Privacy Policy

Last Updated: January 16, 2025

Jellylashes ("we," "us," or "our") operates the website jellylashes.co.uk and provides eyelash and eyebrow beauty services in Boston, United Kingdom. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

1.1 Information You Provide

When you book an appointment through our website, we collect:

• Name: To identify you and personalize your service
• Email address: To send booking confirmations and communicate about your appointment
• Phone number (optional): To contact you quickly regarding your appointment
• Appointment details: Date, time, and service selected
• Additional notes: Any special requests or comments you provide

1.2 Automatically Collected Information

We may collect technical information when you visit our website:

• Cookies: Small files stored on your device (see Cookie Policy below)
• Analytics data: Through Google Analytics (with your consent), including pages visited, time spent, device type, and location data
• IP address: For security and fraud prevention

2. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance: To fulfill your booking and provide the service you requested
• Legitimate interests: To operate our business, improve our services, and communicate with you
• Consent: For marketing communications and analytics (you can withdraw consent at any time)

3. How We Use Your Information

We use your information to:

• Process and confirm your appointments
• Send appointment reminders and confirmations via email
• Respond to your inquiries and provide customer support
• Improve our website and services based on user feedback
• Analyze website usage through Google Analytics (with your consent)
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Service providers: Supabase (database hosting), Google Analytics (with your consent), email service providers
• Legal authorities: If required by law or to protect our rights

5. Data Retention

We retain your personal data:

• Booking data: For 2 years after your last appointment
• Analytics data: As per Google's retention settings (typically 14 months)
• Marketing data: Until you unsubscribe or withdraw consent

6. Your Rights Under UK GDPR

You have the following rights:

• Right to access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for marketing or analytics at any time

7. Cookies and Tracking

We use cookies to:

• Essential cookies: Enable basic website functionality (always active)
• Analytics cookies: Track website usage via Google Analytics (requires consent)

You can manage cookie preferences through our cookie banner. Declining analytics cookies will not affect website functionality but will prevent us from collecting usage statistics.

8. Third-Party Services

Our website uses the following third-party services:

• Supabase: For secure database storage of bookings (data stored in EU)
• Google Analytics: For website analytics (only with your consent)
• Netlify: For website hosting (data stored in EU/US)

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• HTTPS encryption for all data transmission
• Secure database access controls
• Regular security audits
• Limited access to personal data (only authorized personnel)

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EU. We ensure adequate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the UK ICO

11. Children's Privacy

Our services are not intended for individuals under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our website after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us:

• Email: [Your Email]
• Address: Boston, United Kingdom

14. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: +44 7522 973126

← Back to Home