PRIVACY POLICY

Privacy Policy – The Sana Clinic

Last updated: 27/11/2025

1. Introduction

Welcome to The Sana Clinic. We are committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website thesanaclinic.com, contact us, or receive treatment at our clinic.

The Sana Clinic is operated by:

Mohajer Medical LTD
Company Number: 15105485
Registered in England & Wales
Trading as: The Sana Clinic
Data Controller: Dr Thana’a Mohajer Thaker, GMC No. 7602228

If you have any questions about this policy, please contact:
Email: mohajer.medical@gmail.com

Phone: 07836303417

2. What Personal Data We Collect

We may collect and process the following types of personal data:

A. Information you provide directly

  • Name

  • Contact details (email, phone number, address)

  • Date of birth

  • Medical history and relevant health information

  • Consultation notes, treatment photographs, and clinical records

  • Payment and billing details

  • Appointment information

  • Complaints or feedback

B. Information collected automatically

When you visit our website:

  • IP address

  • Browser type

  • Device information

  • Usage data

  • Cookies and tracking technologies (see Cookie Policy if applicable)

C. Special Category Data

As a medical aesthetics clinic, we collect health-related data for treatment purposes.
This is processed under Article 9(2)(h) of UK GDPR (healthcare provision).

3. How We Use Your Personal Data

We use your information for the following purposes:

Healthcare Provision

  • Assessing your suitability for treatment

  • Providing safe and appropriate medical care

  • Keeping accurate medical records

  • Monitoring treatment outcomes

Clinic Administration

  • Booking appointments

  • Communicating about your treatment

  • Managing payments and invoices

  • Record-keeping required by UK law and the GMC

Marketing (optional)

  • Sending clinic updates or educational content

  • Providing information about new services
    Marketing emails are sent only with your explicit consent, and you may opt out at any time.

Website Experience

  • Improving website functionality

  • Analysing usage to enhance user experience

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent – e.g., marketing communications

  • Performance of a contract – e.g., booking or delivering treatment

  • Legal obligation – e.g., regulatory requirements

  • Vital interests – in rare medical emergencies

  • Public interest – maintaining clinical records

  • Legitimate interests – improving clinic services

  • Provision of healthcare – for special category medical data under Article 9(2)(h)

5. How We Store Your Data

Your data is stored securely using encrypted, password-protected systems.
All medical records are kept in accordance with GMC, CQC (if applicable), and UK GDPR standards.

Data retention periods:

  • Medical records: 10 years (or longer if legally required)

  • Financial records: 6 years

  • Marketing data: until consent is withdrawn

6. Sharing Your Personal Data

We do not sell or share your data with third parties for advertising.

We may share your information with:

  • Healthcare professionals involved in your care (only with your consent)

  • Pharmacies for prescription dispensing

  • Payment processors

  • IT service providers (secure, GDPR-compliant systems)

  • Regulators or authorities if required by law (e.g., GMC, ICO)

All third parties must comply with UK GDPR and maintain strict data security.

7. International Transfers

We generally store personal data within the UK.
If data is transferred outside the UK, we ensure appropriate safeguards such as adequacy decisions or UK-approved Standard Contractual Clauses.

8. Your Rights

You have the following rights under UK GDPR:

  • Right to access your data

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restrict processing

  • Right to object to processing

  • Right to data portability

  • Right to withdraw consent at any time

  • Right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk

To exercise your rights, email us at mohajer.medical@gmail.com

9. Security Measures

We protect your personal data with:

  • Encrypted digital storage

  • Secure clinical software

  • Two-factor authentication

  • Staff confidentiality training

  • Physical security within the clinic

10. Cookies

Our website may use cookies to enhance your browsing experience.
If cookies are used, a separate Cookie Policy will provide full details.

11. Minors

We do not treat or collect information from individuals under 18 years of age, except where legally permitted and with parental or guardian consent.

12. Changes to This Policy

We may update this Privacy Policy occasionally.
The most recent version will always appear on this page.

13. Contact Us

If you have any questions or concerns regarding this policy or your data:

The Sana Clinic (Mohajer Medical LTD)
Email: mohajer.medical@gmail.com