Book Now

Privacy Policy

Last updated: 15 June 2026

This policy explains how Fortes Clinic collects, uses, shares and protects your personal information — including your health information — when you contact us, use our website, or receive treatment and care.

1. WHO WE ARE

Fortes Clinic (“we”, “us”, “our”) is a hair restoration and trichology clinic based in London. We are the data controller responsible for your personal information under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to protecting your privacy and handling your information responsibly, transparently and securely. As a healthcare provider, we understand that the information you share with us is sensitive, and we treat it with the confidentiality and care it deserves.

Our details:
Fortes Clinic
22 Clifton Road, Little Venice, London, W9 1ST
Phone: 020 7286 0000
Email: hello@fortesclinic.co.uk

We are registered with the Information Commissioner’s Office (ICO), registration number [INSERT ICO REGISTRATION NUMBER]. The ICO is the UK’s supervisory authority for data protection.

2. INFORMATION WE COLLECT

We collect personal information in a number of ways: when you fill in a form on our website, book a consultation or appointment, contact us by phone or email, attend the clinic, or interact with our online services. The types of information we collect include:

Information you give us:

  • Identity and contact details — your name, date of birth, postal address, email address and telephone number.
  • Health and medical information — details of your hair loss, medical history, current medications, allergies, photographs of the treatment area, consultation notes, treatment plans and aftercare records. This is “special category” data (see section 3).
  • Appointment and booking information — the consultations, procedures and treatments you book or receive, including through our online booking system.
  • Payment information — details needed to process payments for treatment. Card payments are handled by our secure payment providers; we do not store full card numbers.
  • Correspondence — the content of enquiries, messages, reviews and other communications you send us.

Information we collect automatically:

  • Technical and device data — your IP address, browser type, device information, operating system and approximate location.
  • Usage data — how you use our website, including pages visited, links clicked, and time spent on the site, collected through cookies and similar technologies (see section 5).

Information from other sources:

  • Referrals from other healthcare professionals or clinics, where relevant to your care.
  • Publicly available sources and platforms you choose to use, such as Google reviews or our social media pages.
  • Our advertising, analytics and booking partners, who may share information about how you found or interacted with us.

3. YOUR HEALTH INFORMATION (SPECIAL CATEGORY DATA)

Information about your health is treated as “special category” personal data under the UK GDPR and receives extra legal protection. Because we are a healthcare provider, handling this information responsibly is central to what we do.

We only process your health information where we are permitted to do so by law. In addition to having a lawful basis under Article 6 of the UK GDPR, we rely on one or more of the following conditions under Article 9:

  • Your explicit consent — for example, when you ask us to assess your suitability for treatment or agree to a procedure.
  • The provision of health care or treatment — processing necessary for medical diagnosis, the provision of care and treatment, and the management of our healthcare services, carried out by or under the responsibility of a health professional who owes a duty of confidentiality.
  • The establishment, exercise or defence of legal claims, where necessary.

All members of our clinical team are bound by professional and legal duties of confidentiality.

4. HOW AND WHY WE USE YOUR INFORMATION

We use your personal information only where we have a lawful basis to do so. Our main purposes and the lawful basis we rely on for each are set out below.

  • Responding to your enquiries and consultation requests — Legitimate interests; steps to enter into a contract; consent.
  • Assessing your suitability for treatment and providing care — Contract; explicit consent; provision of health care (Article 9).
  • Managing bookings, appointments and aftercare — Contract; provision of health care.
  • Taking payment for treatment — Contract; legal obligation.
  • Keeping accurate medical records — Legal obligation; provision of health care.
  • Sending you service messages (e.g. appointment reminders) — Contract; legitimate interests.
  • Sending marketing about our treatments and offers — Consent.
  • Improving our website, services and patient experience — Legitimate interests; consent (for analytics cookies).
  • Meeting regulatory, safeguarding and legal obligations — Legal obligation.
  • Protecting our clinic, staff and patients, and handling complaints or claims — Legitimate interests; legal claims.
  • Using before-and-after photographs in marketing — Explicit consent (which you can withdraw at any time).

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms and concluded that our use of your information is fair and does not override your interests. You can ask us for more detail on this assessment at any time.

5. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar technologies to make the site work, to understand how it is used, and to support our marketing. Cookies are small files stored on your device.

  • Strictly necessary cookies — required for the website to function. These do not need your consent.
  • Analytics cookies — help us understand how visitors use the site so we can improve it. We use tools such as Google Analytics, managed through Google Tag Manager.
  • Marketing and advertising cookies — used to measure and improve our advertising and may be set by partners such as Google and Meta (Facebook/Instagram).

We only set non-essential cookies (analytics and marketing) with your consent, which you give through our cookie banner. You can change or withdraw your preferences at any time, and you can also manage cookies through your browser settings.

6. WHO WE SHARE YOUR INFORMATION WITH

We do not sell your personal information. We only share it where necessary to provide our services, to meet our legal obligations, or with your consent. The categories of recipients include:

  • Healthcare professionals and partners involved in your care, where relevant and with appropriate safeguards.
  • Our booking and practice management providers, who host our online booking and appointment system.
  • Website, form and customer-management providers, who help us run our website, enquiry forms and communications.
  • Payment processors, who securely handle payments for treatment.
  • Analytics and advertising providers, such as Google and Meta, where you have consented to the relevant cookies.
  • Professional advisers and insurers, including legal, accounting and insurance advisers, where necessary.
  • Regulators and authorities, such as the Care Quality Commission, the General Medical Council, or other bodies, where we are required or permitted to do so by law.

Where we use third parties to process information on our behalf, we put written agreements in place requiring them to protect your information and to use it only as instructed.

7. INTERNATIONAL DATA TRANSFERS

Some of our service providers may store or process information outside the United Kingdom. Where information is transferred outside the UK, we make sure appropriate safeguards are in place, such as UK “adequacy” regulations or the International Data Transfer Agreement (or equivalent contractual clauses), so that your information receives a level of protection consistent with UK law.

8. HOW LONG WE KEEP YOUR INFORMATION

We keep your personal information only for as long as necessary for the purposes set out in this policy, and to meet our legal, regulatory and professional obligations.

  • Medical and treatment records are retained in line with professional and legal record-keeping requirements for healthcare providers. For adult patients this is typically a minimum of several years after your last treatment or contact.
  • Enquiry and consultation data for people who do not go on to receive treatment is kept for a shorter period, after which it is deleted or anonymised.
  • Financial records are kept for as long as required by tax and accounting law.
  • Marketing data is kept until you withdraw your consent or unsubscribe.

9. HOW WE PROTECT YOUR INFORMATION

We take the security of your information seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse or alteration. These measures include access controls, secure storage, staff confidentiality obligations, and the use of reputable, security-conscious service providers.

While we work hard to protect your information, no method of transmission over the internet is completely secure. If we become aware of a personal data breach that is likely to affect your rights, we will notify you and the ICO where we are required to do so.

10. YOUR RIGHTS

Under data protection law, you have rights over your personal information. Subject to certain conditions, these include the right to:

  • Be informed about how we use your information (this policy).
  • Access the personal information we hold about you.
  • Rectification — to have inaccurate or incomplete information corrected.
  • Erasure — to ask us to delete your information in certain circumstances (this may be limited where we must keep medical records by law).
  • Restrict processing of your information in certain circumstances.
  • Object to certain processing, including direct marketing.
  • Data portability — to receive certain information in a portable format.
  • Withdraw consent at any time, where we rely on your consent.

To exercise any of these rights, please contact us using the details in section 14. We will respond within one month. We will not charge a fee in most cases, and we may need to verify your identity before acting on your request.

11. MARKETING CHOICES

We will only send you marketing communications where you have agreed to receive them, or where the law otherwise allows. You can opt out at any time by clicking “unsubscribe” in any marketing email, replying to ask us to stop, or contacting us directly. Opting out of marketing will not affect the messages we send you about your care, appointments or treatment.

12. CHILDREN’S PRIVACY

Our services are intended for adults. We do not knowingly collect information from children, and our website is not directed at them. Where we provide treatment to anyone under 18, we do so only with appropriate consent and additional safeguards in place.

13. CHANGES TO THIS POLICY

We may update this privacy policy from time to time to reflect changes in our practices, services or legal obligations. When we make changes, we will update the “last updated” date at the top of this page. We encourage you to review this policy periodically.

14. HOW TO CONTACT US AND HOW TO COMPLAIN

If you have any questions about this policy, or you would like to exercise your rights, please contact us:

Fortes Clinic
22 Clifton Road, Little Venice, London, W9 1ST
Phone: 020 7286 0000
Email: hello@fortesclinic.co.uk

Complaints:
We hope to resolve any concerns directly, so please contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

Website: ico.org.uk
Helpline: 0303 123 1113
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

THIS IS WHY YOU SHOULD PLAN YOUR HAIR TRANSPLANT FOR THE LONG TERM

Discover the Hair Transplant Principles That Protect Natural Results Over Time

Not all hair transplants are planned the same way.
Our free guide explains the 10 essentials every patient should understand before booking, including donor area limits, hairline design, long-term hair loss planning, recovery expectations, and how to choose the right clinic beyond price alone.

10 Must Know Tips Before Getting a Hair Transplant Page 1