The Skin Loft

Privacy Policy

1. Introduction

This Privacy Policy explains how The Skin Loft collects, uses, stores, and protects your personal information.
We comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (Ireland).

By booking or using our services, you agree to the terms of this Privacy Policy.

2. Information We Collect

We may collect the following types of data:

Personal Information

• Name
• Phone number
• Email address
• Address (if required for invoicing or gift vouchers)

Health & Treatment Information

• Medical history relevant to treatments
• Skin conditions, allergies, medications
• Patch-test results
• Treatment notes & progress photos

Booking/Payment Details

• Appointment history
• Deposit or payment records (processed securely by third-party providers—we do not store card details)

Website Data

• IP address
• Cookies (basic analytics only)
• Contact form submissions

3. Why We Collect Your Information

We collect data to:

• Provide safe and appropriate treatments
• Maintain accurate treatment records
• Perform patch tests and health assessments
• Process bookings, deposits, or payments
• Communicate appointment reminders or updates
• Improve our website and customer experience
• Comply with Irish legal and insurance obligations

We never sell, rent, or trade your information.

4. Legal Basis for Processing

Under GDPR, we process data under the following lawful bases:

Consent – when you knowingly provide information
Contract – to provide treatments and process bookings
Legal/Insurance Obligation – keeping treatment records as required
Legitimate Interest – improving our services and business operations

5. How Your Data Is Stored & Protected

We store your information securely using:

• Encrypted booking systems
• Password-protected devices
• Restricted staff access
• Secure email communication

Treatment notes are stored for up to 7 years in accordance with Irish insurance and legal requirements.

6. Sharing Your Information

We only share data with:

• Our booking/payment providers (Stripe, Fresha, etc.)
• Our insurers (if a claim is required)
• Healthcare professionals only with your consent
• Irish authorities if legally required (e.g., court order)

We do not share your information for marketing unless you opt-in.

7. Photography & Marketing Consent

Treatment photos may be taken for record-keeping.
We will never use your images publicly unless you sign a separate written consent form.

8. Cookies & Website Analytics

Our website may use basic cookies for:

• Website performance
• Analytics
• User experience improvements

You can disable cookies in your browser at any time.

9. Your GDPR Rights

You have the right to:

✔ Access your information
✔ Correct inaccurate data
✔ Request deletion of your data (where legally allowed)
✔ Withdraw consent
✔ Request a copy of your records
✔ Limit or object to processing

Requests can be made via email: [insert your email]
We respond within 30 days as required by GDPR.

10. Minors

We do not collect treatment data for clients under 16 without parental/guardian consent.

11. Changes to This Policy

We may update this Privacy Policy when necessary.
The latest version will always be available on our website.

 

Shopping Cart
Scroll to Top