SpotCheck - Privicy Policy

SpotCheck processes limited personal data from practitioners and their clients to provide GP and dermatology advice, and does so in line with UK GDPR and the Data Protection Act 2018.

1. Who we are

SpotCheck is a clinical advice and guidance service for cosmetic and aesthetic practitioners, operated by AesthetkLtd (“we”, “us”, “our”).
Our clinic address is: Aesthetk Clinic, First Floor, 40 Hutton Road, Shenfield, Brentwood, Essex, CM15 8LB.

We are the data controller for personal data collected through the SpotCheck website (https://spotcheck.uk) and SpotCheck web application, except where stated otherwise.

2. What this policy covers

This Privacy Policy explains how we collect, use, store and share personal data when you:

  • visit or use our website or web application;
  • register as a SpotCheck practitioner; or
  • submit client information and images for review.

It also explains your data protection rights under UK GDPR and the Data Protection Act 2018.

3. The data we collect

Practitioner data

We may collect:

  • identity details (name, title, professional role);
  • contact details (email address, phone number, clinic name, postal address);
  • login and profile data (username, password, usage preferences);
  • payment and billing details where relevant;

communication records, queries and feedback.

Client / patient data

When you submit a case, we may receive:

  • basic identifiers (initials or code, age, gender as required);
  • clinical information you provide (relevant medical history, medications, lesion description, treatment history);
  • clinical photographs and associated metadata;
  • your own notes and questions for our clinicians.

You should minimise identifying information where possible and follow your own professional and regulatory obligations when sharing client data.

Technical and usage data

We may collect:

  • IP address, browser type and version, device identifiers;
  • login dates and times, page views and interactions;
  • cookies and similar tracking technologies, subject to your preferences.

4. How we use personal data

We use personal data to:

  • Provide the SpotCheck service
    • create and manage practitioner accounts;
    • receive case submissions and provide clinical advice and reports;
    • communicate with you about cases, queries and support.
  • Meet legal, regulatory and insurance obligations
    • maintain appropriate clinical records of advice provided;
    • cooperate with regulators, insurers or legal bodies where lawfully required;
    • ensure information governance and audit trails.
  • Improve and protect our service
    • monitor performance and security of the web application;
    • troubleshoot, test and enhance features;
    • produce anonymised or aggregated statistics for service evaluation, training and audit.
  • Marketing and business communication
    • send service updates, training opportunities, and related SpotCheck or Aesthetk information to practitioner users, in line with your marketing preferences and applicable electronic marketing rules.

We do not use client images or clinical details for marketing without your explicit consent and, where required, explicit client consent.

5. Legal bases for processing

We process personal data on the following legal bases under UK GDPR:

  • performance of a contract (providing SpotCheck services to you as a registered practitioner);
  • compliance with legal obligations (e.g. clinical record‑keeping, regulatory requirements);
  • legitimate interests (service operation, security, quality improvement, professional communications with practitioners);
  • explicit consent for certain uses of special category data and for specific marketing activities where required.

Special category health data about clients is processed only where necessary for the provision of the SpotCheck advice service and subject to appropriate safeguards, and usually on the basis of your professional relationship with the client plus any consents you obtain.

6. Sharing your data

We may share personal data with:

  • clinicians engaged by SpotCheck (e.g. UK‑registered GPs and dermatology specialists) who need access to provide advice;
  • technical service providers who host or support the SpotCheck platform, email, payment or security services, under strict data processing agreements.
  • insurers, legal advisers, regulators or law enforcement where required by law or to establish, exercise or defend legal claims.

We do not sell personal data to third parties.

Where data is transferred outside the UK, we implement appropriate safeguards such as standard contractual clauses or equivalent measures required by law.

7. Data security

We take appropriate technical and organisational measures to protect personal data, including:

  • secure hosting and access controls for the SpotCheck web application;
  • encryption in transit and at rest where appropriate;
  • role‑based access for clinical and support staff;
  • regular monitoring, backup and security updates.

Despite these measures, no system is completely secure; users should also take care to protect login details and ensure their own devices and networks are secure.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including:

  • clinical advice records and associated client data, retained for periods consistent with relevant clinical record‑keeping guidance, insurer requirements and limitation periods;
  • practitioner account and billing records, retained for as long as you have an account and for a reasonable period afterwards for audit and tax purposes;
  • technical logs, retained for shorter periods needed for security, troubleshooting and analytics.

When data is no longer required, it is securely deleted or anonymised.

9. Your rights

Under UK data protection law you have the right to:

  • access a copy of your personal data (subject access);
  • request correction of inaccurate or incomplete data;
  • request erasure of your data in certain circumstances;
  • request restriction of processing;
  • object to processing based on legitimate interests or to direct marketing;
  • request data portability where applicable;
  • withdraw consent where we rely on consent (this will not affect previous lawful processing).

Some rights may be limited where we must retain information for legal, regulatory or clinical safety reasons.

To exercise your rights, please contact us using the details below. You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data.

10. Practitioner responsibilities

As a practitioner user you are usually the primary data controller for your clients’ records, including information you share with SpotCheck. You are responsible for:

  • obtaining appropriate consent or providing fair processing information to clients before sharing their data;
  • ensuring information is accurate, relevant and minimised;
  • complying with your own regulator, insurer and local data protection requirements.

Where we act as a processor on your behalf for certain functions, this will be documented in a separate data processing agreement if required.

11. Cookies and similar technologies

Our website and web application may use cookies and similar technologies to:

  • enable core functionality and security;
  • remember your preferences;
  • collect anonymised usage statistics to improve the service.

Where required, we will request your consent before setting non‑essential cookies and provide controls for you to update your preferences.

12. Links to other sites

The SpotCheck website may include links to external websites, training providers or partners. This Privacy Policy does not apply to those sites, and we are not responsible for their content or privacy practices. You should review their privacy policies separately.

13. Changes to this policy

We may update this Privacy Policy from time to time, for example to reflect changes in law, guidance or our services. The latest version will always be available on our website, and the “last updated” date will indicate when it was revised. Continued use of the service after changes are published means you accept the updated policy.

14. International users

SpotCheck is designed and operated for practitioners who are established and practising in the United Kingdom.​​
If you access or use SpotCheck from outside the UK, you are responsible for:

  • checking whether you are legally permitted to use SpotCheck in your country or region, including any local licensing, telemedicine, data protection or cross‑border health information rules that may apply;
  • ensuring that your use of SpotCheck complies with the laws, professional regulations and insurance requirements that apply to you and your clients.​

SpotCheck and Aesthetk Clinic do not warrant that the Site, services or any clinical advice are appropriate, permitted or available for use in any jurisdiction outside the UK, and accept no responsibility or liability if you choose to access or use the service in breach of any local law or restriction that applies to you.​

14. Contact us

For questions about this Privacy Policy or how we handle personal data, please contact:

  • Aesthetk Clinic / SpotCheck, First Floor, 40 Hutton Road, Shenfield, Brentwood, Essex, CM15 8LB; or

using the email address or contact form provided on the SpotCheck website or within the SpotCheck application.

Register Now