Privacy Policy

Last updated: 3 March 2026

LuxeLine Studio (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and share your information when you use our website, contact us, book a treatment, attend an appointment, or interact with us online.

This policy is intended to meet the transparency requirements of UK data protection law (UK GDPR and the Data Protection Act 2018) and electronic marketing rules (PECR).

1) Who we are (Data Controller)

Data Controller: LuxeLine Studio
Address: LuxeLine Studio, Ferndown, Bagshot Road, Chobham, Surrey, GU24 8SJ
Email: info@luxelinestudio.co.uk
Phone/WhatsApp: 07988 932891

We do not currently have a Data Protection Officer (DPO). If you have questions about this policy or how we use your data, please contact us using the details above.

2) What information we collect

Depending on how you interact with us, we may collect:

Identity & contact details

Name, email address, phone number, and (where needed) billing details.

Booking & appointment details

Appointment date/time, service booked, notes you provide, and booking history (including cancellations/reschedules).

Consultation & treatment information (health data)

To carry out PMU services safely, we may collect information relevant to treatment suitability, such as allergies, medications, medical conditions, contraindications, patch test outcomes, consent forms and aftercare notes. This can include special category data (health data).

Photos and media

Before/after photos and videos (only where you’ve agreed), plus images you send us for consultation purposes.

Communications

Messages and correspondence via email, website forms, phone, WhatsApp, and social media direct messages.

Website usage data (cookies/analytics)

When you browse our website, we may collect information such as IP address, device/browser type, pages visited and interactions. This is collected using cookies and similar technologies, including Google Analytics 4 (GA4) and advertising tags such as Meta Pixel and Google Ads conversion tracking, where you consent.

3) How we collect your information

We collect data when you:

  • complete a website form or contact us

  • book with us (including via Timely)

  • attend a consultation/appointment and complete client forms

  • opt in to marketing

  • interact with our social media

  • browse our website and consent to cookies

4) How we use your data (purposes)

We use your personal data to:

  • respond to enquiries and provide availability/quotes

  • manage bookings, appointments, reminders and follow-ups

  • carry out consultations and provide PMU services safely (including aftercare)

  • process payments and issue invoices/receipts (where applicable)

  • keep accurate client records for service quality and safety

  • improve our website, marketing and services (analytics)

  • run advertising/remarketing campaigns (only where you consent to marketing cookies)

  • protect our business (security, fraud prevention, dispute handling)

5) Lawful bases for processing

We rely on the following lawful bases under UK GDPR, depending on the situation:

General personal data

  • Contract – to manage your booking and provide the services you request

  • Legitimate interests – to run and improve our business (e.g., responding to enquiries, service improvements, basic record-keeping, preventing fraud), where these interests are not overridden by your rights

  • Legal obligation – where we must keep records (e.g., for tax/accounting)

  • Consent – where you choose to opt in (e.g., marketing messages, non-essential cookies, optional portfolio photos)

Health data (special category data)

Where we process health information for consultation and treatment suitability, we do so only with your explicit consent. You will be asked to provide this consent via our consultation/consent process (paper or digital) before treatment. You can withdraw your consent at any time by contacting us, but please note this may mean we are unable to provide (or continue) certain services safely.

6) Timely (booking platform)

We use Timely to manage bookings, appointment reminders and client scheduling. Timely will process your data as part of delivering this service to us. You should review Timely’s privacy information as well (linked from their site/app where relevant).

7) Marketing messages (email/SMS/WhatsApp)

We may send marketing communications about LuxeLine Studio (news, availability, offers) only when permitted under PECR.

In practice, this means:

  • Email marketing: we will send emails only if you opt in, or where the soft opt-in applies (existing customers, similar services, and you were given a clear chance to opt out when we collected your details and in every message).

  • You can opt out at any time via the unsubscribe link or by contacting us.

We do not share your contact details with other businesses for their marketing.

8) Cookies, GA4, Meta Pixel and Google Ads

Our website uses cookies and similar technologies. Some cookies are strictly necessary for the website to function. Others (like analytics and advertising cookies) are optional and will be used only if you consent.

Because we use GA4, Meta Pixel and Google Ads tags, we operate a cookie consent banner that:

  • asks for your consent before optional cookies are set, and

  • allows you to accept or reject optional cookies (and change your choice later).

For more detail, see our Cookie Policy:

How We Use Cookies

We use the following types of cookies:

Strictly Necessary Cookies

These are essential for the website to operate and cannot be switched off. They enable core functionality such as page navigation and security.

Analytics Cookies

We use Google Analytics 4 (GA4) to understand how visitors use our website.

GA4 collects information such as:

Pages visited

Time spent on pages

Device and browser type

Approximate location (country/city level)

This data helps us improve our website and services..

9) Who we share your data with

We do not sell your personal data.

We may share your data with trusted service providers who help us operate our business, for example:

  • Timely (booking/scheduling)

  • Website hosting / website platform provider

  • Payment providers (if used)

  • Email/SMS providers (if used)

  • Analytics/advertising platforms (GA4, Meta, Google Ads — where you consent)

We require service providers to protect your data and only process it on our instructions (where applicable).

10) International data transfers

Some providers (such as Google and Meta) may process data outside the UK. Where personal data is transferred internationally, we use appropriate safeguards (such as contractual protections) to help keep your data protected.

11) How long we keep your data (retention)

We keep your data only as long as necessary for the purposes above, including safety, service delivery, and legal requirements. Typical retention periods are:

  • Enquiries (no booking): up to 12 months

  • Client booking records: up to 6 years (for accounting/tax and business record-keeping)

  • Consultation/consent forms and treatment notes (including health info): up to 7 years from your last appointment (longer if there’s a genuine safety/insurance reason)

  • Marketing preferences: until you unsubscribe/withdraw consent (plus a minimal suppression record so we don’t message you again)

We may keep data longer if required to deal with a complaint, claim, or legal obligation.

12) Your rights

You have rights under UK GDPR, including the right to:

  • access your data

  • correct inaccurate data

  • request deletion (in certain circumstances)

  • restrict processing (in certain circumstances)

  • object to processing (including direct marketing)

  • withdraw consent (where consent is the basis)

  • data portability (in certain circumstances)

To exercise any of these rights, contact us using the details in section 1. We may need to verify your identity.

13) Complaints

If you’re unhappy with how we use your data, please contact us first — we’ll do our best to resolve it.

You can also complain to the UK Information Commissioner’s Office (ICO).

14) Security

We take appropriate security measures to protect your personal data (such as access controls and secure systems). However, no online transmission is completely secure.

15) Links to other websites

Our website may contain links to third-party sites (including social platforms). We are not responsible for their privacy practices — please review their privacy policies.

16) Changes to this policy

We may update this Privacy Policy from time to time. We’ll update the “Last updated” date at the top of this page.