GDPR compliance

GDPR Data Processing Notice

This notice sets out, in clear terms, how Lifecycle Aesthetic processes personal data in accordance with the UK GDPR and EU GDPR. It complements our Privacy Policy and focuses on the principles, roles, and safeguards that govern our processing.

Last updated: 23 June 2026

Lifecycle Aesthetic is an information and coordination platform. It is not a clinic and does not provide medical procedures. All medical decisions must be made directly with your chosen provider.

1. Data protection principles

We process personal data in line with the GDPR's core principles:

  • Lawfulness, fairness, and transparency.
  • Purpose limitation — data is used only for the coordination purposes stated.
  • Data minimisation — we collect only what is necessary.
  • Accuracy — we take reasonable steps to keep data correct.
  • Storage limitation — data is kept no longer than necessary.
  • Integrity and confidentiality — appropriate technical and organisational security.
  • Accountability — we can demonstrate our compliance.

2. Controller and processor roles

Lifecycle Aesthetic is the data controller for personal data collected through the platform for coordination purposes. Providers you select are independent controllers for the data you share with them. We engage processors (such as hosting and email providers) under written data processing agreements that require GDPR-compliant safeguards.

3. Lawful bases for processing

  • Explicit consent — to coordinate your enquiry and forward your details to a provider.
  • Legitimate interests — to secure, maintain, and improve the platform.
  • Legal obligation — where retention or disclosure is required by law.

4. Special category data

We do not require health or other special category data to coordinate an enquiry. Any clinical or health information should be shared directly with your chosen provider, who is responsible for handling it under the appropriate legal conditions.

5. Your rights as a data subject

  • Right to be informed and right of access.
  • Right to rectification and right to erasure.
  • Right to restrict or object to processing.
  • Right to data portability.
  • Right to withdraw consent and to lodge a complaint with a supervisory authority (e.g. the UK ICO or your national EU authority).

6. Security and breach response

We apply appropriate technical and organisational measures to protect personal data. In the event of a personal data breach that poses a risk to individuals, we will notify the relevant supervisory authority and affected individuals as required by law.

7. Exercising your rights

To make a data subject request, contact our data protection team through the platform. We verify requests and respond within the statutory timeframe.

Questions about this policy?

Our governance team is available to clarify how Lifecycle Aesthetic handles data, verification, and coordination.

Contact our team