top of page




Last Updated January 2023



Business: Brow Ability
GDPR:  General Data Protection Regulation
Responsible Person: Nicole Foster
Register of Systems: a register of all systems or contexts in which personal data is processed by the company

Privacy Statement

Brow Ability recognises that personal privacy is an important issue and therefore adheres to the privacy policies in line with UK legislation.

Any personal information gathered through the website or through paperwork signed at the clinic will be used only for insurance and medical purposes. We hereby declare that we do not sell, license or trade your personal information to third parties. We also declare that we do not distribute your personal information to marketing companies or other such organisations.

The pages of this website use cookies for security purposes. These cookies are not used to capture or store personal information for any purpose other than to authenticate the user and are deleted as soon as a session is terminated. Information about the pages visited by logged-in users is stored for statistical analysis purposes, but individual usage patterns are not monitored.

Finally, we maintain logs of the website’s server activity. These log files include the IP address of every computer used to access the Brow Ability website. The log files are solely used to analyse usage of the Brow Ability website.

To exercise any of your privacy rights, or if you have any questions or concerns regarding this Privacy Notice or the data processing practices outlined herein, please contact us as follows:

Data Protection Policy

The Company is committed to processing data in accordance with its responsibilities under the GDPR.


Article 5 of the GDPR requires that personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to individuals.

  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

How we get the personal information and why we have it:


Most of the personal information we process is provided to us directly by you for one of the following reasons:


  • You are attending for a treatment

  • You are an employee for the company

  • you are attending as a student for a training course

How we collect data:


  • CCTV (video) Within the premises

  • Consent forms and medical history forms for treatments

  • Other forms if applicable

We use the information that you have given us in order to:


  • Ensure thorough safety of our customers

  • In order to carry out thorough consultations prior to treatments

  • In order to receive your formal consent prior to treatment

  • Assess medical history so that our practitioners can advise accordingly

Why do we feel it is necessary to install CCTV (video) within the premises:


  • Safety of our customers

  • Due to the nature of certain treatments & risks potentially involved

  • Crime Prevention

  • Due the nature of the business (Education, Training, Invasive treatments)

  • Safety of our staff

  • Protection of our Company

Some methods we use to make our customers/Staff aware of CCTV:


  • Notices situated around the premises

  • Data protection policy on our website

  • Consent forms completed with all staff

  • Verbally if required

Important Information

Here at Brow Ability, we take privacy of our customers and our staff very seriously and whilst ensuring that we have the correct processes in place for the company and our customers, its very important to us that our customers and staff are aware that we as a company respect your privacy and do everything we can in order to minimise the impact on this.


Your data protection rights

Under data protection law, you have rights including:

  • Your right of access- You have the right to ask us for copies of your personal information. 

  • Your right to rectification- You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

  • Your right to erasure- You have the right to ask us to erase your personal information in certain circumstances. 

  • Your right to restriction of processing- You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

  • Your right to object to processing- You have the the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability- You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.


Please contact us using the contact details above to make any form of request



The Company shall take reasonable steps to ensure personal data is accurate. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.


Storing of Data

To ensure that personal data is kept for no longer than necessary, The Company shall put in place an archiving policy for each area in which personal data is processed and review this process annually. The archiving policy shall consider what data should/must be retained, for how long, and why. Storage location: 15 Sutton Oak Corner, Birmingham, B74 2DH



The Company shall ensure that personal data is stored securely using software that is kept-up-to-date and also in lockable filing storage. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information. When personal data is deleted this should be done safely such that the data is irrecoverable.


How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact page on our website. You can also complain to the ICO if you are unhappy with how we have used your data.


The ICO’s address:            

Information Commissioner’s Office

Wycliffe House

Water Lane





Helpline number: 0303 123 1113


ICO website:

bottom of page