Privacy Policy

1. Introduction

Aesthetics & Beauty Lounge ("we", "us", "our") is committed to protecting your privacy and handling your personal information in a transparent, secure, and lawful way. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data when you visit or use our website (aestheticsandbeautylounge.co.uk) or engage with our services (consultations, bookings, treatments).

Please read this policy carefully. By using our website or services, you agree to the collection and use of your information in accordance with this policy.

2. Data Controller & Contact Information

For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), the data controller is:
Aesthetics & Beauty Lounge
Registered address: 7 Exchange Street Driffield YO256LJ
Email: aestheticsbeautylounge1@gmail.com
Phone: 07304494861

If you have any questions about this Privacy Policy or wish to exercise your legal rights, please contact us using the above details.

3. Information We Collect

We may collect and process the following categories of personal data:

Identity & Contact Information: name, title, date of birth, postal address, email address, telephone number
Health / Medical / Treatment Data: relevant medical history, skin conditions, allergies, treatment notes, photographs (before/after)
Booking & Appointment Data: your appointments, treatments undertaken, communication history, cancellation or rescheduling details
Payment & Billing Data: payment method, transaction records, invoices
Device & Usage Data: IP address, browser type, operating system, pages visited, duration, referral source, cookies / tracking data
Communications & Preferences: your correspondence with us, marketing preferences, survey responses

We collect this information when you provide it (via forms, consultations, booking) or automatically through your use of the website (cookies, analytics).

4. Legal Bases & Purposes of Processing

We will only use your personal data when the law allows. The main legal bases we rely on include:

Performance of a contract: to provide you with the services you request, including treatments, bookings, correspondence
Consent: when you have given explicit consent (e.g. for marketing communications or optional services)
Legitimate interests: for purposes such as improving our website, managing security, internal record-keeping, and fraud prevention
Legal obligations: to comply with laws and regulatory requirements, including health, safety, and record-keeping duties

We use your data for:

Delivering aesthetic treatments and follow-ups
Scheduling appointments, sending confirmations and reminders
Processing payments, refunds, invoices
Communicating with you (responding to queries, sending updates)
Marketing communication (only when consented)
Improving our services and website via analytics
Maintaining records and compliance obligations
Detecting and preventing fraud or misuse

5. Sharing & Disclosure of Data

We may share your data with:

Service providers / processors: such as payment processors, CRM / booking systems, hosting / IT providers, analytics tools
Medical or referral partners: when required for treatment continuity (with your consent)
Regulatory / legal authorities: where required by law, court order, or to protect rights or safety
Business transfers: in the event of sale, merger, or restructuring, your data may be part of the transferred assets (with appropriate safeguards)

If we transfer data outside the UK / EEA, we will ensure adequate safeguards (such as standard contractual clauses) to protect your rights.

6. Data Retention

We will keep your personal data only as long as necessary for the purpose for which it was collected, or as required by law. Typical retention periods may include:

Clinical / treatment records: retained for a period required by relevant health regulations
Financial / billing records: retained for statutory accounting and tax purposes
Marketing / preference data: retained until you withdraw consent or opt out
Usage / log data: retained for a limited period (e.g. anonymised or aggregated thereafter)

After the retention period, data will be securely deleted or anonymised.

7. Cookies & Tracking Technologies

We use cookies, web beacons, and similar technologies to improve your browsing experience, provide functionality, and analyse usage.

Essential / functional cookies: necessary for core website operations
Analytics / performance cookies: to understand how users interact with the site
Marketing / targeting cookies: to deliver relevant content and adverts (only with consent)

You’ll be prompted to accept or decline non-essential cookies when you first visit. You can also control cookies via your browser settings.

8. Your Rights

Under UK data protection law, you have the following rights:

Access: request a copy of personal data we hold
Correction: have inaccurate or incomplete data corrected
Erasure: request deletion in certain circumstances
Restriction: ask to restrict processing under certain conditions
Objection: object to processing (especially direct marketing)
Portability: receive your data in a portable, structured format
Withdraw consent: you may withdraw consent at any time for processing based on consent
Lodge a complaint: with the Information Commissioner’s Office (ICO) if you believe we’ve violated your data protection rights

To exercise these rights, contact us at the email above. We may ask for identity verification.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encryption of data in transit (HTTPS / SSL)
Secure servers, firewalls, intrusion detection
Access controls and least privilege principles
Regular audits, security reviews, staff training
Backups and disaster recovery plans

However, no system is entirely foolproof. In the unlikely event of a data breach that risks your rights or freedoms, we will notify you and the ICO in compliance with legal requirements.

10. Third-Party Links & Embedded Content

Our site may include links or embedded content (e.g. social media, maps, videos). These are not controlled by us, and their privacy practices may differ. We encourage you to review their privacy policies before interacting.

11. Children & Minors

We do not knowingly collect personal data from individuals under 16 years old. If you are under 16, please do not submit your personal information. If we discover we have inadvertently collected data from someone under 16, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time (e.g. to reflect changes in services, laws, or business practices). The revised policy will be published here with an updated “Last Updated” date. Continued use of our site constitutes acceptance of the updated policy.

13. Contact & Complaints

If you have questions, concerns, or wish to exercise your rights, contact:

Aesthetics & Beauty Lounge
Email: aestheticsbeautylounge1@gmail.com
Phone: 07304494861

If you remain dissatisfied, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) via ico.org.uk.

End of Policy