Last updated: 1 July 2025

This privacy policy describes how Elizabeth M ("we", "us", or "our") collects, uses, and protects your personal data when you visit or interact with our website www.elizabeth-m.com (the “Site”). We are committed to safeguarding your privacy and ensuring transparency in how we use your data.

This policy complies with the General Data Protection Regulation (GDPR).

1. Who We Are

Elizabeth M Skincare is a professional skincare clinic based in Edinburgh, offering a range of advanced facial treatments. We collect personal information via our website to support your enquiries, manage bookings, and improve your experience online.

If you have any questions about this policy or how we handle your data, you can contact us via:
Email: liz@elizabeth-m.com
Phone: 0131 225 2012 

2. What Data We Collect

We may collect and process the following personal data:

Information You Provide Directly:

• Your name, email address and phone number (e.g. via contact forms or booking requests)

• Booking details and preferences

• Skin concerns or treatment goals (if voluntarily submitted via forms)

• Delivery and billing address (if purchasing gift vouchers or products)

• Payment method (handled securely via third-party processors—no card details are stored on our server)

Information We Collect Automatically:

• IP address, browser type and device information

• How you interact with our website (e.g. pages viewed, time spent, clicks)

• Referral source (e.g. if you arrived via Google or social media)

We use tools like Google Analytics and Squarespace’s built-in analytics to collect this data in an anonymised form for performance tracking and to improve the user experience.

3. How We Use Your Data

We use your personal data for the following purposes:

• To respond to your enquiries and manage your appointments

• To send you appointment reminders or important service updates

• To fulfil product or voucher orders (where applicable)

• To improve our website, marketing and service delivery

• To comply with legal or regulatory requirements

With your consent, we may also send occasional marketing communications by email about new treatments, offers or skincare tips. You can opt out at any time.

4. Legal Basis for Processing

Under GDPR, the lawful bases we rely on to process your data include:

• Consent – when you opt in to marketing communications

• Contract – when you make a booking or purchase from us

• Legitimate interest – to run our business efficiently and improve your experience

• Legal obligation – to meet financial or regulatory requirements

5. Data Sharing

We do not sell your personal data.

We may share your information with trusted third parties for essential business services, such as:

• Squarespace – website hosting and analytics

• Google Analytics – anonymised website usage data

• Booking or payment systems – to manage appointments and transactions

• Email service providers – to send transactional or marketing emails

These providers are GDPR-compliant and only process your data to fulfil specific functions on our behalf.

6. Data Storage & Security

We store your data securely using encrypted systems and secure cloud-based platforms. We take appropriate technical and organisational measures to protect your information from unauthorised access, misuse or loss.

We retain personal data only as long as necessary for the purpose it was collected or as required by law (e.g. financial records for HMRC).

7. Your Rights

Under GDPR, you have rights regarding your personal data, including:

• The right to access, correct, or delete your data

• The right to object to processing or restrict how your data is used

• The right to withdraw consent (where consent was given)

• The right to data portability

To exercise any of these rights, contact us at [insert email address].

If you’re unhappy with how we’ve handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk

8. Cookies

We use cookies to enhance your experience on our website. These include necessary cookies for site functionality, as well as performance cookies (e.g. Google Analytics) to track usage data anonymously. For more information, view our Cookies Policy.

9. Third-Party Links

Our website may include links to third-party sites (e.g. social media, skincare brands, online booking tools). We are not responsible for the privacy policies or practices of these external websites.

10. Updates to This Policy

We may update this privacy policy occasionally. Any changes will be posted on this page, and where appropriate, we’ll notify you via email. Please review this page regularly to stay informed.