top of page

Privacy Policy

Last updated: 17 May 2026

Gabriella's Aesthetics & Beauty ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, book a treatment, attend our salon, or otherwise interact with us.

This policy is issued on behalf of Gabriella's Aesthetics & Beauty, operating from Salon Eighty Three, 82-83 High Street, Gorleston, Norfolk, NR31 6RQ.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is Gabriella Lombardi, trading as Gabriella's Aesthetics & Beauty.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at gabriellalombardi.gab@gmail.com.

 

1. Who We Are

Gabriella's Aesthetics & Beauty is a skin and aesthetics clinic offering bespoke facials, advanced treatments, and skincare memberships from Salon Eighty Three in Gorleston, Norfolk. References to "the Clinic" in this policy refer to Gabriella's Aesthetics & Beauty.

 

2. The Information We Collect

We collect and process the following categories of personal information.

Information you provide directly to us. When you book a treatment, complete a consultation form, sign up for a membership, contact us via email or social media, or engage with our website, you may provide us with your name, date of birth, postal address, email address, telephone number, and emergency contact details.

Health and skin information. Because we provide skin treatments, we collect health-related information that is necessary to deliver your treatment safely. This includes details of your medical history, current medications, allergies, skin concerns, lifestyle factors (including diet, sleep, and stress levels), pregnancy or breastfeeding status, and any contraindications relevant to the treatments you receive. Under UK GDPR this is classed as "special category data" and is treated with additional care.

Treatment records and imagery. We keep records of the treatments you have received, products used, professional observations, treatment outcomes, and where you have given consent, before-and-after photographs of treated areas.

Payment information. When you pay for a treatment, membership, or product, payment information is processed by our third-party payment providers. We do not store full card details on our systems.

Booking information. When you book through our online booking system (Fresha), we receive your booking details, contact information, appointment history, and any notes you have added to your booking.

Marketing preferences. Your preferences in relation to receiving marketing communications from us.

Website and technical information. When you visit our website, we automatically collect certain information about your device and browsing activity, including your IP address, browser type, operating system, referring URLs, pages visited, and the date and time of your visit. This is collected through cookies and similar technologies. Please see our Cookie Policy for more detail.

 

3. How We Collect Your Information

We collect personal information in the following ways: through our online booking platform (Fresha) when you book an appointment; through consultation forms completed in advance of or during your first appointment; in person at the salon during treatments and follow-up conversations; through our website contact forms and direct email correspondence; through our Instagram account and other social media channels where you message or engage with us; through telephone enquiries; and automatically through cookies and analytics tools when you visit our website.

 

4. The Lawful Bases for Processing Your Information

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following bases.

Contract. We process your personal data where it is necessary for the performance of a contract with you, such as fulfilling a treatment booking or membership.

Legitimate interests. We process some personal data where it is in our legitimate interests to do so, including maintaining client records, improving our services, preventing fraud, and managing our day-to-day business operations. Where we rely on legitimate interests, we balance our interests against your rights and freedoms.

Consent. We rely on your consent for marketing communications, the use of before-and-after photography, the use of non-essential cookies, and the processing of certain special category data.

Legal obligation. We process personal data where we are required to do so by law, including tax, accounting, insurance, and health and safety obligations.

Vital interests. In rare cases, we may process your personal data to protect your or someone else's vital interests, such as in a medical emergency.

For special category (health) data, we additionally rely on your explicit consent, and on the basis that processing is necessary for the provision of treatment in line with Article 9(2)(h) of the UK GDPR.

 

5. How We Use Your Information

We use your personal information to: manage your bookings and provide your treatments; carry out skin consultations and ensure treatments are safe and appropriate for you; maintain accurate client and treatment records; process payments and manage memberships; communicate with you about your appointments, including reminders, rescheduling, and aftercare; respond to your enquiries and provide customer support; send you marketing communications where you have consented; improve our treatments, services, and website; comply with our legal, regulatory, and insurance obligations; and protect our legal rights where necessary.

 

6. Marketing Communications

We will only send you marketing communications by email, SMS, or other electronic means where you have given us your consent to do so.

You can withdraw your consent at any time by clicking the "unsubscribe" link in any marketing email, replying "STOP" to any marketing SMS, or contacting us directly at gabriellalombardi.gab@gmail.com. Withdrawing your consent will not affect any treatment-related communications we need to send you, such as appointment confirmations or aftercare information.

7. Photography and Social Media

With your separate, written consent we may take before-and-after photographs of treated areas for the purposes of your treatment records, professional development, and where you have specifically agreed, sharing on our website, portfolio, or social media channels.

You can refuse consent for photography at any point without any impact on the treatment you receive. If you have previously consented to images being shared and wish for them to be removed, please contact us and we will remove them from any channels we control as soon as reasonably possible.

8. Who We Share Your Information With

We do not sell your personal data. We share personal information with the following categories of third parties where necessary.

Service providers. We work with carefully selected third parties who help us run our business, including our booking platform (Fresha), our website host (Wix), email and communication providers, payment processors, accountants, and IT support providers. These parties only process your personal data on our instructions and in line with appropriate data protection safeguards.

Professional advisers. We may share information with our insurers, lawyers, accountants, and auditors where necessary for the running of our business or to comply with our legal obligations.

Regulatory and legal bodies. We may share information with HMRC, regulators, law enforcement, and other authorities where we are legally required to do so or to protect our legal rights.

In the event of a sale. If the business is sold, transferred, or restructured, we may share your personal data with the new owner or relevant third parties in connection with that transaction.

9. International Transfers

Some of the third-party providers we use may store or process data outside the United Kingdom. Where this is the case, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, so that your data continues to receive an essentially equivalent level of protection.

 

10. How Long We Keep Your Information

We will only keep your personal information for as long as is necessary for the purposes for which it was collected.

Client treatment records are typically retained for a minimum of seven years following your last appointment with us, in line with industry guidance and our insurance requirements. Financial and tax records are retained for a minimum of six years in line with HMRC requirements. Marketing data is retained until you withdraw your consent or we determine that it is no longer needed. Website analytics data is retained in line with the periods set by the relevant analytics provider.

When personal data is no longer needed, we will securely delete or anonymise it.

 

11. How We Protect Your Information

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, alteration, or destruction.

These measures include password-protected systems, restricted access to client records, secure storage of any physical records, encryption where appropriate, and the use of reputable third-party providers with their own robust security measures.

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee the absolute security of any data transmitted to our website.

 

12. Your Rights

Under UK GDPR you have a number of rights in relation to your personal data, including the right to:

be informed about how your personal data is used; access the personal data we hold about you; request the correction of inaccurate or incomplete data; request the deletion of your personal data, subject to certain legal exceptions; restrict the processing of your personal data; object to the processing of your personal data; request the portability of your personal data to another provider; withdraw consent at any time where we are relying on consent to process your data; and not be subject to decisions based solely on automated decision-making.

To exercise any of these rights, please contact us at gabriellalombardi.gab@gmail.com. We will respond to your request within one month, although in some cases we may extend this period by up to a further two months for complex requests.

We may need to ask you to verify your identity before responding to your request to protect the security of your data.

 

13. Children's Privacy

Our treatments and services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18 without parental or guardian consent. If you believe we hold information about a child without appropriate consent, please contact us so we can take the necessary action.

 

14. Cookies

Our website uses cookies and similar technologies to function correctly, improve your experience, and analyse how the site is used. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.

 

15. Third-Party Links

Our website and social media channels may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of every website you visit.

 

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The latest version will always be available on our website, with the "Last updated" date at the top of the page. We encourage you to review this policy periodically.

 

17. How to Contact Us

If you have any questions about this Privacy Policy, would like to exercise any of your rights, or wish to make a complaint, please contact us:

Email: gabriellalombardi.gab@gmail.com Post: Gabriella's Aesthetics & Beauty, Salon Eighty Three, 82-83 High Street, Gorleston, Norfolk, NR31 6RQ Instagram: @gabriellalombardi.skin

 

18. Complaints

We hope to resolve any concerns you have about our handling of your personal data directly. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113 Website: https://ico.org.uk

bottom of page