. Legal Basis for Processing

We process your data under the following legal bases:

• Contract: To fulfil the training agreement between us.
• Legitimate interest: To operate our business, respond to enquiries, and improve our services.
• Consent: For any use of photography or video footage featuring you in marketing or promotional materials.
• Legal obligation: To meet regulatory and clinical record-keeping requirements.

5. Sharing Your Information

We do not sell your personal data. We may share your data only with:

• CPD accreditation bodies, where required to issue your certificate
• Trusted service providers (e.g. email delivery, payment processing, website hosting) who are bound by strict data protection terms
• Regulatory or legal authorities, where required by law

6. Data Retention

We retain your personal data only for as long as necessary:

• Enquiry data: up to 12 months if no booking proceeds
• Student records and CPD certificates: 8 years (in line with NHS clinical record-keeping best practice)
• Financial records: 7 years (as required by HMRC)
• Photography and video: until you withdraw consent

7. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to lawful retention periods)
• Object to or restrict processing in certain circumstances
• Withdraw consent where processing is based on consent
• Receive your data in a portable format
• Lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk

To exercise any of these rights, please contact us using the details below.

8. Cookies

This website does not currently use tracking or analytics cookies. Only essential cookies required for the site to function correctly are used. If we introduce analytics in the future, we will update this policy and request your consent via a cookie banner.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. All data is stored on secure servers within the UK or EU.

10. Contact Us

If you have any questions about this policy or how we handle your data, please contact: