Skip to content
Aesthetic Lounge

Privacy Policy

Last updated: March 8, 2026

Aesthetic Lounge ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or interact with us. We comply with Pakistan's Prevention of Electronic Crimes Act (PECA) 2016, the forthcoming Personal Data Protection Bill, Google's EU User Consent Policy, Meta's data use policies, and international best practices including GDPR principles.

1. Who We Are

Aesthetic Lounge is a medical aesthetics clinic providing professional cosmetic treatments and skincare services.

  • Business Name: Aesthetic Lounge Official
  • Address: Plaza-126, BWB Phase 8, DHA Lahore Cantt, Lahore, Pakistan
  • Phone: +92 327 6660004 | +92 42 35740271
  • Email: info@aestheticloungeofficial.com
  • Website: aestheticloungeofficial.com

2. Data We Collect

Personal Information

Information you provide directly through forms, bookings, or communications:

  • Full name, phone number, email address
  • Date of birth and gender
  • Appointment and booking details
  • Feedback and complaint submissions

Health and Medical Information

When you complete our intake form, we collect sensitive medical data including:

  • Known allergies and current medications
  • Medical conditions and health history
  • Skin type and concerns
  • Previous aesthetic treatment history
  • Before/after photographs (with explicit consent)

Medical data is classified as sensitive personal data and receives enhanced protection as described in Section 8 below.

Usage Data

Automatically collected when you visit our website (with your consent):

  • Pages visited and time spent on each page
  • Scroll depth and click interactions
  • Referral source (how you found us)
  • UTM campaign parameters

Device Information

  • Browser type and version
  • Operating system
  • Screen resolution
  • IP address (anonymized for analytics)

3. How We Use Your Data

Service Delivery

  • Provide and improve our medical aesthetics services
  • Process appointments, consultations, and payments
  • Maintain accurate medical records for safe treatment
  • Follow up on treatments and aftercare

Communication

  • Send appointment reminders via WhatsApp (with consent)
  • Respond to inquiries and feedback
  • Send marketing communications and promotions (with consent)

Analytics and Improvement

  • Analyze website usage patterns to improve user experience
  • Measure effectiveness of marketing campaigns
  • Identify popular treatments and services

Advertising

  • Measure ad performance and conversions (with consent)
  • Create custom and lookalike audiences for targeted advertising (with consent)
  • Remarketing to website visitors (with consent)

4. Third-Party Services & Integrations

We use the following third-party services, each with their own privacy policies:

ServicePurposeConsent Required
Google Analytics (GA4)Website analytics and user behavior insightsAnalytics consent
Meta Pixel (Facebook/Instagram)Ad performance measurement and audience targetingMarketing consent
Meta Conversions API (CAPI)Server-side conversion tracking for ad optimizationMarketing consent
Instagram Graph APIRespond to DMs and comments on our business accountN/A (business messaging)
Facebook Messenger APIRespond to messages sent to our Facebook PageN/A (business messaging)
WhatsApp Business APIAppointment reminders and client communicationExplicit opt-in
Neon DatabaseSecure data storage (PostgreSQL)N/A (infrastructure)
NetlifyWebsite hosting and deploymentN/A (infrastructure)
Google DriveBefore/after photo storageExplicit photo consent

5. Facebook & Instagram Data

We use Meta Platform APIs (Facebook and Instagram) to provide customer service and communicate with you. This section explains how we handle data received through these platforms.

Data We Receive from Meta

  • Instagram Direct Messages sent to our business account
  • Facebook Messenger conversations with our Page
  • Comments on our Instagram posts and Facebook Page posts
  • Your public profile information (name, profile picture, username)
  • Ad interaction data (click identifiers, conversion events)

How We Use Meta Data

  • Respond to your inquiries and provide customer support
  • Match conversations to existing client records for continuity of care
  • Measure the effectiveness of our advertising campaigns
  • Send appointment confirmations and reminders (with your consent)

Meta Data Restrictions

We commit to the following restrictions on Meta Platform data:

  • We do not sell Meta Platform data to third parties
  • We do not use Meta data for purposes unrelated to our services
  • We do not share Meta data with data brokers or advertising networks
  • We do not use Meta data for surveillance or unauthorized profiling
  • Message content is stored securely and only accessible to authorized staff

Meta Conversions API (CAPI)

We use Meta's Conversions API to send conversion events (leads, bookings, payments) server-to-server. This data is sent with hashed identifiers (SHA-256 hashed email and phone) and is used solely to measure ad performance and optimize ad delivery. Event deduplication ensures no data is sent twice.

Your Rights Regarding Meta Data

You can request deletion of all data we received through Facebook and Instagram at any time. See our Data Deletion page or remove our app from your Facebook Settings > Apps and Websites.

6. Data Sharing

We do not sell, rent, or trade your personal data to third parties.

We may share your data only in the following circumstances:

  • Service providers: Third-party services listed above, strictly for the purposes described
  • Legal requirements: When required by Pakistani law, court order, or government authority under PECA 2016
  • Your consent: When you have given explicit permission (e.g., sharing before/after photos on social media)
  • Safety: To protect the rights, property, or safety of Aesthetic Lounge, our clients, or others

7. Cookies & Tracking Technologies

We use cookies and similar technologies to provide, protect, and improve our services. You can manage your cookie preferences at any time using the "Cookie Settings" link in the footer of our website.

CookiePurposeDurationType
al_sessionMaintains your session while browsing the siteSessionNecessary
al_visitorAnonymous visitor identifier for site analytics1 yearAnalytics
al_consentStores your cookie consent preferences1 yearNecessary
al_session_idTracks your current browsing sessionSessionNecessary
_gaGoogle Analytics — distinguishes unique users2 yearsAnalytics
_ga_*Google Analytics — maintains session state2 yearsAnalytics
_fbpMeta Pixel — identifies browsers for ad targeting3 monthsMarketing
_fbcMeta Pixel — stores click identifiers from ad clicks3 monthsMarketing

Google Consent Mode: We implement Google's Consent Mode v2 which ensures that Google Analytics and Google Ads respect your consent choices. When analytics or advertising cookies are denied, Google's tags adjust their behavior accordingly, using cookieless pings that do not store identifying information.

Meta Limited Data Use: When you have not consented to marketing cookies, the Meta Pixel is not loaded at all. No tracking script is injected, no data is sent to Meta, and no Meta cookies are set on your device.

8. Your Rights

Under Pakistan's PECA 2016, the forthcoming Personal Data Protection Bill, and international privacy best practices, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Withdraw Consent: Withdraw consent for any processing based on consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing of your data for direct marketing purposes.
  • Right to Complain: Lodge a complaint with the Pakistan Telecommunication Authority (PTA) or any relevant data protection authority.

To exercise any of these rights, please contact us at info@aestheticloungeofficial.com or call +92 327 6660004. We will respond within 30 days.

9. Data Deletion

You have the right to request deletion of your personal data at any time. We provide multiple ways to submit a deletion request:

Upon receiving your request, we will delete your data within 30 calendar days and provide a confirmation code you can use to verify the deletion status. Certain data may be retained if required by law (see Section 11: Data Retention).

For full details on what data is deleted and our deletion timeline, please visit our Data Deletion page.

10. Medical Data

Health and medical information collected through our intake forms receives enhanced protection:

  • Encryption: All medical data is encrypted at rest and in transit using industry-standard encryption (TLS 1.3, AES-256).
  • Access Control: Only authorized medical professionals (treating doctors and clinical staff) can access your medical records.
  • Retention: Medical records are retained for a minimum of 5 years from the date of last treatment, as required by medical record-keeping regulations. After the retention period, records are securely deleted.
  • Photo Consent: Before/after photographs are taken only with your explicit written consent. You can withdraw photo consent at any time. Photos used for marketing require separate consent.
  • No Marketing Use: Medical data is never used for marketing purposes, ad targeting, or shared with advertisers.

11. Data Retention

Data TypeRetention PeriodBasis
Medical records5 years from last treatmentLegal/medical obligation
Appointment records3 yearsLegitimate interest
Contact informationUntil deletion requested or 3 years of inactivityConsent / legitimate interest
Analytics data26 months (Google Analytics default)Consent
Marketing dataUntil consent withdrawn or 2 yearsConsent
Feedback/complaints2 yearsLegitimate interest
Before/after photosUntil consent withdrawn or 5 yearsExplicit consent

12. Children

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. Aesthetic treatments for individuals under 18 require the presence and consent of a parent or legal guardian, who must complete all forms on behalf of the minor.

13. International Data Transfers

While our clinic is based in Pakistan, some of our service providers (Google, Meta, Netlify, Neon) process data in other jurisdictions, including the United States and European Union. When your data is transferred internationally, we ensure that:

  • Service providers maintain adequate data protection standards
  • Data transfers comply with applicable privacy frameworks
  • Appropriate safeguards are in place (e.g., Standard Contractual Clauses for EU data)

14. Contact Us

For any privacy-related inquiries, data requests, or complaints:

We aim to respond to all data-related requests within 30 calendar days. For complex requests, we may extend this to 60 days with notice.

15. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • For significant changes, we will display a notice on our website
  • If the changes affect how we process your medical data, we will seek your renewed consent

We encourage you to review this policy periodically to stay informed about how we protect your data.

Back to Home