Privacy Notice

The Skin Lounge Dermal Aesthetics (Pty) Ltd ("we", "us") is the responsible party for your personal information under the Protection of Personal Information Act 4 of 2013 (POPIA). We operate from 39 Kloof Street, Gardens, Cape Town.

Contact us via our contact form · WhatsApp 072 023 6270.

We have appointed an Information Officer who is responsible for how your personal information is handled and for dealing with your requests and any complaints:

Jessica Charls
Contact via our contact form (your message reaches the Information Officer directly).

To provide your treatment safely we collect:

• Personal details — your name, date of birth, email address, mobile number and doctor's details.
• Identity number (SA ID or passport) — used to bind your signed indemnity to a verifiable identity.
• Health information — your skin type, concerns, treatment history, products, medications, allergies and relevant medical history. This is "special personal information" under POPIA and is given extra protection.
• Your signed indemnity — the consent you give, with the date, time and technical details of your signature (for a tamper-evident record).

We process this information to assess and provide your dermal aesthetic treatment, to obtain your informed consent and indemnity, and to keep the records required of us. Our lawful basis is your consent (which you give on the intake form) together with our legitimate need to carry out and keep proper records of your treatment. We only collect what we need for these purposes.

We will only send you marketing, or use your before-and-after photographs, if you have separately opted in on the intake form. These are entirely optional and independent of your treatment. You may withdraw either consent at any time by contacting us — see "Your rights" below.

We do not sell your personal information. We share it only with trusted service providers (operators) who help us run the practice — such as our secure hosting and email providers — under confidentiality obligations, and only where the law requires it (for example a lawful request from a regulator). Your health information is never published without your specific written consent.

Your information is held on a server in South Africa and protected with: encryption of your ID number, health information and signature; encrypted connections (HTTPS/TLS); strict access control with two-factor authentication for staff; and full audit logging of who views or changes records. The intake form is reachable only via a private, single-use link sent to you.

We keep your information for approximately 5 years after your last treatment or contact, in line with our legal and professional record-keeping obligations, or until you ask us to remove it (except where the law requires us to keep it for longer). After that it is securely deleted or de-identified.

Under POPIA you have the right to: ask what information we hold about you and request a copy; ask us to correct or delete information; object to processing; and withdraw any consent you have given (including marketing and photo consent). To exercise any of these, contact our Information Officer. We will respond within a reasonable time; some records may be retained where the law requires.

Your information is stored and processed in South Africa. If any service provider processes it outside South Africa, we will ensure appropriate safeguards are in place as required by POPIA.

The website uses a single functional session cookie to keep the intake form and staff portal working securely. We do not use advertising or tracking cookies.

If you are unhappy with how we have handled your information, please contact our Information Officer first so we can put it right. You also have the right to complain to the Information Regulator (South Africa): POPIAComplaints@inforegulator.org.za, inforegulator.org.za.

This notice is version v1.0, last updated 29 June 2026. We may update it from time to time; the latest version will always be available on this page.