top of page

Privacy Policy

Last updated January 2026

This Privacy Policy explains how Zassy Aesthetics (“we”, “us” or “our”) collects, uses, stores and protects your personal data when you interact with us, including when you visit our website, make a booking, attend an appointment, contact us, or engage with our marketing.

Zassy Aesthetics is the data controller for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details set out at the end of this policy.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or how we operate our business. Any updates will be published on our website and will take effect from the date shown above. We recommend reviewing this policy periodically.

What Personal Data We Collect

We may collect and process the following personal information:

Personal identification information, including your name, date of birth, contact details such as email address and telephone number.

Booking and payment-related information, including appointment details and deposit payments (payment details are processed securely by third-party providers and are not stored by us).

Medical and treatment-related information provided through consent forms, medical questionnaires and consultations, including allergies, medical conditions, medications, pregnancy or breastfeeding status.

Technical data, including IP address, browser type, device information and website usage data collected automatically through cookies and analytics tools.

How We Collect Your Personal Data

We collect personal information when you voluntarily provide it to us, including when you:

  • Complete an online booking or enquiry form

  • Submit a consent or medical questionnaire

  • Contact us via email, telephone or website contact forms

  • Make a payment or pay a deposit

  • Subscribe to updates or marketing communications (where applicable)

We also collect certain information automatically through cookies and tracking technologies when you browse our website.

Why We Collect Personal Information

We collect and use personal information for the following purposes:

  • To manage appointments, bookings, cancellations and rescheduling.

  • To assess suitability for treatments and to provide safe and appropriate aesthetic services.

  • To communicate with you regarding your appointment, treatment information, aftercare instructions or important service updates.

  • To process payments and maintain accurate business records.

  • To comply with legal, regulatory and insurance requirements.

  • To improve our website, services and client experience.

Where consent has been given, to send marketing communications or promotional updates. You may opt out at any time.

Medical and Special Category

Due to the nature of the treatments provided by Zassy Aesthetics, we are required to collect and process special category personal data, including medical and health-related information.

This may include, but is not limited to, information regarding medical conditions, allergies, medications, skin sensitivities, pregnancy or breastfeeding status, previous treatments, and any other information necessary to assess treatment suitability and ensure client safety.
Medical information is collected through consultation forms, consent forms, medical questionnaires and verbal consultations.

This information is collected only where necessary and is used solely for the purposes of providing safe, appropriate and effective treatments.
The lawful basis for processing medical and special category data is explicit consent, which is obtained prior to treatment, and the provision of health and aesthetic services in accordance with UK GDPR Article 9(2).

Medical data is stored securely and confidentially, with access strictly limited to authorised practitioners and staff. We take appropriate technical and organisational measures to protect this data against unauthorised access, loss, misuse or disclosure.
Medical and treatment-related information will not be shared with third parties unless required for legal, regulatory or insurance purposes, or where disclosure is required by law.

Medical records are retained only for as long as necessary to meet legal, regulatory and insurance obligations, after which they are securely deleted or destroyed. Clients have the right to access, amend or request deletion of their medical data, subject to legal and professional record-keeping requirements.

How We Store, Use, Share and Disclose Information

Your personal information is stored securely using password-protected systems and secure third-party platforms provided through Wix and associated booking software.

Medical and treatment-related information is treated as confidential and accessed only by authorised personnel.

We do not sell or rent your personal information to third parties. Information may be shared only where necessary, including:

  • Secure payment processors for transaction handling

  • Booking and scheduling systems

  • Website analytics providers (e.g. Google Analytics)

  • Legal or regulatory authorities where required by law

All third-party providers are required to comply with applicable data protection laws.

How We Communicate With You

We may contact you using the contact details you provide, including email or text message, for purposes such as:

  • Appointment confirmations and reminders

  • Changes to bookings or policies

  • Aftercare instructions and treatment-related information

  • Marketing communications, where consent has been given

You may withdraw consent for marketing communications at any time by following the unsubscribe instructions provided or by contacting us directly.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve functionality, analyse website traffic and enhance user experience.

Cookies may collect information such as IP address, browser type, pages visited and time spent on the site.

Third-party services, including Wix applications and analytics tools, may place their own cookies and have separate privacy policies governing their use of information. These practices are not covered by the Wix Privacy Policy.

You can manage or disable cookies through your browser settings.

Your Data Protection Rights

You have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate or incomplete data

  • Request erasure of your personal data (in certain circumstances)

  • Object to or restrict processing of your data

  • Withdraw consent at any time where consent is relied upon

  • Request data portability where applicable

To exercise any of these rights, please contact us using the details below. We may request proof of identity before processing your request.

Withdrawing Consent and Your Rights

You have the right to:

  • Request access to the personal information we hold about you

  • Request correction or deletion of your personal information

  • Withdraw consent for processing where consent is the legal basis

  • Object to or restrict certain types of processing

Requests can be made by contacting us using the details below. We may retain certain information where required by law or for legitimate business purposes.

Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Contact Details

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact:

Zassy Aesthetics
Email: zassyaesthetics@gmail.com

bottom of page