top of page

Skin Altar Studio

PRIVACY POLICY

Skin Altar Studio Privacy Policy

Last Updated: 04/05/2026

Skin Altar Studio ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and protect your personal data when you visit our website (www.skinaltarstudio.co.uk), use our services, or interact with us.

We are a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means we are responsible for deciding how we hold and use personal information about you.

1. Information We Collect

We collect and process personal data to provide you with safe, effective, and personalized aesthetic treatments, including Nd:Yag laser therapies and bespoke facials. The data we collect includes:

A. Standard Personal Data

•Identity Data: First name, last name, title, and date of birth.

•Contact Data: Email address, telephone number, and billing/residential address.

•Financial Data: Payment card details (processed securely via our third-party payment providers; we do not store full card details).

•Transaction Data: Details about payments to and from you and other details of treatments and services you have purchased from us.

•Technical & Usage Data: IP address, browser type, time zone setting, and information about how you use our website.

B. Special Category Data (Health Data)

Due to the nature of our aesthetic treatments, we must collect sensitive health information to ensure your safety and the efficacy of the treatments. This includes:

•Medical History: Details of past and current medical conditions, allergies, medications, and previous aesthetic treatments.

•Treatment Records: Clinical notes, treatment plans, and consent forms related to your Nd:Yag laser or facial treatments.

•Photographic Data: "Before and after" photographs of the treatment area (e.g., face or body) taken for clinical assessment, treatment planning, and monitoring progress. These are only used for marketing purposes if explicit, separate consent is provided.

2. How We Collect Your Data

We collect data through the following methods:

•Direct Interactions: When you fill out our Discovery Form, book an appointment, complete a medical history questionnaire, or communicate with us via email, phone, or in person.

•Automated Technologies: As you interact with our website, we may automatically collect Technical Data about your equipment and browsing actions using cookies (see our Cookie Policy for more details).

•Third Parties: We may receive personal data about you from third-party booking systems (e.g., [Insert Booking App Name, e.g., Vagaro, Square]) or payment processors.

3. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we use your data under the following lawful bases:

•Performance of a Contract: To provide you with the aesthetic treatments you have requested, manage your bookings, and process payments.

•Legal Obligation: To comply with our legal and regulatory requirements, including maintaining accurate medical records and health and safety standards.

•Legitimate Interests: To run our business effectively, improve our services, and ensure the security of our website and clinic.

•Explicit Consent: We rely on your explicit consent to process your Special Category Data (health information and clinical photographs) for treatment purposes. We also rely on consent for sending direct marketing communications. You have the right to withdraw consent at any time.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with trusted third parties only when necessary to provide our services:

•Service Providers: IT and system administration providers, booking and scheduling platforms (e.g., [Insert Booking App Name]), and secure payment gateways.

•Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

•Regulatory Bodies: HM Revenue & Customs, regulators, and other authorities based in the UK who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

5. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In the UK, medical and clinical records (including health data and clinical photographs) are typically retained for a minimum of 8 years after the last treatment, in accordance with standard medical and insurance guidelines.

7. Your Legal Rights

Under the UK GDPR, you have rights regarding your personal data, including the right to:

•Request access to your personal data (a "data subject access request").

•Request correction of the personal data that we hold about you.

•Request erasure of your personal data (where there is no good reason for us continuing to process it). Note that legal requirements to retain medical records may override this right.

•Object to processing of your personal data where we are relying on a legitimate interest.

•Request restriction of processing of your personal data.

•Request the transfer of your personal data to you or to a third party.

•Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please contact us using the details below.

8. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Skin Altar Studio

Email: glow@skinaltar.co.uk

Address: South London, UK

Phone: +44 07512 437 160

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

bottom of page