Gilded Dreams (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, store, and protect your information when you engage with our salon services, shop, or website. It applies to both our physical premises in Carnforth, Lancashire, and our online presence, including any e-commerce activities.

1. Information We Collect

We collect personal data to provide you with exceptional salon services and shopping experiences. The types of information we may collect include:

1.1 Personal Information

• Name
• Contact details (email address, phone number, postal address)
• Date of birth (for age-restricted services)
• Payment information (e.g., credit/debit card details)

1.2 Health and Treatment Information

• Medical history relevant to beauty treatments (e.g., allergies, skin conditions)
• Patch test results
• Preferences for treatments and products

1.3 E-commerce Data

• Billing and shipping addresses
• Order history
• Any additional information provided during checkout

1.4 Website Data

• IP address
• Browser type and version
• Cookies and tracking technologies (see Section 6 for more on cookies)

2. How We Use Your Information

We use your data for the following purposes:

2.1 Salon Services

• To provide tailored beauty treatments
• To ensure your safety during treatments by considering medical conditions or allergies
• To maintain accurate records of your preferences

2.2 E-commerce Shop

• To process orders and manage deliveries
• To provide customer support for purchases
• To send updates about your orders

2.3 Marketing

With your consent:

• To send promotional offers, newsletters, or updates about new services/products
• To inform you about local events or special packages at Gilded Dreams

You can opt out of marketing communications at any time by contacting us.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you explicitly agree to receive marketing communications or provide sensitive health data.
• Contractual Necessity: For fulfilling service bookings or online orders.
• Legitimate Interests: For improving our services and ensuring a seamless client experience.
• Legal Obligations: To comply with UK laws and regulations.

4. Data Sharing

We respect your privacy and will never sell or rent your personal data to third parties. However, we may share your information in the following circumstances:

• With trusted service providers (e.g., payment processors, delivery couriers) to fulfill orders or appointments.
• If required by law or regulatory authorities.
  All third parties are contractually obligated to handle your data securely and in compliance with GDPR.

5. Data Retention

We retain personal data only as long as necessary:

• Client records: Up to 2 years after your last visit unless otherwise required for legal purposes.
• E-commerce purchase records: As required by tax laws (typically 6 years).
  You may request that we delete your personal data sooner (see Section 8).

6. Cookies and Tracking Technologies

Our website uses cookies to enhance user experience and analyze site performance. Cookies may collect non-personal data such as:

• Pages visited
• Time spent on the site
  You can manage cookie preferences through your browser settings.

7. Data Security

We implement robust technical and organizational measures to safeguard your data:

• Secure servers for electronic storage
• Encrypted payment processing systems
• Restricted access to sensitive client records
  In the unlikely event of a data breach, we will notify affected individuals promptly in accordance with GDPR requirements.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

1. Access: Request a copy of the data we hold about you.
2. Correction: Update inaccurate or incomplete information.
3. Deletion: Request that we erase your personal data (“Right to Be Forgotten”).
4. Restriction: Limit how we process certain types of data.
5. Objection: Opt out of direct marketing or other specific uses.
6. Data Portability: Receive a copy of your data in a structured format.

To exercise any of these rights, please contact us at info@gildeddreams.co.uk.

9. Third-party Links

Our website may include links to third-party websites (e.g., social media platforms). We are not responsible for the privacy practices of these external sites.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:Gilded Dreams
Carnforth, Lancashire
Email: info@gildeddreams.co.uk
Phone: 01524 732281

Thank you for trusting Gilded Dreams with your privacy!