Privacy Policy

Introduction

LashBrows Aesthetic Studio ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website lashbrowsaestheticstudio.uk and use our services.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). By using our website and services, you agree to the collection and use of information in accordance with this policy.

Data Controller

For the purposes of the UK GDPR, the data controller is:

Information We Collect

Personal Information

We collect personal information that you voluntarily provide when you:

• Create an account on our website
• Book an appointment or consultation
• Purchase products from our shop
• Complete medical history and consent forms
• Contact us via email or contact form
• Subscribe to our newsletter

This information may include:

• Name, email address, phone number
• Billing and delivery address
• Payment information (processed securely by our payment providers)
• Medical history and health information (for treatment purposes only)
• Appointment preferences and service history

Medical and Health Information

As a CPD Certified Member studio, we are required to collect detailed medical and health information to ensure your safety during all semi-permanent makeup (PMU) procedures. This includes:

• Client Medical History Form: A comprehensive health questionnaire covering medical conditions, allergies, medications, skin conditions, and treatment history. This form includes questions about conditions such as diabetes, epilepsy, blood thinning medications, autoimmune disorders, and skin sensitivities.
• Consent Forms: Procedure-specific consent forms (Microblading Consent Form and Lip Blush Consent Form) that detail the nature, risks, and possible complications of permanent skin pigmentation procedures. These require your digital signature acknowledging you understand the procedure.
• Emergency contact information for your safety during treatments

This information is treated with the highest level of confidentiality, stored securely, and is only accessible to authorised studio personnel. We may be unable to provide certain services if medical conditions present a risk to your health and safety.

Health, Safety & Professional Standards

LashBrows Aesthetic Studio is a CPD (Continuing Professional Development) Certified Member, recognised by The CPD Certification Service. This certification demonstrates our commitment to maintaining the highest professional standards in semi-permanent makeup procedures.

As part of our duty of care and regulatory compliance, we implement the following safety measures:

• Pre-treatment screening: All clients must complete a Client Medical History Form covering over 30 health-related questions before any PMU procedure
• Informed consent: Procedure-specific consent forms (Microblading or Lip Blush) must be signed, acknowledging risks including infection, allergic reaction, scarring, inconsistent colour, and fading of pigments
• Contraindication checks: We screen for conditions that may prevent safe treatment, including pregnancy, certain skin conditions, blood thinning medications, and recent use of Accutane or Retinol
• Pre-care instructions: Detailed timeline-based instructions provided before eyebrow procedures (from 1 year to day-of) to ensure optimal skin condition
• Aftercare instructions: Comprehensive post-procedure care guidance provided for both microblading and lip blush treatments to support proper healing
• Patch testing: Carried out by our technician prior to procedures as confirmed in the consent process

These records are retained for a minimum of 6 years after the last treatment, in line with professional and legal requirements.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website. In compliance with PECR, we inform you about the cookies we use:

Essential Cookies (Strictly Necessary)

These cookies are required for the website to function and cannot be switched off:

• Authentication cookies (Supabase) - Enable you to log in and stay logged in to your account
• Session cookies - Maintain your session while browsing
• Cookie consent preference - Remember your cookie choices

Functional Cookies

These cookies enhance functionality and personalization:

• Shopping cart (localStorage) - Remember items in your cart
• Theme preference - Remember your dark/light mode preference

Third-Party Cookies

We use third-party services that may set their own cookies:

• Payment processor (Stripe) - Secure payment processing and fraud prevention

You can manage your cookie preferences through the cookie consent banner or your browser settings. Note that disabling essential cookies may affect website functionality.

How We Use Your Information

We use your personal information for the following purposes:

• To process and manage your bookings and appointments
• To process and fulfil product orders
• To provide safe and appropriate beauty treatments
• To communicate with you about your appointments and orders
• To send booking confirmations, reminders, and updates
• To respond to your enquiries and provide customer support
• To comply with legal obligations and professional regulations
• To improve our website and services

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract: Processing necessary to fulfil our contract with you (bookings, orders)
• Legal Obligation: Processing required by law (medical records, tax records)
• Consent: Where you have given explicit consent (marketing communications)
• Legitimate Interests: Processing necessary for our legitimate business interests

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

• Account information: Retained while your account is active and for 6 years after closure
• Booking and order records: 6 years (UK tax record requirement)
• Medical history and consent forms: 6 years after last treatment
• Marketing preferences: Until you withdraw consent

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal requirements)
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at lashbrowsaestheticstudio@gmail.com. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Secure HTTPS encryption for all data transmission
• Secure authentication and session management
• Payment processing through PCI-DSS compliant providers
• Regular security reviews and updates
• Limited access to personal data on a need-to-know basis

Third-Party Services

We use the following third-party services that may process your data:

• Supabase: Database and authentication services
• Vercel: Website hosting
• Stripe: Payment processing
• Resend: Email delivery service

Each of these providers has their own privacy policy and maintains appropriate data protection measures.

Complaints

If you have concerns about how we handle your personal data, please contact us first at lashbrowsaestheticstudio@gmail.com. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this page periodically for any changes.