Privacy policy.

Introduction

KG Skin & Aesthetics (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under UK data protection law.

This policy applies to data collected through our booking system and website. By using our services, you agree to the collection and use of your data as described below.

Last updated: May 2026

Who we are

KG Skin & Aesthetics is the data controller for personal data collected through this website and booking system.

For any queries relating to this policy or your personal data, please contact us via Instagram or Facebook DM.

What data we collect

We collect and process the following categories of personal data:

• Identity and contact data — first name, last name, email address, phone number, and date of birth.
• Health data — medical history, allergies, medications, and pregnancy or breastfeeding status, collected as part of pre-treatment consent forms. This is special category data under UK GDPR.
• Emergency contact data — name, phone number, and relationship of an emergency contact provided by you.
• Booking and treatment data — appointment dates and times, treatments received, and booking status.
• Consent records — a copy of the consent form presented to you, your responses, your digital signature, the date and time signed, and your IP address at the time of signing.
• Payment data — deposit amounts and payment references. We do not store full card details. Payments are processed securely by Stripe.
• Usage data — if you consent, anonymised analytics data about how you navigate this website (no personal information is included).

Why we collect it

We use your personal data for the following purposes:

• To manage your booking — scheduling appointments, sending confirmation and reminder emails, and processing deposit payments.
• To provide safe treatment — health information and consent records are essential for assessing suitability for treatments and maintaining accurate clinical records.
• To comply with legal obligations — aesthetic practitioners are required to retain clinical records, including consent forms and health questionnaires, under professional and regulatory guidance.
• To communicate with you — sending appointment reminders and important updates related to your bookings.
• To improve our service — anonymised analytics data (with your consent) to understand how the website is used.

The legal bases we rely on are: performance of a contract (booking management and payments), vital interests and legitimate interests (treatment safety and clinical records), legal obligation (regulatory compliance), explicit consent (special category health data and analytics), and the provision of health care (for health data processed in the context of treatment).

Who we share it with

We do not sell or rent your personal data. We may share your data with the following third-party service providers who process it on our behalf:

• Stripe — payment processing. Stripe is PCI-DSS compliant. Their privacy policy is available at stripe.com/gb/privacy.
• Supabase — database and storage. Your personal data is held on Supabase infrastructure in the United Kingdom. Their privacy policy is available at supabase.com/privacy.
• Vercel — website hosting and serving. Their privacy policy is available at vercel.com/legal/privacy-policy.

We keep your personal data within the United Kingdom and the European Economic Area wherever possible. Where a processor is based outside these regions (for example, a US-headquartered company), we only use processors that are subject to equivalent data protection standards — either through a UK or EU adequacy decision, or through appropriate safeguards such as UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs). We do not transfer your data to any country that does not provide an adequate level of protection for personal data.

We may also disclose your data if required to do so by law or in response to a valid request from a public authority.

How long we keep it

We retain personal data, including booking records, consent forms, health information, and payment records, for up to 10 years from your most recent appointment. This retention period reflects the professional and regulatory guidance applicable to aesthetic treatment records.

After this period, your data is permanently deleted from our systems.

Your rights

Under UK GDPR you have the following rights in relation to your personal data:

• Right of access — you can request a copy of all personal data we hold about you (a Subject Access Request).
• Right to rectification — you can ask us to correct inaccurate or incomplete data.
• Right to erasure — you can request that we delete your data, subject to our legal obligations to retain clinical records.
• Right to restriction — you can ask us to restrict how we use your data while a query is being resolved.
• Right to data portability — you can request a machine-readable copy of the data you have provided to us.
• Right to object — you can object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us via Instagram or Facebook DM. We will respond within one month.

If you are not satisfied with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies and analytics

We use Vercel Analytics to collect anonymised data about how visitors use this website. This service does not use cookies and does not collect any personally identifiable information — it processes aggregate, anonymised request data only.

We will ask for your consent before enabling analytics. You can withdraw your consent at any time by clearing your browser's local storage for this site.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

Contact

If you have any questions about this privacy policy or how we handle your data, please contact us: