Data Processing Notice

Last updated: September 2025

How We Process Your Personal Data

This notice explains how Leveyna processes your personal data in compliance with UK GDPR and Data Protection Act 2018.

Data Controller

Leveyna - Skin & Laser Hub
104 Oxford St, Oldham, OL9 7SJ
Email: leveyna-clinic@outlook.com

Personal Data We Collect

  • Identity Data: Name, email address, phone number
  • Booking Data: Treatment preferences, appointment dates, special requests
  • Payment Data: Payment information (processed by Stripe)
  • Technical Data: IP address, browser type, device information
  • Consent Records: Terms acceptance, contraindications confirmation

Legal Basis for Processing

We process your data based on:

  • Contract: To provide beauty treatments and services
  • Consent: For marketing communications (where given)
  • Legitimate Interest: To improve our services and prevent fraud
  • Legal Obligation: To comply with business record requirements

How We Use Your Data

  • Process and manage your bookings
  • Send appointment confirmations and reminders
  • Process payments securely
  • Provide customer support
  • Maintain business records
  • Improve our services

Data Sharing

We share your data only with:

  • Stripe: For secure payment processing
  • Resend: For sending appointment emails
  • AWS: For secure data hosting
  • Legal authorities: When required by law

Data Security

We protect your data using:

  • SSL/TLS encryption for data transmission
  • Encrypted database storage
  • Access controls and authentication
  • Regular security monitoring
  • Staff training on data protection

Data Retention

  • Active accounts: Until account deletion
  • Booking records: 7 years (business requirement)
  • Payment records: 6 years (tax requirement)
  • Marketing data: Until consent withdrawn

Your Rights Under GDPR

You have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to processing based on legitimate interest
  • Withdraw consent: For consent-based processing

Automated Decision Making

We do not use automated decision-making or profiling that significantly affects you.

International Transfers

Your data is processed within the UK/EU. Any transfers to third countries are protected by appropriate safeguards.

Complaints

If you're unhappy with how we handle your data, you can:

  • Contact us directly at leveyna-clinic@outlook.com
  • Complain to the ICO: ico.org.uk

Contact Our Data Protection Officer

For data protection queries:

  • Email: leveyna-clinic@outlook.com
  • Post: Data Protection Officer, Leveyna, 104 Oxford St, Oldham, OL9 7SJ
Back to Home