Last updated: 12 February 2026

1. Data Controller

The Data Controller is:

• Dr Nicoletta Gentili
• Website: https://drnicolettagentili.co.uk/
• Email: suztaylor57@outlook.com

2. Types of Data Collected

Through the appointment request form on our website, we collect the following categories of personal data:

• Identity data: first name, surname
• Contact data: email address, telephone number
• Other information: any notes or information you voluntarily provide in your appointment request message

3. Purpose of Processing and Legal Basis

Your personal data is processed for the following purposes:

a) Managing appointment requests (legal basis: performance of pre-contractual measures taken at the data subject’s request – Article 6(1)(b) UK GDPR)

• To process and respond to appointment requests
• To communicate with you to confirm, modify, or cancel appointments

b) Legal obligations (legal basis: compliance with legal obligations – Article 6(1)(c) UK GDPR)

• To comply with any obligations required by applicable law

4. Method of Processing

Personal data is processed using electronic and manual tools, with logic strictly related to the purposes indicated above and in such a way as to guarantee the security and confidentiality of the data.

5. Data Retention

Personal data will be retained for the time strictly necessary to manage your appointment request and, subsequently, for the period required by any applicable legal obligations.

6. Disclosure of Data

Personal data may be disclosed to:

• Authorised personnel of the Data Controller for the purposes stated above
• Third parties who provide services for the management of the website and booking system

Data will not be disclosed to third parties without your explicit consent, except where required by law.

7. International Data Transfers

The data collected may be transferred to and stored on servers located within the United Kingdom, the European Union, or in third countries that provide an adequate level of protection for personal data, in accordance with UK GDPR provisions.

8. Your Rights

Under the UK GDPR, you have the right to:

• Access (Article 15): obtain confirmation that processing of your personal data is taking place and access such data
• Rectification (Article 16): obtain rectification of inaccurate personal data
• Erasure (Article 17): obtain deletion of your data (right to be forgotten)
• Restriction (Article 18): obtain restriction of processing
• Data portability (Article 20): receive your data in a structured format and transmit it to another controller
• Object (Article 21): object to the processing of your personal data

To exercise these rights, please contact the Data Controller at: [insert email]

You also have the right to lodge a complaint with the supervisory authority:

• Information Commissioner’s Office (ICO): https://ico.org.uk/

9. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. We recommend that you review this page periodically to check for any updates.

10. Cookies

For information about the use of cookies on this website, please refer to our separate Cookie Policy [if applicable].