PRIVACY POLICY
Last Updated: June 2026
1. Who We Are
Stephanie Wilson Skin Clinic, trading as Waxed Hair
Removal Clinic (“we”, “our”, “us”), is committed to
protecting your privacy and handling your personal
information responsibly.
Data Controller:
Stephanie Wilson Skin Clinic
Trading as Waxed Hair Removal Clinic
Bank Street Business Suites
Bank Street
Adlington
PR7 4EX
Email: bookings@skinbysw.co.uk
Website: https://skinbysw.co.uk
For any questions about this Privacy Policy or your
personal data, please contact us at
2. Scope of This Policy
This Privacy Policy explains how we collect, use, store, and
protect your personal information when you:
• Visit our website
• Book appointments
• Attend consultations or treatments• Contact us by email, social media, or other methods
• Subscribe to our marketing communications
We comply with the UK General Data Protection
Regulation (UK GDPR) and the Data Protection Act 2018.
3. Information We Collect
Personal Information
We may collect:
• Full name
• Date of birth
• Address
• Email address
• Contact details
• Emergency contact information
Health Information
As part of providing safe skin and aesthetic treatments, we
may collect:
• Medical history
• Current and previous medical conditions
• Medication information
• Allergy information
• GP details
• Consultation records
• Treatment notes
• Consent forms
• Clinical photographs
Health information is classified as special category personal
data and receives additional legal protection.Financial Information
We may collect:
• Payment records
• Transaction information
• Invoice information
We do not store full payment card details.
Website Information
When you visit our website, we may collect:
• IP address
• Browser type
• Device information
• Website usage information
• Cookie and analytics data
4. How We Use Your Information
We use personal information to:
• Provide consultations and treatments
• Assess treatment suitability
• Maintain accurate treatment records
• Communicate appointment information
• Manage bookings and cancellations
• Process payments
• Respond to enquiries
• Meet legal, insurance, and regulatory obligations
• Improve our services
• Send marketing communications where consent has
been provided5. Legal Basis for Processing
We process personal data under one or more of the
following lawful bases:
Contract
To provide the services you request from us.
Legal Obligation
To comply with legal, insurance, taxation, and regulatory
requirements.
Legitimate Interests
To operate and improve our business and services.
Health Data
Health information is processed because it is necessary for
the provision of health, beauty, aesthetic, and skin treatment
services and for ensuring client safety.
Where required, we will obtain your explicit consent.
6. Clinical Photographs and Videos
We may take photographs and videos before, during, and
after treatment.
These may be used for:
• Clinical assessment
• Treatment planning
• Monitoring progress• Maintaining treatment records
Clinical photographs form part of your confidential
treatment record.
Photographs or videos will only be used for marketing,
social media, website content, educational purposes, or
promotional activities where you have provided separate
explicit consent.
You may withdraw marketing consent at any time by
contacting us.
Withdrawal of consent will not affect previous lawful use of
materials already published.
7. Marketing Communications
We may send:
• Email newsletters
• Promotional offers
• Appointment reminders
• SMS marketing communications
Marketing communications are sent only where:
• You have provided consent; or
• We are otherwise legally permitted to do so.
You can unsubscribe at any time using the unsubscribe link
provided or by contacting us directly.
Marketing emails may be managed through Flodesk.
8. Booking Systems and Service ProvidersTo operate our clinic efficiently, we use trusted third-party
providers including:
• Timely (appointments, records, forms and client
management)
• Flodesk (email marketing)
• Google Analytics (website analytics)
• Instagram (communications and marketing)
These providers may process personal information on our
behalf and are required to maintain appropriate security
measures.
9. Sharing Your Information
We do not sell personal information.
We may share information where necessary with:
• Medical professionals involved in your care
• Your GP (with your consent or where required)
• Professional advisers
• Insurers
• Legal or regulatory authorities
• Technology and software providers supporting our
business
Information is only shared where necessary and appropriate
safeguards are in place.
10. International Transfers
Some third-party service providers may process
information outside the UK.Where this occurs, we ensure appropriate safeguards are in
place to protect your personal data in accordance with UK
GDPR requirements.
11. Data Retention
We retain personal information only for as long as
necessary to fulfil the purposes for which it was collected.
Treatment records, consultation notes, consent forms, and
clinical photographs may be retained for extended periods
where necessary to:
• Provide ongoing care
• Meet insurance requirements
• Defend legal claims
• Comply with regulatory obligations
Records are reviewed periodically and securely deleted
when no longer required.
Financial records may be retained in accordance with
HMRC requirements.
12. Data Security
We take appropriate technical and organisational measures
to protect personal information against:
• Unauthorised access
• Loss
• Misuse
• Disclosure
• AlterationMeasures include secure systems, password protection,
restricted access, encrypted services where available, and
secure disposal procedures.
13. Your Rights
Under UK GDPR, you have the right to:
• Access your personal information
• Request correction of inaccurate information
• Request deletion in certain circumstances
• Restrict processing
• Object to processing
• Request data portability where applicable
• Withdraw consent where processing is based on
consent
Requests can be made by contacting:
14. Complaints
If you have concerns about how we use your personal
information, please contact us first.
You also have the right to complain to the Information
Commissioner’s Office (ICO).
The ICO can be contacted via:
15. Website UseOur website is intended for adults aged 18 years and over.
By using our services, you confirm that you are aged 18 or
over.
16. Changes to This Policy
We may update this Privacy Policy from time to time.
The latest version will always be available on our website
with the updated revision date shown at the top of t