top of page
Bazko studio and academy black
  • Facebook
  • Instagram

Bazko Beauty and Academy – Privacy Policy

Last updated: 23 November 2025

​

Bazko Beauty and Academy (“Bazko Beauty”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data fairly, lawfully and transparently.

​

This Privacy Policy explains how we collect, use and share personal data when you:

  • Visit our website [www.bazko.co.uk] (the “Website”);

  • Book or receive beauty treatments at Bazko Beauty;

  • Enrol in or attend our Academy courses (in person or online); or

  • Communicate or interact with us in any other way (email, social media, phone, in person).

We are required to comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (“PECR”) as amended.

​

1. Who we are (Data Controller)

​

Bazko Beauty and Academy is the data controller of your personal data.

​

  • Business name: Bazko Beauty and Academy

  • Legal form: [Sole trader / Limited company, company number if applicable]

  • Registered / trading address: [Full postal address in Scotland]

  • Email: [info@bazkobeauty.co.uk]

  • Telephone: [0XXXX XXXXXX]

  • Website: [www.bazko.co.uk]

​

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

​

We are not currently required to appoint a Data Protection Officer, but we take data protection seriously and you can contact us with any concerns.

​

2. What personal data we collect

​

The personal data we collect depends on how you interact with us. It may include:

​

2.1 Basic contact and identity information

  • Name, title, date of birth

  • Address, postcode, country

  • Email address, phone number

  • Emergency contact details (for treatments or courses)

​

2.2 Booking and treatment information

  • Treatment history (services you have received)

  • Appointment dates and times

  • Consultation forms and treatment notes

  • Information about allergies, skin type, medical conditions relevant to your treatment (e.g. pregnancy, medications, previous reactions) – this is special category data (health) and needs extra protection under UK GDPR.

​

2.3 Academy and course information

  • Course enrolment details (course title, dates, location/online)

  • Payment and billing information (see also section 2.4)

  • Professional information (e.g. salon/employer, role, qualifications)

  • Assessment records, attendance, and certificates issued

​

2.4 Payment and transaction information

  • Transaction details (amount, date, time, items purchased)

  • Limited payment card details (usually processed by our payment provider – we do not store full card numbers or security codes).

​

2.5 Marketing and communication data

  • Your marketing preferences (email, SMS, social media, phone)

  • Records of your communication with us (emails, messages, feedback, complaints)

  • Your consent records (e.g. when you opted in or out of marketing)

​

2.6 Images and media

  • Before/after photos taken during treatments (only with your consent)

  • Photos or videos taken at events or training sessions, used for our portfolio or marketing (only with your consent, unless you are not identifiable).

​

Beauty salons often process client images and health information, which are considered more sensitive and must be treated carefully.

​

2.7 Website and technical data

  • IP address and approximate location

  • Device type, browser type, operating system

  • Pages visited, time and date of visits, clickstream data

  • Cookies and similar technologies (see Section 8 – Cookies)

​

2.8 CCTV (if applicable)

If we use CCTV in or around our premises, we may record images of you for security and safety purposes. This will be clearly signposted where in use.

​

3. How we collect your personal data

We collect personal data in the following ways:

​

  • Directly from you

    • When you book or receive a treatment in person, by phone, via social media, or through our Website

    • When you complete consultation forms or consent forms

    • When you enrol in an Academy course or create an online account

    • When you sign up for marketing, promotions, competitions, or events

    • When you contact us with questions, feedback or complaints

​

  • Automatically

    • Through cookies and similar technologies when you use our Website (see Section 8)

​

  • From third parties

    • Online booking systems and payment providers

    • Social media platforms, if you interact with our pages

    • Training partners or awarding organisations (for Academy courses), where relevant

​

4. Our lawful bases for using your personal data

Under UK GDPR we must have a lawful basis to process your personal data. The lawful bases we rely on are:

​

  • Contract – to enter into and perform a contract with you (e.g. providing beauty treatments or Academy courses).

  • Legal obligation – to comply with legal and regulatory requirements (e.g. tax and accounting rules, insurance, health and safety, licensing).

  • Legitimate interests – for our legitimate business interests, provided your rights and freedoms are not overridden (e.g. managing our business, improving our services, protecting against fraud, using CCTV for security).

  • Consent – where you have clearly agreed to us using your data (e.g. for marketing communications, using your images, or holding certain health information when no other condition applies). You can withdraw your consent at any time.

  • Vital interests – in rare cases, to protect your vital interests (e.g. sharing information with medical professionals in an emergency).

​

4.1 Special category data (health information)

Health information (e.g. allergies, medical conditions relevant to treatments) is special category data, which requires additional conditions for processing under UK GDPR and the Data Protection Act 2018.

​

We will usually process this data on the basis of:

  • Your explicit consent – for us to record health information in consultation forms so we can safely perform treatments or training activities; and

  • Vital interests – in rare cases, to protect you or another person in a medical emergency.

​

You may refuse to provide health information, but this may mean we cannot safely provide certain treatments or training.

​

5. How we use your personal data

We use your personal data for the following purposes:

​

  1. To provide beauty treatments and related services

    • Booking and managing your appointments

    • Conducting consultations and assessing suitability for treatments

    • Delivering treatments and aftercare

    • Managing payments and invoices
      Lawful bases: Contract, legitimate interests, consent (for special category data)

  2. To provide Academy courses and training

    • Processing enrolments and applications

    • Delivering in-person and online training

    • Recording attendance, assessments and issuing certificates

    • Supporting learners and responding to queries
      Lawful bases: Contract, legitimate interests, legal obligation (where recognised qualifications are involved)

  3. To manage our relationship with you

    • Responding to your questions and feedback

    • Notifying you about changes to our terms, services or policies

    • Handling complaints and disputes
      Lawful bases: Contract, legitimate interests, legal obligation

  4. Marketing and promotions

    • Sending you news, offers, promotions and updates about Bazko Beauty and Academy by email, SMS or other channels

    • Running competitions or loyalty schemes
      Lawful bases: Consent, legitimate interests (subject to PECR rules for electronic marketing)

  5. Using images for portfolio and marketing

    • With your explicit consent, using your before/after photos or course photos on our Website, social media, or printed materials
      Lawful bases: Explicit consent

  6. Website operation and improvement

    • Operating and securing our Website

    • Analysing how visitors use our Website to improve layout, content and user experience
      Lawful bases: Legitimate interests, consent for non-essential cookies (see Section 8)

  7. Security and fraud prevention

    • Protecting our premises, staff, clients and learners (including use of CCTV where applicable)

    • Detecting and preventing fraud or misuse of our services
      Lawful bases: Legitimate interests, legal obligation

  8. Compliance and legal claims

    • Keeping records required by law (e.g. tax, accounting)

    • Responding to requests from regulators or law enforcement (where lawful)

    • Establishing, exercising or defending legal claims
      Lawful bases: Legal obligation, legitimate interests

​

6. Marketing communications

We comply with UK GDPR and PECR when sending electronic marketing (email, SMS, etc.).

​

  • We will only send you marketing communications if:

    • You have opted in, or

    • You are an existing client or learner and we are marketing similar services, and you have not opted out (the “soft opt-in”, where permitted by law).

  • You can opt out of marketing at any time by:

    • Clicking “unsubscribe” in our emails; or

    • Replying “STOP” or similar to SMS; or

    • Contacting us by email at [info@bazkobeauty.co.uk].

​

Even if you opt out of marketing, we may still send you service communications (e.g. appointment reminders, important course information, policy changes).

​

7. Cookies and website tracking

Our Website uses cookies and similar technologies.

​

Cookies are small text files placed on your device to help the site work properly, improve user experience, and collect analytics about how visitors use the site. Under PECR, we must tell you about cookies and, for most non-essential cookies, obtain your consent.

​

We group cookies as follows:

  • Strictly necessary cookies – required for the Website to function (e.g. security, page navigation, online booking). You cannot switch these off via our cookie banner.

  • Performance / analytics cookies – help us understand how visitors use the Website (e.g. pages visited, time on site) so we can improve it.

  • Functionality cookies – remember your preferences (e.g. language, region).

  • Marketing / advertising cookies – used to deliver personalised adverts or track the effectiveness of our marketing campaigns.

​

When you first visit the Website, a banner will explain the use of cookies and give you options to accept, reject, or customise non-essential cookies. You can change your preferences at any time [by using our cookie settings link].

For more detail, please see our Cookie Policy (if you have a separate one) or a section below you can add later.

​

8. Sharing your personal data

We do not sell your personal data to third parties. We may share your data with:

​

  • Our staff and contractors – who need access to provide treatments, courses, support, or administrative services.

  • IT, hosting and software providers – e.g. online booking platforms, email systems, website hosting, customer management systems.

  • Payment service providers – for processing card payments securely.

  • Professional advisers – such as accountants, insurers, legal advisers.

  • Training partners / awarding bodies – where necessary to deliver and certify Academy courses.

  • Marketing and communications providers – for sending emails, SMS messages, or managing social media campaigns, in compliance with PECR.

  • Regulators, law enforcement, or public authorities – if required by law or in connection with legal claims, fraud prevention, or safeguarding concerns.

​

Where we share personal data with third-party service providers, we ensure they only process the data on our documented instructions, keep it secure, and do not use it for their own purposes.

​

9. International transfers

Some of our service providers (for example, cloud hosting or email services) may be located outside the UK.

If we transfer your personal data outside the UK, we will ensure that one of the following safeguards is in place, as required by UK GDPR:

​

  • The country has been recognised by the UK government as providing an adequate level of data protection; or

  • We use standard contractual clauses or other approved measures to protect your data.

You can contact us for more information about international transfers and the safeguards used.

​

10. How long we keep your personal data

We keep personal data only for as long as necessary for the purposes set out in this Privacy Policy and to meet legal, accounting, or reporting requirements.

​

As a guide:

  • Client records and treatment notes: typically kept for up to 7 years after your last appointment (to comply with professional and insurance requirements).

  • Academy learner records: typically kept for up to 7 years after your last course, to maintain training records and certificates.

  • Financial and transaction records: normally kept for 6 years to meet tax and accounting obligations.

  • Marketing data: kept until you withdraw consent or object, or after a defined period of inactivity (e.g. 2–3 years).

  • CCTV recordings (if used): usually retained for a short period (e.g. 30–90 days) unless needed for an investigation.

​

We may keep data for longer where necessary in connection with legal claims or regulatory investigations. When data is no longer needed, we will securely delete or anonymise it.

​

11. How we protect your personal data

We take appropriate technical and organisational measures to protect your personal data, including:

​

  • Limiting access to personal data to staff who need it

  • Password protection and access controls

  • Secure, reputable third-party systems for bookings, payments and email

  • Staff training on confidentiality and data protection

  • Regular checks and updates to our security practices

​

However, no system is completely secure, and we cannot guarantee absolute security of data transmitted over the internet. You are responsible for keeping your login details confidential if you create an online account.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will take appropriate steps and, where required, notify you and the Information Commissioner’s Office (ICO).

​

12. Your data protection rights

Under UK GDPR, you have the following rights in relation to your personal data:

​

  1. Right to be informed – to receive clear information about how we use your data (this Privacy Policy).

  2. Right of access – to request a copy of the personal data we hold about you.

  3. Right to rectification – to have inaccurate or incomplete data corrected.

  4. Right to erasure (“right to be forgotten”) – to request deletion of your data in certain circumstances.

  5. Right to restrict processing – to ask us to limit how we use your data in certain situations.

  6. Right to data portability – to receive your data in a commonly used electronic format and transfer it to another organisation (where applicable).

  7. Right to object – to object to processing based on our legitimate interests or for direct marketing.

  8. Rights related to automated decision-making and profiling – we do not carry out automated decision-making that has legal or similarly significant effects on you.

​

You can exercise any of these rights by contacting us at [info@bazkobeauty.co.uk]. We may need to verify your identity before responding.

​

12.1 Your right to withdraw consent

Where we rely on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before it was withdrawn.

​

To withdraw consent, please contact us or use the unsubscribe options in our communications.

​

12.2 Your right to complain

If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

​

  • Website: [www.ico.org.uk]

  • Telephone: 0303 123 1113

  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

​

13. Children and young people

Our services are primarily aimed at adults. We may provide certain treatments or training to young people, depending on the service and with appropriate parental or guardian consent.

​

Where we process children’s personal data, we take extra care to protect their privacy and may require parental/guardian consent for treatments, images, or course enrolment as required by law and good practice.

​

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in:

  • Our services;

  • Our business practices; or

  • Applicable laws and regulations (including future changes to UK GDPR, the Data Protection Act 2018, and PECR).

​

When we make significant changes, we will update the “Last updated” date at the top and, where appropriate, notify you via our Website or by email.

​

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

bottom of page