Privacy Policy

Last updated: May 2026

1. Who We Are

Aroma Atelier is the trading name of Aroma Beauty Ltd. (company number 12345678), registered in England & Wales. Our registered office address is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Our trading address is 47a Moulsham Street, Chelmsford, Essex, CM2 0AT, Essex, CM2 0HY.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means we are responsible for deciding how we hold and use personal information about you.

2. What Data We Collect

We may collect the following personal data when you interact with our website or services:

• Identity data: your full name
• Contact data: email address, telephone number
• Booking data: service preferences, appointment notes, booking history
• Technical data: IP address, browser type, device information (collected via strictly necessary cookies only)
• Usage data: how you interact with our website (collected only with your explicit consent via analytics cookies)

3. How We Collect Your Data

We collect personal data through:

• Our reservation form when you request an appointment
• Direct email, telephone, or in-person communication
• Cookies and similar technologies (with your consent for non-essential cookies)

We do not purchase data from third parties or collect data from public sources.

4. How We Use Your Data

We use your personal data for the following purposes:

• To process and manage your appointments — including confirming bookings, sending reminders, and following up after your visit
• To communicate with you — responding to enquiries you make through our website, email, or telephone
• To improve our services — understanding how clients use our website (only with your consent)
• To comply with legal obligations — such as maintaining financial records as required by HMRC

5. Legal Basis for Processing

Under the UK GDPR, we rely on the following lawful bases:

• Consent: where you have given clear consent for us to process your data for a specific purpose (e.g. marketing communications, analytics cookies)
• Contractual necessity: where processing is necessary to fulfil a booking or service you have requested
• Legitimate interest: where processing is necessary for our legitimate business interests (e.g. responding to enquiries), provided these do not override your rights
• Legal obligation: where processing is necessary to comply with UK law

6. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy. Specifically:

• Booking and contact data: retained for up to 24 months after your last appointment, unless you request earlier deletion
• Financial records: retained for 6 years as required by HMRC
• Cookie consent preferences: stored for 12 months from the date of consent

7. Who We Share Your Data With

We may share your personal data with the following categories of third parties:

• Email service providers — for sending booking confirmations and communications
• Website hosting and analytics providers — who process data on our behalf under strict data processing agreements
• Professional advisers — such as accountants, where required by law

We do not sell your personal data to any third party. All third-party processors are required to take appropriate security measures to protect your data in line with our policies and applicable law.

8. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can ask us to correct inaccurate or incomplete data
• Right to erasure — you can ask us to delete your personal data in certain circumstances
• Right to restrict processing — you can ask us to limit how we use your data
• Right to data portability — you can request your data in a structured, machine-readable format
• Right to object — you can object to our processing of your data where we rely on legitimate interest
• Right to withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month.

9. Cookies

Our website uses cookies. For detailed information about what cookies we use, why, and how to manage your preferences, please see our Cookie Policy.

10. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need. All third parties who process data on our behalf are required to respect the security of your data and treat it in accordance with the law.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact Details

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us:

• Email: hello@aromaatelier.co.uk
• Post: Aroma Beauty Ltd., 47a Moulsham Street, Chelmsford, Essex, CM2 0AT, Essex, CM2 0HY
• Telephone: +44 1245 250500

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.