Privacy Policy

Perfectly You Co (a trading name of Perfectly You Ltd)

This privacy notice explains how we collect, use, store and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Throughout this policy, “we”, “us” and “our” refer to Perfectly You Co.

1. Contact Details

We act as the Data Controller for your personal data.

2. Key Definitions

  • Personal Data: Any information that can identify you directly or indirectly.
  • Special Category Data: Sensitive personal data including health information and treatment records.
  • Processing: Any operation performed on personal data, including collection, storage, use, sharing, and deletion.
  • Data Controller: Determines how and why data is processed.
  • Data Processor: Processes data on our behalf.

3. What Personal Data We Collect

3.1 General Personal Data

  • Identity data (name, date of birth)
  • Contact data (email, phone number, address)
  • Account data (if applicable)
  • Payment and transaction data
  • Marketing preferences
  • Technical data (IP, device, browser)
  • Usage data (website behaviour)

3.2 Special Category Data (Health Data)

We collect:

  • Medical history
  • Health conditions
  • Contraindications
  • Treatment records and clinical notes
  • Before and after photographs (where applicable)

This is required to deliver safe and appropriate treatments.

4. Lawful Basis for Processing

Purpose Legal Basis
Booking and treatments Contract
Clinical safety Explicit consent + provision of health-related services (Article 9(2)(h) UK GDPR)
Payments Contract + legal obligation
Records (legal/insurance) Legal obligation + legitimate interests
Marketing Consent or soft opt-in
Analytics & tracking Consent

You may withdraw consent at any time.

5. How We Collect Your Data

We collect data when you:

  • Book via Fresha (booking system, CRM and payment portal, acting primarily as a data processor on our behalf)
  • Complete consultation or medical forms
  • Contact us directly
  • Subscribe to marketing (via MailerLite)
  • Use our website (cookies, analytics, tracking)

We also receive data from:

  • Fresha (as our booking and CRM system)
  • Payment processors via Fresha
  • Stripe and WooCommerce (for online shop transactions)
  • Analytics providers (Google Analytics)

6. How We Use Your Data

  • Provide treatments safely
  • Manage bookings and appointments
  • Process payments
  • Maintain clinical records
  • Communicate with you
  • Improve services
  • Send marketing (where permitted)

7. Sharing Your Data

We may share your data with:

  • Fresha (booking, CRM, payments)
  • Stripe and WooCommerce (online shop payments and order processing)
  • MailerLite (email marketing)
  • Website and IT providers
  • Analytics providers (Google Analytics)
  • Advertising platforms (Meta Pixel for tracking and retargeting)
  • Professional advisors (accountants, insurers, legal)
  • Regulatory bodies where required

We do not sell your data.

8. International Transfers

Some providers (e.g. MailerLite, Meta, Google) may process data outside the UK.

We ensure safeguards such as:

  • UK-approved Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Agreements (IDTAs) where applicable
  • Adequacy decisions

9. Data Retention

Data Type Retention Period
Medical records Minimum 6–8 years
Financial records 6 years
Marketing data Until consent withdrawn
Enquiries Up to 2 years

We may retain data longer if required for legal claims.

10. Data Security

We implement appropriate measures including:

  • Secure platforms (Fresha, MailerLite)
  • Access controls
  • Encryption where applicable
  • Staff confidentiality obligations

11. Photography & Media Consent

We may take clinical photographs as part of your treatment.

Clinical Use

Photos may be used for:

  • Treatment assessment
  • Medical records
  • Progress tracking

This forms part of your clinical record.

Marketing Use

Photos/videos will only be used for marketing (website, social media, ads) where:

  • You have given separate explicit consent

Your Rights

  • You can refuse photography
  • You can withdraw marketing consent at any time
  • Withdrawal does not affect prior lawful use

All images are stored securely and treated as confidential medical data where applicable.

Where images are fully anonymised and you cannot be identified, they may be used without consent.

12. Your Rights

You have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent

13. Marketing

We may send marketing where:

  • You have consented, OR
  • You are an existing customer and we promote similar services (soft opt-in under PECR)

You can opt out anytime via unsubscribe links or contacting us.

14. Cookies & Tracking

We use cookies and tracking technologies including:

  • Google Analytics (website analytics)
  • Meta Pixel (advertising and retargeting)

These tools help us understand website usage, measure advertising performance, and deliver relevant adverts.

These are only activated where you provide consent via our cookie banner.

15. Complaints

If you are unhappy with how we use your data, please contact us first.

You can also complain to the ICO:
https://ico.org.uk

16. Third Party Links

We are not responsible for third-party websites linked from our site.

17. Updates

We may update this policy from time to time.

Last updated: March 2026

Privacy Preference Center

Privacy Preferences