Enchanted Craft
Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

Enchanted Craft is a sole trader operating a nail, lash and brow studio in Ashford, Surrey. For the purposes of data protection law, Enchanted Craft is the data controller of your personal information. You can contact us at hello@enchantedcraft.co.uk.

2. What Information We Collect

We collect and process the following personal information when you use our website or book an appointment:

  • Name, email address and phone number
  • Appointment details (services, dates, times, location preferences)
  • Payment information (handled securely by our payment processor; we do not store full card details)
  • Any health or allergy information you choose to provide
  • Account login credentials

3. How We Use Your Information

We use your personal data to:

  • Process and manage your bookings
  • Send appointment confirmations, reminders and updates
  • Process payments and deposits
  • Communicate with you about your appointment or any issues
  • Maintain records for tax and accounting purposes
  • Improve our services and customer experience

We do not sell your personal data to third parties.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

  • Contract: Processing is necessary to fulfil your booking contract with us.
  • Legitimate interests: To run our business efficiently and communicate with you about your appointments.
  • Consent: Where you have opted in to receive marketing communications (you can withdraw consent at any time).
  • Legal obligation: To comply with tax, accounting and other legal requirements.

5. Data Sharing

We share your personal data only with the following trusted third parties, and only to the extent necessary:

  • Our payment processor (Stripe) to handle card transactions
  • Our cloud hosting and database provider (Lovable Cloud) to securely store booking data
  • Email delivery services to send confirmations and reminders

All third parties we work with are contractually bound to protect your data and use it only for the purposes we specify.

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Typically:

  • Booking records are retained for 6 years for tax and accounting purposes
  • Account data is retained while your account is active; you may request deletion at any time
  • Marketing preferences are retained until you withdraw consent

7. Your Rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request erasure of your personal data ("right to be forgotten")
  • Object to or restrict certain types of processing
  • Withdraw consent at any time (where processing is based on consent)
  • Complain to the Information Commissioner's Office (ICO)

To exercise any of these rights, please email hello@enchantedcraft.co.uk.

8. Security

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, loss or misuse. All data is stored securely using encrypted cloud services, and payment information is handled by PCI-compliant payment processors.

9. Cookies

Our website uses essential cookies to enable core functionality such as user authentication and booking management. We do not use tracking or advertising cookies.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at hello@enchantedcraft.co.uk.