Privacy Policy

Dr. Maurizio Persico is committed to protecting your privacy and handling your personal information with the highest standards of confidentiality and security.

🔒 GDPR Compliant

Full compliance with UK GDPR

🏥 Medical Confidentiality

Strict patient data protection

✅ Your Rights Protected

Full data subject rights

Last updated: 10 March 2026 | Next review: 10 March 2027

Privacy Policy

About This Privacy Policy

This Privacy Policy explains how Dr. Maurizio Persico ("we," "our," or "us") collects, uses, and protects your personal information when you visit our website, enquire about our services, or receive medical treatment from our practice.

As an aesthetic plastic surgeon practising in the United Kingdom, we are committed to maintaining the highest standards of patient confidentiality and data protection in accordance with UK GDPR, the Data Protection Act 2018, and medical confidentiality requirements.

Data Controller Information

Data Controller: Dr. Maurizio Persico Registration: GMC Number 4767547

What Personal Information We Collect

Website Visitors

When you visit our website, we may collect:

Automatically Collected Information:

  • IP address (anonymised)
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referral source
  • Device information (screen size, device type)
Information You Provide:
  • Contact form submissions
  • Newsletter subscription details
  • Consultation booking requests
  • Feedback and testimonials (with explicit consent)

Medical Consultations and Treatment

For patients receiving consultation or treatment, we collect:

Personal Details:

  • Full name and preferred name
  • Date of birth and age
  • Contact information (address, phone, email)
  • Emergency contact details
  • Next of kin information
Medical Information:
  • Medical history and current medications
  • Previous surgical procedures
  • Allergies and medical conditions
  • Physical measurements and assessments
  • Clinical photographs (with explicit written consent)
  • Treatment plans and surgical notes
  • Post-operative care records
Administrative Information:
  • Insurance details
  • Payment information
  • Appointment scheduling data
  • Communication preferences

Legal Basis for Processing

We process your personal data under the following legal bases:

Medical Treatment

  • Vital Interests: For emergency medical situations
  • Legitimate Interests: For direct medical care and treatment planning
  • Contract: To fulfil our treatment agreement with you
  • Legal Obligation: To comply with medical record-keeping requirements

Website and Marketing

  • Consent: For newsletter subscriptions and marketing communications
  • Legitimate Interests: For website functionality and improvement
  • Contract: To respond to your enquiries and consultation requests

Special Category Data (Medical Information)

  • Explicit Consent: For all medical photography and case studies
  • Medical Treatment: For providing healthcare services
  • Legal Claims: For professional indemnity and legal defence

How We Use Your Information

Medical Practice

  • Treatment Delivery: Planning and providing surgical and medical care
  • Medical Records: Maintaining comprehensive patient records
  • Follow-up Care: Post-operative monitoring and support
  • Professional Development: Anonymised case analysis for continuing education
  • Legal Compliance: Meeting GMC and regulatory requirements

Website and Communications

  • Service Provision: Responding to enquiries and booking consultations
  • Website Improvement: Understanding user behaviour to enhance our services
  • Marketing: Sending relevant information about our services (with consent)
  • Safety: Protecting against spam, abuse, and security threats

Medical Data Protection

Special Protections for Medical Information

As a medical practice, we apply enhanced protections to all health-related data:

Clinical Photography:

  • Separate written consent required for each use
  • Stored on secure, encrypted systems
  • Access restricted to authorised medical personnel
  • Never used for marketing without explicit additional consent
  • Automatic deletion after specified retention period
Medical Records:
  • Maintained for minimum 8 years (adult patients) or until 25th birthday (patients under 18)
  • Stored in secure, access-controlled systems
  • Regular backups with encryption
  • Access logged and monitored
  • Shared only with explicit patient consent or legal requirement
Mental Health Considerations:
  • Enhanced confidentiality for psychological assessments
  • Careful handling of body image and self-esteem related information
  • Support resources provided where appropriate

Medical Confidentiality

All medical information is subject to strict medical confidentiality rules:
  • Information shared only on a need-to-know basis within our medical team
  • No disclosure to third parties without explicit consent
  • Emergency disclosures only where patient safety is at immediate risk
  • Regular staff training on confidentiality obligations

Information Sharing and Disclosure

When We Share Information

Medical Professionals:
  • Referring GPs (with your consent)
  • Specialist consultants for second opinions
  • Emergency services in medical emergencies
  • Professional colleagues for clinical advice (anonymised)
Legal Requirements:
  • Court orders and legal proceedings
  • Regulatory investigations (GMC, CQC)
  • Public health emergencies
  • Prevention of serious crime
Service Providers:
  • IT support companies (under strict data processing agreements)
  • Medical insurance companies (with your explicit consent)
  • Payment processors (limited to transaction data only)
  • Secure cloud storage providers

International Transfers

Some of our service providers may process data outside the UK/EU:
  • Google Services: Protected by Google's adequacy decision and standard contractual clauses
  • Payment Processors: Secured under PCI DSS compliance and appropriate safeguards
  • Backup Services: Encrypted and protected by standard contractual clauses
We ensure all international transfers comply with UK GDPR requirements through appropriate safeguards.

Data Retention

Medical Records

  • Adult Patients: Minimum 8 years from last treatment
  • Patients Under 18: Until 25th birthday or 8 years from last treatment, whichever is longer
  • Deceased Patients: 8 years from date of death
  • Legal Claims: Extended retention until claim resolution plus 6 years

Website Data

  • Contact Enquiries: 3 years from last contact
  • Newsletter Subscriptions: Until you unsubscribe
  • Analytics Data: Maximum 26 months (anonymised)
  • CCTV Footage: 30 days (if applicable)

Secure Destruction

All data is securely destroyed when retention periods expire:
  • Digital data: Secure deletion and overwriting
  • Physical records: Confidential shredding
  • Clinical photographs: Secure deletion with certificate of destruction

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right of Access

  • Request copies of your personal data
  • Understand how we use your information
  • Receive information in a structured, commonly used format

Right to Rectification

  • Correct inaccurate personal data
  • Complete incomplete medical records
  • Update outdated contact information

Right to Erasure ("Right to be Forgotten")

  • Delete data when no longer necessary
  • Withdraw consent for specific processing
  • Medical Exception: Some medical records must be retained for legal compliance

Right to Restrict Processing

  • Limit how we use your data while we resolve disputes
  • Object to specific types of processing
  • Maintain records without active use

Right to Data Portability

  • Receive your data in a structured format
  • Transfer records to another healthcare provider
  • Facilitate continuity of care

Right to Object

  • Object to direct marketing (absolute right)
  • Object to processing based on legitimate interests
  • Object to automated decision-making

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling for medical decisions. All treatment decisions involve human clinical judgement.

Security Measures

Technical Safeguards

  • Encryption: All data encrypted in transit and at rest
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Regular Updates: Security patches and system updates
  • Backup Systems: Secure, encrypted, and regularly tested backups

Physical Safeguards

  • Secure Premises: Controlled access to all areas containing patient data
  • Locked Storage: Physical files in secure, locked cabinets
  • Clean Desk Policy: No patient information left unsecured
  • Visitor Controls: Supervised access for non-staff members

Organisational Safeguards

  • Staff Training: Regular privacy and security training for all staff
  • Confidentiality Agreements: All staff sign comprehensive confidentiality agreements
  • Incident Response: Established procedures for security breaches
  • Regular Audits: Periodic reviews of security measures and compliance

Breach Notification

In the unlikely event of a data breach:
  • Immediate Assessment: Breach severity and risk evaluation within 24 hours
  • ICO Notification: Report to Information Commissioner's Office within 72 hours if required
  • Patient Notification: Inform affected patients without undue delay if high risk to rights and freedoms
  • Remedial Action: Immediate steps to contain breach and prevent recurrence

Children's Privacy

Special protections apply to patients under 18:
  • Parental Consent: Required for treatment and data processing
  • Gillick Competency: Respected for mature minors' confidentiality rights
  • Extended Retention: Records kept until 25th birthday
  • Enhanced Security: Additional safeguards for vulnerable patients
We are particularly cautious about aesthetic procedures for minors and follow strict ethical guidelines.

Third-Party Services

Medical Equipment and Software

  • Practice Management Systems: Secure, healthcare-specific solutions
  • Imaging Systems: Encrypted storage and transmission
  • Communication Tools: Secure, healthcare-compliant platforms

Website Services

  • Analytics: Google Analytics (anonymised IP addresses)
  • Contact Forms: Secure transmission and storage
  • Cloud Services: UK/EU-based or adequately protected providers
All third-party services are carefully vetted and operate under strict data processing agreements.

Marketing and Communications

Newsletter and Updates

  • Explicit Consent: Required for all marketing communications
  • Easy Unsubscribe: One-click unsubscribe option in every email
  • Preference Management: Control frequency and type of communications
  • No Medical Information: Marketing never includes personal medical details

Social Media and Testimonials

  • Separate Consent: Required for any public use of patient stories
  • Anonymisation: Patient identities protected unless explicit consent given
  • Right to Withdraw: Consent can be withdrawn at any time
  • No Pressure: Patients never pressured to provide testimonials

International Patients

For patients travelling from abroad:
  • Home Country Laws: We respect patient rights under their home jurisdiction where possible
  • Clear Communication: Privacy practices explained in your preferred language where feasible
  • Secure Transfer: Safe transmission of records to home healthcare providers
  • Extended Support: Privacy support continues after return home

Updates to This Privacy Policy

We review this Privacy Policy annually and update it when:
  • Legal requirements change
  • Our services or practices evolve
  • Technology implementations change
  • Patient feedback indicates improvements needed
Notification Methods:
  • Website Notice: Updated policy posted with effective date
  • Email Notification: Current patients notified of significant changes
  • Consultation Discussion: Major changes discussed during appointments
  • Opt-out Rights: Option to withdraw consent for new uses

Complaints and Concerns

Internal Complaints Process

  1. Contact Us: Email us using the 'Email us' button on the cookie page of this site
  2. Investigation: We will investigate within 30 days
  3. Resolution: Written response with outcome and any corrective actions
  4. Appeal: Right to appeal our decision within 30 days

External Complaints

If you remain unsatisfied, you can contact:

Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Email: casework@ico.org.uk
  • Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
General Medical Council (GMC) (for medical concerns):
  • Website: gmc-uk.org
  • Phone: 0161 923 6602

Contact Information

Professional Registration Verification

GMC Registration: 4767547 Verification: gmc-uk.org/doctors Professional Indemnity: Details available upon request

Specific Patient Rights Summary

As a patient of Dr. Maurizio Persico, you have the right to:
  • Access your complete medical records
  • Receive copies of your clinical photographs (where applicable)
  • Request amendment of inaccurate medical information
  • Object to processing for marketing purposes
  • Withdraw consent for non-essential uses of your data
  • Request secure transfer of your records to another provider
  • Receive treatment without participating in research or case studies
  • Maintain confidentiality of your medical information

Legal Framework Compliance

This Privacy Policy ensures compliance with:
  • UK GDPR (General Data Protection Regulation)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • Human Rights Act 1998
  • GMC Good Medical Practice Guidelines
  • Professional Standards Authority requirements