Privacy Policy

Who are we?

The Skin Theory ("we," "us," or "our") operates the website [www.theskintheory.co.uk] (the "Site"). This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our Site, you agree to the collection and use of information in accordance with this policy.

What personal data do we collect?

Under data protection legislation, the data we hold about you can be categorised as follows:

Personal data: This is data related to an identified or identifiable person. Examples of personal data we collect and process include full name, email address, phone number, postal address. Where this policy states “your data/your personal data” we are referring to Personal Data unless otherwise stated.

Where you have named someone as your emergency contact and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this privacy policy.

Sensitive personal data: This is data that is deemed to be more sensitive than the above personal data. For example, medical history and medications, skin conditions, allergies, lifestyle habits, genetics, details of ethnicity or other health data. We only use this data for the purposes of your treatment and to ensure our services are carefully tailored to you.

Payment information: This data is collected by the use of secure third-party payment processors. We do not store your full card details.

Website usage data: This data includes examples such as IP address, browser type, device type, pages visited and time spent collected via cookies and analytics tools (see section 6).

How and why do we use your personal data?

We want to give you the best possible experience from your very first interaction with us. One way to achieve this is to better understand who you are by collecting data about you.

  • Schedule and provide skincare treatments and consultations

  • Develop personalised skincare plans or recommendations

  • Process bookings and manage payments

  • Communicate with you about appointments, products, services, or updates

  • Send occasional promotional content (with your consent)

  • Improve our services and user experience

  • Comply with legal and insurance obligations

The legal bases we rely on

Under UK GDPR, we process your data under the following legal bases:

Consent: For marketing communications and health-related data.

Contractual necessity: To deliver treatments and consultations you request.

Legal obligation: To meet regulatory or insurance requirements.

Legitimate interests: For managing our business and improving our services.

How we protect your data

We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse.

We do not sell your personal information. We may share it with:

Service Providers: Such as payment processors, web hosting providers, and booking systems (all compliant with UK GDPR).

Regulatory Authorities: If required by law or to protect our legal rights.

How long do we keep your data?

We retain your records for certain periods (depending on the particular type of record) under our retention of records policy or as required by law or guidance. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care, to support evidence-based clinical practice, to support our legitimate interests, and to meet legal requirements.

Cookies & similar technologies

To help us give you the best possible experience, our websites and emails contain cookies, web beacons and similar technologies. Cookies are small, harmless text files that are downloaded to your computer/device when you visit websites. They serve a range of purposes such as helping us understand our website usage, activity and user behaviour. For more information, see our Cookies Policy.

What are your rights?

You have many rights relating to your personal data including:

  • The right to access the personal data we hold about you

  • The right to request the correction of inaccurate data about you. If we hold inaccurate or out of date information about you, you can request that we change or update it

  • The right to request that we delete your data or stop processing it – in some instances such as where we no longer need it, we can delete your personal data

  • The right to stop direct marketing – You have the absolute right to stop our use of your personal data for direct marketing purposes. In this instance we must always comply with your request

  • The right to withdraw your consent – Whenever you have given us your consent to use your personal data, you have the right to change your mind and tell us

If you wish to exercise any of your rights, have a complaint or questions about this policy, please see the “About us?” section for contact details.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk.

Children privacy

Our treatments and services are intended for individuals aged 18 and over. For clients under 18, parental or guardian consent is required. We do not knowingly collect data from children without proper consent.

Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect how we use your personal data. Changes will be posted on our website, and where appropriate, notified to you by email.

Any questions?

We hope this privacy policy has been helpful in setting out the way we handle your personal data and your rights. If you have any questions that haven’t been covered, please contact us at info@theskintheory.co.uk

Or write to:

The Skin Theory

By Lucy Salon and Training Academy

79 Upper St John Street

Lichfield

WS14 9DT