Privacy Policy
Last Updated: 09 July 2025
Introduction
Welcome to SKIN+YOU ("we," "us," or "our"). We are committed to protecting and respecting your privacy. This policy explains what personal data we collect from you, how it will be processed, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are (Data Controller)
For the purpose of the data protection legislation, the data controller is SKIN+YOU LTD of Sutton Coldfield, Birmingham. If you have any questions about this privacy policy, please contact us at hello@skinandyou.co.uk .
2. The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data about you:
- Identity Data: Includes first name, last name, title, date of birth, and gender.
- Contact Data: Includes postal address, email address, and telephone numbers.
- Special Category (Health) Data: Includes information about your health, medical history, allergies, treatment history, consultation notes, and 'before and after' photographs. We collect this to ensure we can provide our services safely and effectively. We will always obtain your explicit consent to process this type of data.
- Transaction Data: Includes details about payments and services you have purchased.
- Technical Data: Includes IP address, browser type, and other technology on the devices you use to access this website.
- Marketing and Communications Data: Includes your marketing preferences.
3. How Is Your Personal Data Collected?
We collect data through direct interactions (e.g., when you fill in forms online or in-clinic, book a treatment, or subscribe to our newsletter) and automated technologies like cookies when you interact with our website.
4. How We Use Your Personal Data (Lawful Basis for Processing)
We will only use your personal data when the law allows us to. The table below outlines our processing activities:
| Purpose/Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a new client. | Identity, Contact | Performance of a contract with you. |
| To provide our aesthetic treatments and services. | Identity, Contact, Health | Performance of a contract; Explicit Consent for health data. |
| To process payments. | Identity, Contact, Transaction | Performance of a contract with you. |
| To manage our relationship with you (e.g., appointment reminders). | Identity, Contact, Marketing & Communications | Performance of a contract; Legitimate Interest. |
| To send you marketing communications. | Identity, Contact, Marketing & Communications | Explicit Consent. |
| To administer and protect our business and website. | Identity, Contact, Technical | Legitimate Interest. |
| To comply with legal and regulatory obligations (e.g., medical record-keeping). | Identity, Contact, Health, Transaction | Legal Obligation. |
Explicit Consent for Health Data and Photos: We will always ask for your explicit consent before collecting and processing any Special Category (Health) Data, including taking, storing, and using 'before and after' photographs for your treatment record. A separate consent form will be provided for using images for marketing purposes.
5. Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. Access is limited to personnel who have a business need to know and are subject to a duty of confidentiality.
6. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting requirements. By law, we must keep basic information about our clients (including Health Data) for a minimum of [e.g., 7-10 years, check with your insurer/professional body] after they cease being clients.
7. Your Legal Rights
Under UK data protection law, you have rights including:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing.
- Request the transfer of your data.
- Withdraw consent at any time.
If you wish to exercise any of these rights, please contact us.
8. Third-Party Links
Our website may include links to third-party websites. We do not control these websites and are not responsible for their privacy statements.
9. Cookies
Our website uses cookies to improve your user experience. You can set your browser to refuse cookies, but some parts of our website may become inaccessible or not function properly.
10. Changes to This Privacy Policy
We keep our privacy policy under regular review. Any changes will be posted on this page.
11. How to Complain
If you have any concerns about our use of your personal information, you can make a complaint to us at hello@skinandyou.co.uk.
You can also complain to the Information Commissioner's Office (ICO) if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk