top of page

Privacy Policy

​

1. Introduction

Serenity Skin & Beauty (“we”, “us”, “our”) is committed to protecting your privacy in accordance with UK GDPR. This policy outlines how we collect, use, store, and share personal data when you visit our website or book a treatment.

2. Data Controller

Serenity Skin & Beauty
4 Webb Close, Crick, Northampton, NN6 7GF
Phone: 07846 197841 · Email: serenitysandb@gmail.com 

3. Personal Data We Collect

  • Booking/contact forms: name, phone, email, treatment preferences, medical/allergy information serenityskinbeauty.co.uk

  • Client communications: details shared during enquiries via phone, email or in-person

  • Website usage analytics: IP address, device/browser type, page views and session data via cookies serenityskinbeauty.co.uk

  • Cookies: essential for booking functionality and anonymised analytics; no advertising or profiling cookies are used

4. How We Use Your Data

Your data is processed to:

  • Respond to enquiries, confirm and manage bookings for facials, waxing, brows, lashes, massage, body treatments, feet & nails 

  • Customise services based on skin concerns and medical details

  • Improve our website and user experience through anonymised analytics

  • Meet legal requirements, including record keeping for business and tax purposes

5. Legal Basis for Processing

  • Contractual necessity: to administer bookings and deliver treatments

  • Legitimate interests: to operate and enhance our services

  • Consent: if you opt in for marketing communications

  • Legal compliance: for statutory record retention

6. Data Sharing

We do not sell or rent your personal data. It may be shared with:

  • Service providers (e.g. website host, booking platform, email service) as processors

  • Regulatory or legal authorities, if mandated by law

7. Cookies & Tracking

  • Essential cookies for booking forms and site functionality

  • Performance cookies for anonymous usage analysis (e.g. via Google Analytics)
    No advertising or profiling cookies are employed 

8. Data Retention

  • Client bookings and medical details: retained for up to 7 years for business compliance

  • Usage data: session logs removed after 24 months; aggregated analytics retained as needed

9. Your Rights

Under UK GDPR, you have the right to:

  • Access, correct or erase your personal data

  • Restrict or object to how we process it

  • Withdraw consent for marketing

  • Request data portability
    To enforce your rights, contact us using the details above. You may also complain to the ICO.

10. Security

We implement secure website measures (SSL), protected servers and limited access. While we strive for security, no online system is completely secure.

11. International Transfers

All personal data is processed and stored within the UK—no cross-border transfers occur.

12. Policy Updates

We may update this policy from time to time. The “Effective Date” will reflect the latest version. Continued use implies acceptance.

​

bottom of page