1. Introduction
Interface Aesthetics Training Ltd (“Interface Aesthetics”, “we”, “us”, “our”) is committed to
protecting your personal data. This policy explains how we collect, use, store, share and protect
personal information in connection with our website, courses, events and services, in
accordance with the UK General Data Protection Regulation (UK GDPR) and the Data
Protection Act 2018.
This policy applies to delegates, prospective delegates, model patients, conference attendees,
sponsors, suppliers and visitors to our website.
2. Who We Are
• Company name: Interface Aesthetics Training Ltd
• Company No. 08882369
• ICO Registration: ZB326113
• Email: contact@interfaceaesthetics.co.uk
• Website: www.interfaceaesthetics.co.uk
We are the data controller for the personal data described in this policy.
3. Information We Collect
We collect information needed to respond to enquiries, manage delegate bookings and learning
records, coordinate model patients (including relevant health information for clinical safety),
organise events and conferences (including Interface Expo), operate our website, and
communicate with you. This may include contact details, professional registration details,
payment information, clinical and health information (model patients), course progress and
assessment records, marketing preferences, and technical data such as IP address and cookie
identifiers.
4. How We Use Information
We use personal data to: deliver our training and services; manage model patient coordination
and clinical safety; meet legal, insurance and awarding body (e.g. VTCT, JCCP) obligations;
process payments; organise and run events; respond to enquiries; improve our services and
website; and send marketing communications where you have consented or where permitted by
law (e.g. existing customer marketing under PECR ‘soft opt-in’ rules).
5. Third-Party Providers and Categories of Processing
We use a range of carefully selected third-party providers to operate our business and deliver
our services. The providers we use may change from time to time as our systems evolve. The
categories below, with current examples, are illustrative only and not exhaustive:
• CRM and sales management — e.g. HubSpot
• Clinical and practice management (model patients) — e.g. Pabau
• Learning management and delegate progress — e.g. LearnDash
• Website hosting and content management — e.g. WordPress
• Event and ticketing management — e.g. Nunify
• Task, workflow and project coordination — e.g. Monday.com, Google Sheets / Google
Workspace
• Email marketing — e.g. Mailchimp
• Messaging and customer communication — e.g. WhatsApp Business, Respond.io
• Social media and advertising — e.g. Meta (Facebook and Instagram, including
advertising and pixel/conversion tracking)
• Business email and office productivity — e.g. Microsoft Outlook / Microsoft 365
• Payments — e.g. Stripe, GoCardless, Zettle
• Accounting and finance — e.g. Xero
This list will be updated periodically, but we may add or change individual tools within these
categories without amending this policy each time. We maintain a current internal record of all
data processors and the categories of personal data they process, available on request. We
have data processing agreements in place with our processors where required, and we review
new tools for data protection compliance before adoption.
Each independent third-party provider operates under its own privacy policy, and we encourage
you to review these where relevant.
6. International Transfers
Some of our third-party providers (including certain CRM, messaging, social media and email
platforms) may store or process personal data outside the UK and European Economic Area, in
particular in the United States. Where this occurs, we ensure appropriate safeguards are in
place, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the
EU Standard Contractual Clauses, or reliance on an adequacy decision, as applicable.
7. Special Category (Health) Data
As part of model patient coordination for clinical training, we may process special category
health data (for example, medical history relevant to treatment suitability). We process this data
on the basis of explicit consent and/or substantial public interest in the provision of safe clinical
training, and only to the extent necessary for that purpose. This data is held in our clinical
practice management system and is subject to additional access controls.
8. Retention
Model patient records, including relevant clinical information, are generally retained for 10 years
in line with clinical record-keeping standards. Delegate learning and assessment records are
retained in line with awarding body requirements. Other personal data is retained only for as
long as necessary for the purposes it was collected, after which it is securely deleted or
anonymised.
9. Your Rights
Under UK GDPR you have the right to: access your personal data; request correction of
inaccurate data; request erasure where applicable; restrict or object to processing; request data
portability; and withdraw consent at any time where processing is based on consent. To
exercise these rights, contact us at contact@interfaceaesthetics.co.uk. You also have the right
to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
10. Cookies
Our website uses cookies and similar technologies. Please see our separate Cookie Policy for
full details.
11. Changes to This Policy
We may update this policy periodically to reflect changes in our practices, systems or legal
requirements. The “Last updated” date at the top of this page indicates when it was last revised.
12. Contact Us
If you have any questions about this policy or how we handle your personal data, please contact
us at contact@interfaceaesthetics.co.uk.