privacy policy

Privacy Policy

Last updated: 25 June 2026

Holskin respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store and protect your information when you visit our website, contact us, book an appointment or receive a treatment from us.

1. Who we are

Holskin is a skincare and facial treatment studio based in South West London.

For the purposes of UK data protection law, the data controller is:

Legal name: Georgia Hollingshead
Trading name: Holskin
Email: georgiah@holskin.co.uk

When this policy refers to “Holskin”, “we”, “us” or “our”, it means the person or business responsible for deciding how your personal information is used.

2. The information we collect

Depending on how you interact with us, we may collect the following information.

Identity and contact information

This may include your:

  • Name

  • Email address

  • Telephone number

  • Home address, where required

  • Date of birth

  • Emergency contact details

Booking and transaction information

This may include:

  • Treatments booked or purchased

  • Appointment dates and history

  • Payment and transaction information

  • Cancellations, rescheduled appointments and attendance history

  • Gift voucher or promotional code information

Payments may be processed by a third-party payment provider. Holskin does not ordinarily retain your full debit or credit card details.

Consultation and treatment information

To determine whether a treatment is appropriate and safe for you, we may collect information about:

  • Your skin type, condition and concerns

  • Current skincare routine and products

  • Allergies and sensitivities

  • Medical conditions

  • Medications and supplements

  • Pregnancy or breastfeeding status

  • Previous treatments or procedures

  • Lifestyle factors that may affect your skin or treatment

  • Treatment plans, products used and treatment outcomes

  • Contraindications, reactions or adverse events

Some of this information constitutes health information and is treated as special category personal data.

Please only provide medical and health information that is relevant to your treatment. You are responsible for informing us if your health, medication or circumstances change before a future appointment.

Photographs and video

With your permission, we may take photographs or videos to:

  • Record your skin’s condition before, during or after treatment

  • Monitor treatment progress

  • Support your consultation and treatment plan

  • Maintain accurate treatment records

We will obtain separate consent before using identifiable photographs or videos for marketing, educational content, social media, our website or promotional materials. Agreeing to treatment photography for your confidential client record does not automatically mean that you agree to its use for marketing.

You may decline marketing photography without affecting your ability to receive a treatment.

Website and technical information

When you visit our website, we may collect certain technical information automatically, including:

  • IP address

  • Browser and device type

  • Operating system

  • Pages visited

  • Time spent on the website

  • Referring website or source

  • General website usage information

  • Cookie preferences

Communications

We may retain information you provide when you:

  • Submit a website enquiry

  • Email, telephone or message us

  • Contact us through social media

  • Provide feedback or a review

  • Join our mailing list

  • Communicate with us in relation to an appointment or treatment

3. How we collect your information

We may collect personal information:

  • Directly from you when you complete a form, make a booking, attend a consultation, receive a treatment or contact us

  • Through our website and the cookies or technologies used on it

  • Through our booking and client-management provider

  • Through payment providers

  • Through social media platforms when you contact or interact with us

  • From another person where they purchase a gift voucher or make a booking on your behalf

  • From publicly available sources where appropriate

4. How and why we use your information

We may use your information for the following purposes.

Providing treatments and services

We use your information to:

  • Respond to enquiries

  • Arrange and manage appointments

  • Carry out consultations

  • Assess your suitability for treatment

  • Identify contraindications and treatment risks

  • Develop and deliver your treatment plan

  • Recommend appropriate products or aftercare

  • Maintain treatment records

  • Provide ongoing client care

Our lawful bases are generally the performance of a contract, taking steps at your request before entering into a contract, and our legitimate interests in operating a safe and effective skincare business.

Where we process health information, we will also identify an appropriate special category condition. This will usually be your explicit consent.

Appointment administration

We may use your contact details to send:

  • Booking confirmations

  • Appointment reminders

  • Consultation forms

  • Preparation or aftercare information

  • Important changes relating to your appointment

  • Responses to questions about your treatment

These are service communications rather than marketing messages.

Payments, accounting and legal records

We may use and retain relevant information to:

  • Process payments and refunds

  • Issue invoices or receipts

  • Maintain tax and accounting records

  • Prevent or investigate fraud

  • Meet our legal, regulatory and insurance obligations

  • Establish, exercise or defend legal claims

Our lawful bases may include performance of a contract, compliance with a legal obligation and our legitimate interests in protecting and administering the business.

Service improvement and business administration

We may use information to:

  • Improve our treatments, client experience and website

  • Manage client relationships

  • Review business performance

  • Troubleshoot technical issues

  • Keep our website and systems secure

  • Respond to complaints or disputes

We rely on our legitimate interests where those interests are not overridden by your rights and interests.

Marketing

With your permission, we may send you news, treatment information, availability updates, offers or other Holskin marketing by email or another agreed method.

You can unsubscribe at any time by:

  • Using the unsubscribe link in an email

  • Contacting us at georgiah@holskin.co.uk

  • Following the opt-out instructions included in the message

Unsubscribing from marketing will not stop essential appointment or service communications.

Where permitted by law, we may contact existing clients about similar Holskin services, provided that an appropriate opportunity to opt out was offered when the details were collected and is included in every marketing message.

Photographs and content

Identifiable images or videos will only be used publicly where you have provided separate consent for that use.

You may withdraw your consent for future use at any time. This will not affect content that was lawfully published before your consent was withdrawn, and it may not always be possible to remove material that has already been shared or reproduced by third parties.

5. Our lawful bases

Depending on the circumstances, we rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to provide a treatment or service, manage an appointment or take steps at your request before providing a service.

  • Legal obligation: where we must retain or disclose information to comply with applicable law.

  • Legitimate interests: where it is reasonably necessary to operate, protect and improve Holskin, provided that your rights do not override those interests.

  • Consent: where you have freely agreed to a particular use of your information, such as receiving certain marketing or allowing images to be used publicly.

  • Explicit consent: where you expressly agree to the necessary processing of relevant health information or other special category information.

Where we rely on consent, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

6. When you must provide information

Some information is required for us to provide a safe and appropriate treatment.

You are not required to provide personal information simply to browse our website. However, where you do not provide information reasonably required for a consultation, contraindication check, booking or payment, we may be unable to provide the requested service.

7. Who we share your information with

We do not sell or rent your personal information.

Where necessary, we may share limited information with trusted providers that help us operate the business, including:

  • Website hosting and website-management providers, such as Squarespace

  • Appointment booking and client-management providers, such as Fresha

  • Payment processors

  • Email and newsletter providers

  • Cloud storage and secure document providers

  • Accountants, bookkeepers and professional advisers

  • Insurers

  • IT, security and technical-support providers

  • Analytics providers, where you have consented to the relevant cookies

  • Regulatory bodies, government authorities, courts or law-enforcement agencies where legally required

These organisations may act as data processors or, in some circumstances, as independent data controllers. We expect service providers processing information on our behalf to use it only as instructed and to protect it appropriately.

We may also disclose information where reasonably necessary to protect the safety, rights or property of Holskin, our clients or another person, or to establish, exercise or defend a legal claim.

8. International data transfers

Some of the technology and service providers used by Holskin may store or process information outside the United Kingdom.

Where personal information is transferred internationally, we take reasonable steps to ensure that an appropriate legal transfer mechanism and safeguards are in place. These may include UK adequacy regulations, approved contractual protections or another mechanism recognised under UK data protection law.

You may contact us for further information about the safeguards relating to your information.

9. How long we retain your information

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, including legal, accounting, insurance and professional requirements.

Our general retention periods are:

  • Unsuccessful or general enquiries: normally up to 12 months after our last communication.

  • Client consultation and treatment records: normally up to seven years after your last treatment, subject to the requirements of our insurer and any applicable legal or professional obligations.

  • Financial and transaction records: for the period required under applicable tax and accounting rules.

  • Marketing information: until you unsubscribe or withdraw your consent, after which we may retain a limited suppression record to ensure that we respect your preference.

  • Website analytics: according to the retention settings of the relevant analytics provider.

  • Photographs forming part of a treatment record: normally for the same period as the associated client record.

  • Marketing photographs or videos: until the relevant consent is withdrawn or the material is no longer required, subject to material already lawfully published.

We may retain information for longer where it is reasonably required for an actual or potential legal claim, regulatory enquiry or dispute.

At the end of the applicable retention period, information will be securely deleted, anonymised or otherwise disposed of.

10. How we protect your information

We use appropriate organisational and technical measures intended to protect personal information against accidental loss, misuse, unauthorised access, alteration or disclosure.

These measures may include:

  • Password-protected systems and accounts

  • Access controls

  • Secure booking and payment platforms

  • Device security

  • Confidential handling of consultation and treatment records

  • Limiting access to people who genuinely require the information

  • Appropriate arrangements with service providers

Although we take reasonable precautions, no internet transmission or electronic storage system can be guaranteed to be completely secure.

Please avoid sending detailed medical or health information through unencrypted social media messages unless we specifically ask you to do so. Where possible, use the consultation or communication method provided by Holskin.

11. Cookies

Our website may use cookies and similar technologies.

Some cookies are necessary for the website to function properly. Others may help us understand how visitors use the website, remember preferences, improve performance or support marketing.

Where required, optional analytics and marketing cookies will not be placed unless you have provided consent through our cookie-management tool.

You can accept, reject or manage optional cookies through the cookie banner or settings available on our website. You can also control cookies through your browser, although disabling necessary cookies may affect how the website functions.

Please see our Cookie Policy or cookie settings for more detailed information about the cookies currently used.

12. Third-party websites and social media

Our website may contain links to third-party websites, booking services or social media platforms.

Those organisations are responsible for their own privacy practices. We encourage you to read their privacy notices before submitting information through their services.

When you interact with Holskin through a social media platform, the relevant platform may also collect and use information under its own terms and privacy policy.

13. Children’s information

Our website is not intended to collect personal information directly from children without the involvement of a parent or legal guardian.

Where we agree to provide a service to a person under 18, we may require the involvement and consent of a parent or legal guardian and may need to collect information about both the young person and the responsible adult.

14. Your data protection rights

Depending on the circumstances, you may have the right to:

  • Ask for confirmation that we process your personal information

  • Request access to the personal information we hold about you

  • Ask us to correct inaccurate or incomplete information

  • Ask us to erase your information

  • Ask us to restrict how your information is used

  • Object to processing based on legitimate interests

  • Object to direct marketing at any time

  • Request the transfer of certain information to you or another organisation

  • Withdraw consent where processing is based on consent

  • Raise a concern about how your information has been handled

These rights are not absolute and may be subject to legal exceptions. For example, we may need to retain certain treatment or financial records despite an erasure request where there is a legal, insurance or claims-related reason to do so.

To exercise a right, contact us at [business email address]. We may need to confirm your identity before responding.

You will not ordinarily be charged for exercising your rights. However, the law may allow a reasonable fee or refusal where a request is manifestly unfounded or excessive.

15. Complaints

Please contact us first if you have a question or concern about how your personal information has been used:

Email: georgiah@holskin.co.uk

You also have the right to make a complaint to the Information Commissioner’s Office, the UK regulator for data protection.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

You can find further information through the Information Commissioner’s Office website.

16. Changes to this policy

We may update this Privacy Policy when our services, providers or legal obligations change.

The latest version will be published on our website with the date it was last updated. Where a change is particularly significant, we may also bring it to your attention by another appropriate method.

17. Contact us

For questions about this Privacy Policy or how Holskin uses your personal information, contact:

Holskin
Email: georgiah@holskin.co.uk