Data Protection Policy
Effective Date: 10th july 2025

AG Beauty & Laser Tooting Bec (“we”, “our”, “us”) is committed to protecting the personal data of our clients, employees, contractors, and third parties. This Data Protection Policy outlines how we collect, process, store, and protect personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Purpose

This policy ensures that we:

  • Comply with data protection laws

  • Protect the rights of individuals

  • Are transparent about how we handle personal data

  • Mitigate the risk of data breaches or misuse

2. Scope

This policy applies to:

  • All staff, including employees, freelancers, and contractors

  • All personal data processed by AG Beauty & Laser Tooting Bec

  • Data collected via our website, email, booking systems, phone, or in-person

3. Our Data Protection Principles

We adhere to the following key principles:

  1. Lawfulness, Fairness, and Transparency: We process personal data lawfully and are open about how it is used.

  2. Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.

  3. Data Minimisation: We collect only the data that is necessary.

  4. Accuracy: We keep personal data accurate and up-to-date.

  5. Storage Limitation: We retain data only as long as needed for legal or business reasons.

  6. Integrity and Confidentiality: We ensure personal data is secure and protected from unauthorised access, loss, or damage.

4. Types of Data We Collect

We may collect the following types of data:

  • Contact Information: name, email, phone, address

  • Appointment History: treatments booked and received

  • Health Information: skin/medical history relevant to treatments (with consent)

  • Payment Details: method of payment (not full card information)

  • Employment Data: for staff and contractors

  • Technical Data: IP address, browser type, and usage analytics

5. Lawful Bases for Processing

We only process personal data where we have a legal basis, such as:

  • Consent: e.g. marketing communications or sensitive health information

  • Contract: e.g. managing appointments or employment relationships

  • Legal Obligation: e.g. retaining tax or employment records

  • Legitimate Interests: e.g. improving client service or business operations

6. Data Subject Rights

All individuals have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request deletion of personal data (“right to be forgotten”)

  • Restrict processing

  • Object to processing for direct marketing

  • Request data portability (where applicable)

  • Withdraw consent at any time

To exercise any of these rights, please contact us at:
info@agbeautytootingbec.co.uk

7. Data Storage & Security

We use secure systems to store and manage personal data. Measures include:

  • SSL encryption on our website

  • Password-protected devices and software

  • Access limited to authorised personnel

  • Secure cloud and booking platforms

8. Data Sharing

We only share personal data where necessary and under legal obligations, including with:

  • Booking platforms and payment providers

  • Insurance and regulatory authorities (if required)

  • IT and website service providers under data processing agreements

We never sell your data.

9. Data Retention

We retain personal data only as long as necessary for:

  • Legal compliance (e.g., up to 6 years for treatment or financial records)

  • Business operations

  • Insurance and accountability

Once no longer required, data is securely deleted or anonymised.

10. Data Breaches

We have procedures in place to identify, investigate, and respond to any personal data breaches. If a breach poses a risk to individuals’ rights and freedoms, we will notify affected parties and report it to the Information Commissioner’s Office (ICO) within 72 hours, in accordance with UK GDPR.

11. Staff Responsibilities

All staff are trained in data protection and must:

  • Handle personal data confidentially and securely

  • Report any concerns or breaches immediately

  • Only access data necessary for their job role

12. Policy Review

This policy is reviewed annually or when there are significant changes in our data processing or relevant legislation.

13. Contact Us

For questions, concerns, or data access requests, please contact:

AG Beauty & Laser Tooting Bec
Email: info@agbeautytootingbec.co.uk
Website: https://agbeautytootingbec.co.uk
Address: 51 Trinity Rd, Tooting Bec, London SW17 7SD. UK