Mesmerising Beauty Ltd ("we", "us", "our") is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website or use our services.

1. Data Controller Information

The data controller responsible for your personal data is:

• Company Name: Mesmerising Beauty Ltd
• Address: 77 High Street, Gosforth, Newcastle Upon Tyne, NE3 4AA
• Phone: 0191 285 5055
• Email: info@mesmerisingbeauty.com
• Data Protection Officer: privacy@mesmerisingbeauty.com

2. Information We Collect

2.1 Information You Provide to Us

We may collect the following personal data when you:

• Book an appointment: Name, phone number, email address, appointment preferences
• Contact us: Name, email address, phone number, message content
• Subscribe to updates: Email address, communication preferences
• Visit our salon: Health information relevant to your treatment (with your explicit consent)

2.2 Information We Collect Automatically

When you visit our website, we may automatically collect:

• Technical data: IP address, browser type, device information, operating system
• Usage data: Pages visited, time spent on pages, click patterns, referring website
• Location data: Approximate geographic location based on IP address

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract performance: To provide beauty services and manage appointments
• Consent: For marketing communications and website analytics (Google Analytics)
• Legitimate interests: To improve our services, prevent fraud, and maintain business records
• Legal obligation: To comply with health and safety regulations and accounting requirements

3.2 Purposes of Processing

We use your personal data to:

• Process and manage your beauty treatment appointments
• Communicate with you about your appointments and our services
• Send marketing communications (only with your consent)
• Improve our website and services through analytics
• Comply with legal and regulatory obligations
• Maintain business records and accounts
• Respond to your inquiries and provide customer support

4. Third-Party Data Sharing

4.1 Service Providers We Use

We share your personal data with the following third-party service providers:

Fresha (Booking Platform)

When you book an appointment through our website, your booking information is processed by Fresha, our appointment management platform. Fresha acts as a data processor on our behalf.

• Data shared: Name, phone number, email, appointment details
• Purpose: Appointment scheduling and management
• Location: Data may be processed in the UK and EU
• Privacy policy: Fresha Privacy Policy

Google Analytics

We use Google Analytics to understand how visitors use our website. Google Analytics uses cookies to collect anonymous usage data. This service is only activated if you consent to analytics cookies.

• Data collected: Anonymous usage statistics, page views, session duration
• Purpose: Website performance analysis and improvement
• Location: Data processed by Google in various locations
• Privacy policy: Google Privacy Policy

4.2 Data Transfers Outside the UK

Some of our service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the UK Information Commissioner's Office (ICO).

4.3 Legal Disclosures

We may disclose your personal data if required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our terms of service

5. Data Retention Periods

We retain your personal data for the following periods:

• Appointment records: 7 years (for accounting and legal purposes)
• Marketing consent: Until you withdraw consent or 3 years of inactivity
• Website analytics: 26 months (Google Analytics default)
• Email correspondence: 3 years from last contact
• Health information: 8 years (healthcare record retention requirements)

5.1 Secure Data Disposal

When personal data is no longer required, we securely delete or anonymize it using industry-standard methods. Physical records are shredded, and electronic data is securely wiped using certified deletion software.

6. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

6.1 Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of your request, free of charge.

6.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data. We will update your information within one month of notification.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purpose it was collected, or when you withdraw consent.

6.4 Right to Restrict Processing

You can ask us to limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

6.5 Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format, and have the right to transmit this data to another controller.

6.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

6.7 Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you can withdraw your consent at any time. This will not affect the lawfulness of processing before withdrawal.

6.8 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@mesmerisingbeauty.com or call 0191 285 5055. We will respond within one month.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

7.1 Cookie Consent

When you first visit our website, you will see a cookie consent banner. You can choose to accept or reject non-essential cookies. Essential cookies (required for website functionality) are always active.

7.2 Managing Cookie Preferences

You can manage your cookie preferences at any time by clicking the cookie settings link in our website footer or by adjusting your browser settings to block cookies.

8. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data transmitted to our website is protected using SSL/TLS encryption
• Access controls: Personal data is only accessible to authorized staff members
• Regular backups: Data is backed up regularly to prevent loss
• Staff training: All staff receive data protection training
• Physical security: Physical records are stored in locked, secure locations
• Third-party audits: We regularly review our service providers' security practices

8.1 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.

9. Children's Privacy

Our services are intended for individuals aged 16 and over. We do not knowingly collect personal data from children under 16 without parental consent. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting a prominent notice on our website
• Sending an email notification (if we have your email address)
• Updating the "Last Updated" date at the top of this policy

We encourage you to review this privacy policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us and Complaints

11.1 Contact Information

If you have questions about this privacy policy or how we handle your personal data, please contact us:

• Email: privacy@mesmerisingbeauty.com
• Phone: 0191 285 5055
• Post: Mesmerising Beauty Ltd, 77 High Street, Gosforth, Newcastle Upon Tyne, NE3 4AA

11.2 How to Lodge a Complaint

You have the right to lodge a complaint about our data processing practices with the UK supervisory authority:

However, we encourage you to contact us first so we can address your concerns directly and resolve any issues promptly.

12. Legal Framework

This privacy policy is designed to comply with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR) 2003
• Consumer Rights Act 2015