Privacy Policy and GDPR Notice
Privacy Policy and GDPR Notice
Business: SkinBoss Website: skinboss.co.uk Last Updated: 2026.03.07
1. Who We Are
SkinBoss is a beauty and aesthetics clinic and e-commerce store based near London, United Kingdom. We are the data controller for all personal information collected through this website and our clinic services.
- Taramed , SkinBoss
- 9 Marlfield Road
Hale Barns
Greater Manchester
WA15 0SB - Tax Number: 5350839498
- Phone : 07500663665
- Email: info@skinboss.co.uk
- Website: https://skinboss.co.uk/
We are registered with the Information Commissioner’s Office (ICO) as required under UK data protection law.
2. Website Hosting
Our website and associated data are hosted by Vultr Holdings Corporation (Vultr). We have a Data Processing Agreement (DPA) in place with this provider to ensure your data is handled securely and lawfully on our behalf.
Hosting Provider Address: Vultr Holdings Corporation
1990 North Stemmons Freeway Dallas, Texas United States of America
If you have questions about how your data is stored at the infrastructure level, contact us at info@skinboss.co.uk.
3. What Personal Data We Collect
We collect the following types of personal data:
Identity and contact data: your name, email address, phone number, and billing or delivery address.
Transaction data: details of products and services you have purchased, including payment records. We do not store your full card details.
Health and medical data: if you book a treatment with us, we may collect relevant health information through a medical questionnaire. This is special category data under UK GDPR and is handled with additional care and security.
Technical data: IP address, browser type, device information, and pages visited, collected through cookies and analytics tools.
Marketing preferences: your choices about receiving marketing communications from us.
4. How We Collect Your Data
We collect data in the following ways:
-Directly from you when you place an order, register an account, book an appointment, or contact us
-Through your use of our website via cookies and analytics tools
-From payment processors when you complete a transaction
-From social media platforms if you interact with our adverts or content
5. Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for every type of processing we carry out.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Processing orders and payments | Name, address, payment info | Contract performance |
| Managing clinic bookings | Name, contact details, health info | Contract performance and explicit consent (health data) |
| Sending order and booking confirmations | Email address | Contract performance |
| Sending marketing emails | Email address, preferences | Consent |
| Improving our website | Anonymised analytics data | Legitimate interests |
| Maintaining financial records | Transaction data | Legal obligation |
| Fraud prevention and site security | IP address, device data | Legitimate interests |
6. Special Category Data (Health Information)
When you book a clinic treatment, we may ask you to complete a medical questionnaire. The information you provide, such as health conditions, medications, or medical history, is classified as special category data under UK GDPR Article 9.
We process this data only with your explicit, freely given consent. You can withdraw this consent at any time by contacting us at info@skinboss.co.uk, though this may affect our ability to provide certain treatments safely.
We store health records securely, restrict access to authorised staff only, and do not share this data with third parties except where you have given explicit consent or where we are legally required to do so.
7. Who We Share Your Data With
We share your data only where necessary, with the following categories of recipients:
- Payment processors: to handle your transactions securely
- Delivery and courier services: to fulfil product orders
- Email and CRM platforms: to manage communications
- Website hosting and IT providers: to operate our website and store data (see Section 2)
- Analytics providers: such as Google Analytics, using anonymised or pseudonymised data
- Legal and regulatory authorities: where we are required to disclose data by law
We do not sell, rent, or trade your personal data to any third party.
8. International Data Transfers
We aim to keep your data within the UK and European Economic Area. Where a provider operates outside these areas, we ensure appropriate safeguards are in place, such as UK adequacy decisions or UK standard contractual clauses approved by the ICO.
9. How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Order and transaction records | 7 years | HMRC and legal requirements |
| Clinic treatment records | 2 years | Clinical record-keeping guidelines |
| Active customer accounts | Duration of account plus 2 years | Legitimate interests |
| Marketing consent records | Until withdrawn plus 2 years | Accountability under UK GDPR |
| Website analytics data | 3 months (anonymised) | Business improvement |
| Enquiry and contact records | 6 months | Responding to requests |
When data is no longer needed, we delete or anonymise it securely.
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- SSL encryption across our website
- Secure, access-controlled server environments
- Regular security updates and patches
- Staff training on data protection responsibilities
- Data processing agreements with all third-party providers
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly.
11. Your Rights Under UK GDPR
You have the following rights regarding your personal data. To exercise any of these, contact us at info@skinboss.co.uk .
We will respond within one calendar month.
- Right of access (Article 15): request a copy of all personal data we hold about you. This is free of charge in most cases.
- Right to rectification (Article 16): ask us to correct inaccurate or incomplete data without undue delay.
- Right to erasure (Article 17): request deletion of your data where it is no longer necessary, where you withdraw consent, or where we have no legitimate basis to retain it. This right may be limited by legal obligations.
- Right to restrict processing (Article 18): ask us to pause processing of your data in specific circumstances, such as while a dispute is being resolved.
- Right to data portability (Article 20): receive your data in a structured, commonly used, machine-readable format, and have it transferred to another controller where technically feasible.
- Right to object (Article 21): object to processing based on legitimate interests or for direct marketing. We will stop processing for direct marketing immediately upon your objection.
- Right to withdraw consent: where we rely on your consent, you can withdraw it at any time. This does not affect the lawfulness of any processing that took place before withdrawal
12. Cookies
We use cookies on our website. These include strictly necessary cookies required for the site to function, as well as optional analytics and marketing cookies. We collect your consent for non-essential cookies through our cookie banner on your first visit.
You can update your cookie preferences at any time using the “Cookie Settings” link in our website footer.
13. Children
Our website and services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, contact us at info@skinboss.co.uk and we will delete it promptly.
14. Right to Complain
If you believe we have not handled your data correctly, you have the right to complain to the Information Commissioner’s Office (ICO), the supervisory authority for data protection in the UK.
Information Commissioner’s Office Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF Website: ico.org.uk Helpline: 0303 123 1113
We encourage you to contact us first so we can try to resolve your concern directly.
15. Changes to This Policy
We review and update this policy periodically. When we make significant changes, we will notify you by email or by posting a notice on our website. The date at the top of this page reflects when it was last updated.
16. Contact Us
- Taramed , SkinBoss
- 9 Marlfield Road
Hale Barns
Greater Manchester
WA15 0SB - Tax Number: 5350839498
- Phone : 07500663665
- Email: info@skinboss.co.uk
- Website: https://skinboss.co.uk/