1. Introduction and Scope
This document concerns YOUR personal data, legally defined as information concerning any living person that is not already in the public domain, and covers legislation from The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulations (GDPR).
The aforementioned regulations seek to protect and enhance your rights as a data subjects, and cover the safeguarding of personal data, protecting the user against the unlawful processing of personal data and the unrestricted transfer of personal data within the EU.
Please be aware; GDPR does not apply to information already accessible in the public domain, for example, Companies House data, or domain registration information.
In this policy document, “we”, “us” and “our” refer to the data controller listed in Section 2.4 of this document.
1.1 BODILIGHT.CO.UK is committed to safeguarding the privacy of visitors to our website (https://www.bodilight.co.uk) and general service users, in accordance with the General Data Protection Regulation (GDPR) 2018.
2. Who we are
The information provided in this section clearly defines who “we” are, and who is responsible for managing your personal data. Methods of contact should also be clearly defined in accordance with EU laws on service provider transparency.
If you believe information is missing or incorrect in this section, or does not adequately describe the service provider, you should discontinue use of this website immediately.
2.1 Who are we?
BODILIGHT.CO.UK is a beauty clinic which specialises in offering a range of proven, safe and highly successful beauty services including laser hair removal and advanced procedures.
2.2 Physical address
Our principal place of business is at:
301 South Row
2.3 Contact methods
You can contact us via any of the following methods:
(a) By post to
301 South Row
(b) Use of our website’s contact form on the following URL
(c) By telephone
01908 395 031
(d) By email
2.4 Data Protection Officer
Our data protection officer/data controller is Paul Avraam and contact details for the aforementioned controller are as detailed above in section 2.3.
3. Collection of YOUR personal data
The section below will detail the types of data that is collected, in addition to the methods of collecting this data.
3.1 User provided information
BODILIGHT.CO.UK will collect direct information provided by you (via contact forms, for example) to provide quotations, make telephone contact, or to email you concerning any information you may request.
3.2 Automatically collected information
Whilst visiting our website, some additional personal data may be collected, including but not limited to personally-identifying information like Internet Protocol (IP) addresses, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information concerning the timing, frequency and pattern of your service use.
3.3 How YOUR data on our website is collected and stored
Data will be collected on our website in the following ways:
a) Via web contact forms on our website
Data provided via our website forms is manually submitted by the user, and stored in an encrypted MySQL database.
b) Via Google Analytics tracking
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic and user behavior, enabling us to enhance the user experience and analyse marketing.
All data is stored on Google’s secure servers.
c) Via web server tracking software provided with our web hosting
Our web hosting provider may track user behaviour and monitor potential security threats, and as such will collect data designed to keep the website operational and your information secure.
All data is stored on our web host’s secure servers and will be made available in association with a relevant data protection request.
d) Via browser cookies
Further information on browser cookies and how to manage them can be found in section 12 of this document.
4. Use of YOUR personal data
It is required that ANY use of YOUR personal data will be lawful and fair, and initiation of data transfer from user (YOU) to BODILIGHT.CO.UK should be easy to understand, and be transparent as to which data is being processed and how it may be used.
4.1 Lawful basis for data processing
Your personal data will only be used only to provide or enhance a service that you have initiated or requested.
BODILIGHT.CO.UK will never use your personal data for operations outside the defined scope of our working arrangement or contract, unless legally required to do so.
4.2 Legal obligations
Should it be legally required to divulge your personal information to a higher authority such as law enforcement organisations, YOU as the user will be notified of any such data transfer.
5. Transfer of YOUR personal data
5.1 Third party transfer
If it is necessary to utilise your details for a third party service such as Google Analytics, this data transfer will only take place upon your direct instructions in writing or email. No transfer will take place without your consent.
5.2 Third party conformity
Should any transfer occur, BODILIGHT.CO.UK expect all third party organisations to adhere to the same data protection regulations.
5.3 Data transfer outside of EEA
Should data transfer concerning YOU be necessary to an organisation outside of the European Economic Area (EEA), YOU will be notified beforehand and must consent before any data transfer takes place. No data transfer will take place without prior consent.
5.4 External data transfer via hyperlinks
This website may include relevant hyperlinks to external websites not controlled by BODILIGHT.CO.UK. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. No personal data will ever be passed to external websites via hyperlinks as detailed above.
5.5 Transfer internally across website
All data transferred from page to page, from page to mailer, or from page to database is sent encrypted via the HTTPS protocol. The site is protected via a COMODO RSA SSL certificate.
6. Your rights as a data subject
6.1 Your rights
At any point whilst BODILIGHT.CO.UK is in possession of, or processing your personal data, all data subjects have the following rights as dictated by EU laws and regulations:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
6.2 Refusal of access
In the event that BODILIGHT.CO.UK refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge this refusal, or lodge an official complaint to the ICO (see Section 13).
7. Transparency of data held
7.1 Requesting information
BODILIGHT.CO.UK is legally obligated to provide the data we have collected concerning YOU at any time. You may request the following information:
- Information concerning how we collected the data.
- Contact details of the data protection officer, if applicable.
- The purpose of the processing your information, in addition to the legal basis for processing.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (ICO).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
7.2 Verification requirements
To access what Personal data is held, identification will be required for verification. This may be a copy of your current driving licence, your passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If BODILIGHT.CO.UK is dissatisfied with the materials provided, further information may be sought before personal data can be released.
8. Consent and withdrawal of consent
8.1 Consenting and withdrawal of consent
Through agreeing to this privacy notice you are consenting to BODILIGHT.CO.UK processing your personal data for the purposes outlined. You can withdraw consent at any time by emailing or phoning the data protection officer detailed in this document.
9. Data retention policy
9.1 Data storage expiration
BODILIGHT.CO.UK will process personal data during the duration of any contract and will continue to store only the personal data needed for three years after the contract has expired to meet any legal obligations. After this period any personal data no longer required or dormant will be deleted.
10. Data storage
10.1 Storage of data across multiple locations
Data collected by this website is held primarily in the United Kingdom using different (multiple) servers. However, data is backed-up to servers across Europe via cloud storage backup solutions. All servers are located in locations that are required to comply with the same data protection regulations. Our primary load balancing system for cloud server operation is based in Bulgaria.
10.2 Transparency of data storage by third party providers
As defined in sections 4 and 5, your data may be transferred by BODILIGHT.CO.UK to a third party service to enhance your user experience or to provide client services. Companies that may have access to some of your data and the data they are able to process is as follows:
Google (Analytics) – Email address and website address
11.1 Policy updates
We may update this policy without notice. The most recent version will always be available on our website.
11.2 Keeping up to date with this policy
Website users should check this page occasionally to ensure you are in agreement with any changes to this policy.
12.1 Types of cookie
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
12.2 Data contained within cookies
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
12.3 Storage of cookie data
Information provided in these cookies may be stored by BODILIGHT.CO.UK in an encrypted MySQL database if it’s necessary the operation or our website. Cookies will also be stored by YOU, should your browser be set to use them.
12.4 Refusing and deleting cookies
Most modern browsers allow you to refuse to accept cookies and also allow you to delete cookies.
The methods for doing so vary from browser to browser, from version to version, and can be dependent on operating system. You can however obtain up-to-date information about blocking and deleting cookies via the following:
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer)
12.5 The impact of blocking cookies
Blocking all cookies will have a negative impact upon the usability of many websites, and should you block cookies on our website, you will not be able to use all of the features of our website.
13.1 Filing a complaint to the ICO
In the event that you wish to make a compliant about how your personal data is being handled, you have a legal right to complain. If you do not get a response within 30 days of your correspondence, you can initiate a complaint to the ICO.
Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
14. Policy Updates
14.1 Latest version
The latest version of this document is dated 10th May 2018.
14.2 Previous revisions