When your clients buy skincare through a brand's central portal, the brand owns the client data, not you. Email addresses, purchase history and repurchase frequency update the brand's CRM, building its direct relationship with your clients while you remain the acquisition channel. A clinic-branded managed store keeps that data, and the lifetime value it represents, inside your business.
Key takeaways
- Client data, not the treatment room or the equipment, is a clinic's most valuable asset.
- Central brand portals route your clients' purchase data into the brand's CRM, not yours.
- Under UK GDPR, the party that runs the checkout is the data controller for that purchase.
- The question to ask is not "what is the commission rate?" but "whose CRM gets updated?"
- A managed clinic store keeps the branding, the data and the repurchase relationship with you.
You know your clients. You know who is six weeks out from their last peel, who needs convincing on SPF, who will buy the post-treatment kit if you recommend it at the right moment. That knowledge took years to build and it lives, largely, in your head and your booking system.
Now ask a different question: when your client buys skincare online, whose database gets updated?
If the answer is the brand's, you are building someone else's CRM on your time.
The central portal model
Several professional skincare brands have moved to a model where clinic clients purchase products through a central brand portal. The clinic recommends the product, the client visits the brand's website or app to buy it, and the brand handles the transaction. In return, the clinic receives a commission or a referral fee.
The model is presented as a convenience. The clinic does not have to hold stock, manage fulfilment, or handle returns. The brand does the retail work; the clinic earns a passive income.
What is not always stated clearly is what the brand gets in exchange. Every transaction through a central portal is a data point. The client's email address, purchase history, product preferences, repurchase frequency, all of it goes into the brand's CRM, not the clinic's. Over time, the brand builds a rich, direct relationship with your clients. The clinic remains the acquisition channel. The brand owns the lifetime value.
AlumierMD operates this way. Clinics refer clients to AlumierMD's online portal, where the purchase happens on AlumierMD's platform. The commission structure makes it look like a partnership. The data structure makes it a referral arrangement. The client's ongoing relationship is with the brand, not with you.
What the data actually means
Client data is the most valuable asset a clinic owns. Not the treatment room. Not the equipment. The client list: who your clients are, what they respond to, what they will buy next. That data is what allows you to fill a quiet Tuesday, sell a course of treatments, introduce a new product and have it land.
When that data flows to a brand rather than staying in your ecosystem, two things happen. First, the brand can market directly to your clients, often through the email address they gave during the portal purchase. They are now on the brand's list. Second, when a client moves, relocates, or simply decides to try a different clinic, they take their brand loyalty with them but the brand retains the relationship. You get none of it back.
Under UK GDPR, the data controller is the party who determines the purposes and means of processing. When a client transacts through a brand's portal, the brand is the data controller for that purchase. The clinic is a referral source with no data rights to the transaction.
What a subdomain model changes
The alternative is a managed clinic store, where the client purchases through a store branded to your clinic, powered behind the scenes by the brand's infrastructure, but with the transaction and the client data sitting in your commercial relationship.
In practical terms: the URL says your clinic's name. The email confirmation comes from your clinic. When the client logs in to reorder, they are in your ecosystem, not the brand's. Their purchase history, their preferences, their contact details, these are yours.
This is not a technical nuance. It is the difference between building your business and building someone else's.
The question to ask of any brand that offers online retail through your clinic is not "what is the commission rate?" It is "when my client completes a purchase, whose CRM gets updated?"
The longer-term picture
Clinic retail is moving online. That is not a trend to resist; it is a channel to own. The clinics that will be strongest in five years are the ones building a direct client relationship across the physical and digital touchpoint, not the ones who handed the digital relationship to the brand in exchange for a margin they could have kept anyway.
Professional-only distribution protected the margin. A clinic-owned data model protects the relationship. Both matter. Neither is optional if you are building a clinic business rather than running a referral service.
Glo's Managed Store is built on this principle. Your clinic's branding, your clients' data, your repurchase relationship. The infrastructure is Glo's. The business it builds is yours.
If you want to understand how the model works in practice and what it would mean for your clinic specifically, the conversation starts here.
FAQs
Who owns the client data when clients buy through a skincare brand's portal?
The brand does. When a client completes a purchase on the brand's website or app, the brand collects the email address, purchase history and repurchase data into its own CRM. The clinic is recorded as the referral source but holds no data rights to the transaction. Over time the brand builds a direct relationship with clients the clinic originally introduced.
What is the difference between a referral portal and a managed clinic store?
A referral portal sends your client to the brand's platform to buy, so the transaction and the data sit with the brand. A managed clinic store lets the client buy through a store branded to your clinic, so the URL, the order confirmation and the client data stay in your commercial relationship. The brand provides the infrastructure; the clinic keeps the business.
Does UK GDPR decide who controls a clinic's client data?
It defines it. Under UK GDPR the data controller is the party that determines the purposes and means of processing personal data. When a client transacts through a brand's portal, the brand is the controller for that purchase. When the client buys through a clinic-branded managed store, the data sits in the clinic's relationship instead. Who runs the checkout decides who controls the data.
Get in touch: call 01636 402521, email pro@gloskin.beauty or visit shop.gloskin.beauty