top of page

Privacy Policy – All Together Beauty Ltd

Introduction

All Together Beauty Ltd (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This privacy policy explains how we collect, use, and safeguard your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

For any privacy-related enquiries, please contact us using the details above.

What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Names and contact details

  • Addresses

  • Date of birth

  • Purchase or account history

  • Payment details (including card or bank information for transfers and direct debits)

  • Health information (including dietary requirements, allergies, and health conditions)

  • Health and safety information

  • Information relating to loyalty programmes

Purposes of Processing

We collect and use personal information for the following purposes:

  • To provide and deliver treatments, services, and goods

  • To manage bookings and customer accounts

  • To comply with treatment insurance requirements

  • To comply with legal and regulatory obligations

  • To manage loyalty programme memberships

  • To maintain accurate treatment logs for professional and insurance requirements

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Consent: For marketing communications and storing health details for treatment purposes.

  • Contract: To provide beauty treatments, products, and related services.

  • Legal Obligation: To comply with legal and regulatory requirements (e.g. insurance, taxation).

Legitimate Interests

We also rely on legitimate interests to ensure safe and effective service delivery, for example:

  • Maintaining treatment records to provide continuity of care

  • Retaining treatment history logs to meet industry best practice and insurance requirements

A Legitimate Interests Assessment (LIA) has been carried out to ensure this processing is proportionate and not overly intrusive.

Children’s Data

We do not knowingly collect or process data relating to children.

Where We Get Your Data

We collect personal data directly from:

  • Clients (via forms, telephone, email, or in person)

Sub-Processors and Systems

We use trusted third-party platforms to support our operations securely:

  • Wix – For booking system and website management

  • Fresha (currently in use) – For appointment booking and scheduling

No other third-party suppliers are engaged for customer data management at this time.

Data Sharing

We will not sell or share your personal data with unrelated third parties. We may share your information only with:

  • Insurance providers – Where required for treatment coverage or in case of a claim

  • Regulatory or legal authorities – Where required by law

Data Retention

We are required to retain treatment and health-related records for 7 years, in line with insurance and professional requirements. Other personal data will only be kept as long as necessary to fulfil its purpose or meet legal obligations.

International Data Transfers

Some of the systems we use (e.g. Wix, Fresha) may transfer data outside the UK. Where this occurs, transfers are protected by Standard Contractual Clauses (SCCs) or other approved legal safeguards to ensure your data remains secure.

Data Security

We take robust measures to protect your data, including:

  • Secure booking and payment systems

  • Encryption and secure storage for digital records

  • Restricting access to authorised personnel only

  • Maintaining paper consent forms in secure storage

Your Rights

You have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate information

  • Request deletion of your data, subject to legal or insurance requirements

  • Withdraw consent for marketing at any time

  • Object to or restrict certain types of processing

  • Request a copy of your data in a portable format

How to Complain

If you have concerns about how your personal information is handled, please contact us using the details above.

If you remain dissatisfied, you can complain to the Information Commissioner’s Office (ICO):

bottom of page