1. Introduction
The Beauty Lounge ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, book appointments, or receive treatments from us.
We are a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities under data protection legislation seriously and are committed to ensuring your personal data is handled lawfully, fairly, and transparently.
2. Information We Collect
We may collect and process the following categories of personal data:
2.1 Information You Provide Directly
- Contact details: name, phone number, email address, and postal address
- Booking information: appointment dates, times, treatment preferences, and payment details
- Health & medical information: allergies, skin conditions, medications, pregnancy status, and other health-related information necessary to perform treatments safely
- Consultation records: patch test results, treatment notes, and aftercare records
- Communications: messages, emails, and enquiries you send to us
2.2 Information Collected Automatically
- Website usage data: IP address, browser type, pages visited, and referring website (collected via cookies and similar technologies)
- Device information: operating system, screen resolution, and device type
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| To manage bookings, appointments, and payments | Performance of a contract |
| To perform treatments safely and conduct consultations/patch tests | Legitimate interest; Explicit consent (health data) |
| To maintain treatment records and client history | Legitimate interest; Legal obligation |
| To communicate with you about your appointments, including reminders and follow-ups | Legitimate interest; Performance of a contract |
| To send promotional offers and marketing communications (only with your consent) | Consent |
| To respond to your enquiries and complaints | Legitimate interest |
| To comply with legal and regulatory obligations | Legal obligation |
| To improve our website and services | Legitimate interest |
4. Special Category Data (Health Information)
Some treatments require us to collect sensitive health information. This data is processed with your explicit consent and is used solely to ensure treatments are carried out safely.
Health-related data is collected via consultation forms and verbal discussions prior to treatment. You have the right to withdraw your consent at any time, though this may mean we are unable to carry out certain treatments.
5. How We Share Your Information
We do not sell, rent, or trade your personal data to any third parties. We may share your data only in the following limited circumstances:
- Service providers: payment processors and booking platforms that help us operate our business (bound by data processing agreements)
- Legal requirements: where we are required to do so by law, regulation, court order, or governmental authority
- Professional advisers: our accountants, insurers, or legal advisers where necessary
- With your consent: for any purpose you have expressly agreed to
6. Data Retention
We retain your personal data only for as long as is necessary for the purposes set out in this policy, or as required by law. Specifically:
- Client records and treatment history: retained for up to 7 years from your last appointment, in line with insurance and legal requirements
- Health and consultation data: retained for up to 7 years from your last appointment
- Marketing preferences: retained until you withdraw consent or unsubscribe
- Financial records: retained for up to 7 years as required by HMRC
- Website analytics data: retained for up to 26 months
When personal data is no longer required, it will be securely deleted or anonymised.
7. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include secure storage of physical records, password-protected digital systems, and restricted access to personal data on a need-to-know basis.
However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security of your data.
8. Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access: to request a copy of the personal data we hold about you
- Right to rectification: to request correction of inaccurate or incomplete data
- Right to erasure: to request deletion of your data where there is no compelling reason for continued processing
- Right to restrict processing: to request limitation of how we use your data
- Right to data portability: to request transfer of your data in a machine-readable format
- Right to object: to object to processing based on legitimate interests or for direct marketing purposes
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact us using the details below. We will respond to your request within one month, as required by law. There is no charge for making a request, although we may charge a reasonable fee for requests that are manifestly unfounded or excessive.
9. Cookies
Our website may use cookies — small text files placed on your device — to improve your browsing experience and help us understand how visitors use our site. You can control cookie settings through your browser. Disabling cookies may affect the functionality of certain features on our website.
We use the following types of cookies:
- Essential cookies: necessary for the website to function correctly
- Analytics cookies: to understand how visitors interact with our website (e.g., Google Analytics)
10. Third-Party Links
Our website may contain links to third-party websites, social media platforms, or booking services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party site you visit.
11. Children's Privacy
Our services are primarily intended for individuals aged 18 and over. Where we provide treatments to clients under 18, parental or guardian consent is required, including for the collection and processing of their personal data.
12. International Transfers
Your personal data is stored and processed within the United Kingdom. We do not routinely transfer personal data outside the UK. In the event that any transfer is required (for example, through the use of cloud-based services), we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
13. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
- Website: ico.org.uk
- Helpline: 0303 123 1113
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on this page with the updated date shown at the top. We encourage you to review this policy periodically.
15. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- Email: elegancebeauty2026@gmail.com
- Phone: 07754 693125