Effective Date: 12/01/2025

This policy outlines how BODY & MIND SKIN CARE CENTRE LIMITED (“we,” “us,” or “our”) ensures compliance with the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR). By using our Website (https://www.bodyandminduk.com), you agree to the practices outlined herein.


1. Legal Framework Overview

1.1 GDPR (Regulation (EU) 2016/679): Establishes guidelines for the collection, use, and protection of personal data within the EU and UK.

1.2 PECR: Supplements GDPR by providing specific rules for electronic communications, including cookies, email marketing, and tracking technologies.

1.3 This policy applies to all data processed by us, whether collected through our Website, direct communication, or other means.


2. Personal Data Processing Principles

We adhere to the following data protection principles:

2.1 Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.

2.2 Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

2.3 Data Minimization: Only the data necessary for the purposes specified is collected and processed.

2.4 Accuracy: We take reasonable steps to ensure data accuracy and correct inaccuracies promptly.

2.5 Storage Limitation: Data is retained only as long as necessary for the purposes for which it was collected.

2.6 Integrity and Confidentiality: Data is processed securely to protect against unauthorized access, loss, or damage.


3. Lawful Basis for Processing

We process personal data under the following lawful bases:

3.1 Consent: When individuals have provided clear and explicit consent for specific purposes (e.g., email marketing).

3.2 Contract: When data is required to perform a contract (e.g., completing a service request).

3.3 Legal Obligation: When necessary to comply with legal or regulatory obligations.

3.4 Legitimate Interests: When processing is necessary for our legitimate business interests, provided it does not override individual rights.


4. Cookie and Tracking Compliance (PECR)

4.1 Cookies:

  • We use cookies in accordance with PECR to enhance Website functionality and improve user experience.
  • Non-essential cookies (e.g., analytics or advertising cookies) are only deployed with user consent.

4.2 Consent Mechanism:

  • Users are presented with a clear and accessible cookie consent banner upon their first visit.
  • Consent options include “Accept All,” “Reject All,” and “Manage Preferences.”

4.3 Cookie Management:

  • Users can manage or withdraw consent via browser settings or the cookie preferences link on our Website.

4.4 Electronic Marketing:

  • Marketing emails, SMS, and other electronic communications are sent only to users who have explicitly opted in.
  • Clear opt-out options are included in all communications.

5. Individual Rights (GDPR)

Under GDPR, individuals have the following rights:

5.1 Right to Access: Request details about the personal data we hold about you.

5.2 Right to Rectification: Request correction of inaccurate or incomplete data.

5.3 Right to Erasure (“Right to Be Forgotten”): Request deletion of your data where applicable.

5.4 Right to Restriction: Restrict processing under certain circumstances.

5.5 Right to Data Portability: Receive your data in a structured, machine-readable format.

5.6 Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

5.7 Right to Withdraw Consent: Withdraw consent for specific processing activities at any time.

5.8 Right to Lodge a Complaint: File a complaint with the Information Commissioner’s Office (ICO) if you believe your data rights have been violated (https://ico.org.uk/).


6. Data Transfers and Security

6.1 International Transfers:

  • Where data is transferred outside the UK or EEA, we ensure adequate safeguards, such as Standard Contractual Clauses (SCCs), are in place.

6.2 Data Security Measures:

  • Encryption of sensitive data.
  • Regular data protection audits and risk assessments.
  • Secure storage systems and access controls.

7. Breach Notification

7.1 In the event of a data breach that poses a risk to individuals’ rights, we will:

  • Notify the ICO within 72 hours of becoming aware of the breach.
  • Inform affected individuals if the breach is likely to result in high risks to their rights and freedoms.

7.2 We maintain a Data Breach Response Plan to ensure prompt and effective handling of incidents.


8. Accountability and Governance

8.1 We maintain detailed records of data processing activities as required under GDPR.

8.2 Staff receive regular training on data protection compliance.

8.3 We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.


9. Policy Updates

9.1 This policy will be reviewed and updated periodically to reflect changes in legal requirements or business practices.

9.2 Users are encouraged to review this policy regularly. The “Effective Date” at the top will indicate the latest revision.


10. Contact Information

For inquiries or concerns about GDPR or PECR compliance, please contact:

BODY & MIND SKIN CARE CENTRE LIMITED 1 Tyrone House, Church Street, Wellington, Telford, TF1 1DR

Email: info@bodyandminduk.com

Start typing and press Enter to search

Shopping Cart
No products in the basket.