​Privacy Policy

​Last Updated: 27th November 2025

​Skincare Edinburgh ("we", "us", or "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, and protect your personal data in compliance with the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).

​For the purpose of data protection laws, the Data Controllers and processors are Mr Jamie Ross and Mrs Gohar Peteosyan trading as Skincare Edinburgh, located at 38 Redcroft Road, Shawfair, EH221FQ.

​1. Information We Collect

​To provide you with safe and effective skincare treatments, we must collect and process personal and sensitive information.

​Personal Data

​We collect basic identifiable information, including:

• ​Name

• ​Contact details (Phone number, email address, home address)

• ​Date of birth

• ​Emergency contact details

​Special Category Data (Health & Medical)

​Due to the nature of our treatments, we also collect "Special Category Data" concerning your health. This includes:

• ​Medical history (e.g., pregnancy, diabetes, epilepsy, heart conditions)

• ​Current medications and treatments

• ​Allergy information

• ​Skin conditions and treatment history

• ​Photographs and videos (for treatment progress tracking or marketing, dependent on consent)

​2. Why We Collect Your Data (Lawful Basis)

​Under UK GDPR, we rely on the following lawful bases to process your data:

1. ​Contract: To fulfil our service agreement with you (i.e., to perform the treatment you booked).

2. ​Legal Obligation: To keep records for tax purposes and insurance requirements.

3. ​Vital Interests: In rare emergencies (e.g., severe allergic reaction), we may need to share your medical data with emergency services to protect your life.

4. ​Explicit Consent:

   • ​For Health Data: We require your explicit written consent to process your medical and health data to ensure treatments are safe for you.

   • ​For Marketing: We will only send you marketing communications or post photos/videos of you on social media if you have ticked the relevant consent box on our forms.

​3. How We Store Your Data

​We take the security of your data seriously, especially given the sensitive nature of the information.

• ​Paper Records (Consultation & Consent Forms): All physical paperwork containing personal and medical information is stored in a locked, secure cabinet within the salon premises. Access is strictly restricted to authorised personnel only.

• ​Digital Records: Any digital records (such as client contact lists or digital treatment logs) are stored on password-protected devices with up-to-date security software.

• ​Payment Information: Skincare Edinburgh does not store your financial data. All card payments are processed securely by Stripe, a third-party payment processor. Stripe handles your payment data directly on their secure servers. We only receive confirmation that the payment has passed or failed; we never see or save your full card number or CVC code.

  • ​You can view Stripe’s Privacy Policy here: https://stripe.com/gb/privacy

​4. Data Retention

​We will not keep your personal data for longer than necessary.

• ​Client Treatment Records: We are required by our insurance providers to retain client consultation and treatment records for a minimum of 7 years following your last treatment. After this period, records will be securely shredded or permanently deleted.

• ​Marketing Data: If you consent to marketing, we will keep your contact details for this purpose until you notify us that you wish to withdraw your consent.

​5. Sharing Your Personal Information

​We do not sell, trade, or rent your personal information to others. We may share your data only in the following limited circumstances:

• ​Service Providers: With software providers who help us manage bookings (e.g., Stripe for payments, or booking software if you use it), strictly for the purpose of providing the service.

• ​Legal/Medical: If required by law, or to medical professionals in an emergency.

• ​Insurance: In the event of a claim, we may be required to share treatment records with our insurance provider.

​6. Your Rights

​Under the UK GDPR, you have the following rights regarding your data:

• ​The Right to be Informed: You have the right to know how your data is being used (which is the purpose of this policy).

• ​The Right of Access: You can request a copy of the personal data we hold about you. We will provide this within one month.

• ​The Right to Rectification: You can ask us to correct inaccurate or incomplete data (e.g., a new address or change in medication).

• ​The Right to Erasure ("Right to be Forgotten"): You can ask us to delete your data. Please note: This is not an absolute right. We may be legally required to retain your treatment records for insurance purposes even if you request deletion.

• ​The Right to Withdraw Consent: You may withdraw your consent for marketing or the use of photos/videos at any time by contacting us in writing.

​7. Withdraw Consent

​You are free to withdraw your consent for marketing or photography at any time.

• ​To withdraw: Please email us at [Your Contact Email] or write to us at the address below.

• ​Note: If you withdraw consent for us to hold your medical/health data, we may be unable to continue providing treatments to you for safety and insurance reasons.

​8. Complaints

​If you have any concerns about how we handle your data, please contact us first so we can resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk).

​9. Contact Us

​For any questions regarding this Privacy Policy or to exercise your rights, please contact:

​Skincare Edinburgh

Owner: Mr Jamie Ross and Mrs Gohar Petrosyan

Address: 38 Redcroft Road, Shawfair, EH221FQ

Email: contact@skincareedinburgh.co.uk

Phone: 07448858651

Our Use of Cookies and Tracking Technology

This section details the use of cookies and other digital tracking technologies on our website and booking platform.

What are Cookies?

Cookies are small text files that are placed on your computer, tablet, or mobile phone when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site.

How We Use Cookies (via Booking Platform)

We primarily use cookies through our third-party online booking system with Hostinger to ensure the functional operation of our online services. We do not generally use complex direct tracking outside of the core functions provided by the booking software.

The types of cookies typically used fall into the following categories:

• Strictly Necessary Cookies: These are essential for the operation of our booking service. They enable core functions such as securing appointments, processing deposits, and navigating the site. The platform cannot function correctly without them.

• Performance/Analytics Cookies: These cookies collect information about how clients use our booking system (e.g., time spent on pages, which services are booked most often, and any errors encountered). This aggregated data helps us understand and improve the performance and usability of our services.

• Functional Cookies: These remember choices you make (such as recalling your login details or preferred language) to provide a more personalized and convenient booking experience.

Analytics Data

Our booking platform may use tools to collect anonymized usage data (e.g., IP address, browser type, device details). This information is used for internal analysis only, helping us to identify trends and improve the accessibility and efficiency of our online booking process.

Managing Cookies

Under UK and EU law, you have the right to control how cookies are used on your device.

You can set your browser (e.g., Chrome, Safari, Firefox) to refuse all or some browser cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse strictly necessary cookies, some parts of our booking service may become inaccessible or not function properly, which could prevent you from completing a booking.