top of page

PRIVACY POLICY

Privacy Policy for Evolution Advanced Laser Studio

 

Last Updated: 20/08/2025

​

​

1. Introduction

​

Evolution Advanced Laser Studio ("we", "us", "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, disclose, and protect your personal data when you visit our website www.evolutionadvancedlaserstudio.co.uk] or use our services. We are the data controller and are responsible for your personal data. By using our website and services, you consent to the practices described in this policy.

​

​

2. Information We Collect About You

​

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

​

  • Identity Data: First name, last name, title, date of birth, gender.

  • Contact Data: Billing address, delivery address (if different), email address, telephone numbers.

  • Health & Special Category Data: This is sensitive data crucial for our service. It includes:

    • Medical history related to your tattoo and skin.

    • Photographs of the area to be treated and during/after treatment.

    • Details of skin type, allergies, medication, and other health information you provide in our consultation forms.

    • Treatment notes and records.

  • Financial Data: We do not store full bank card details. Our payment processor (e.g., Stripe, WorldPay) handles this. We may store the last four digits of your card and the expiry date for reference. We also hold records of transactions and invoices.

  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Usage Data: Information about how you use our website and services.

  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

​

3. How We Collect Your Data

​

We use different methods to collect data from and about you including through:

  • Direct interactions: You may give us your Identity, Contact, Health, and Financial Data by filling in forms, during consultations, or by corresponding with us by post, phone, email, or in person.

  • Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

  • Third parties or publicly available sources: We may receive Technical Data from analytics providers such as Google based outside the UK.

​

​

4. How We Use Your Personal Data (Our Lawful Basis)

​

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of a Contract: To provide our laser tattoo removal services to you, including managing payments and appointments.

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., sending marketing communications via email/text).

  • Legitimate Interests: For running our business, providing administration and IT services, network security, and preventing fraud.

  • Vital Interest: To protect someone’s life (a very rare circumstance).

  • Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., retaining financial records for HMRC).

Special Category Data (Health Data): Processing your health data is necessary for providing health treatment (the tattoo removal service) pursuant to a contract with a health professional (our practitioners) and for preventative or occupational medicine. This is a specific condition under UK GDPR Article 9.

Purpose/ActivityType of DataLawful Basis for Processing

To register you as a new client(a) Identity
(b) ContactPerformance of a contract with you

To perform a consultation and create a treatment plan(a) Identity
(b) Contact
(c) Health (Special)Necessary for the provision of healthcare

To perform the tattoo removal procedure(a) Identity
(b) Contact
(c) Health (Special)
(d) Financial(a) Performance of a contract
(b) Necessary for the provision of healthcare

To manage payments and collect fees(a) Identity
(b) Contact
(c) Financial(a) Performance of a contract
(b) Necessary for our legitimate interests

To manage our relationship with you(a) Identity
(b) Contact
(c) Marketing(a) Performance of a contract
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests

To send non-essential marketing(a) Identity
(b) Contact
(c) MarketingConsent

To use data analytics to improve our website(a) Technical
(b) UsageNecessary for our legitimate interests

​

​

5. How We Share Your Personal Data

​

We may have to share your personal data with the parties set out below for the purposes outlined in section 4.

  • Service Providers: IT and system administration services, professional advisors (lawyers, bankers, auditors), payment processing services.

  • Healthcare Professionals: In the event of a medical complication or for a second professional opinion (with your explicit consent, unless in a vital emergency).

  • Government Bodies: HM Revenue & Customs, regulators, and other authorities based in the UK who require reporting of processing activities in certain circumstances.

  • Third Parties: If we sell, transfer, or merge parts of our business, your data may be transferred to the new owners.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

​

​

6. International Transfers

​

We do not transfer your personal data outside the UK or the European Economic Area (EEA), unless our third-party service providers use servers located outside these areas. If we do, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • The country has been deemed to provide an adequate level of protection by the UK.

  • We use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

​

 

7. Data Security

​

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These include:

  • Encrypted storage of electronic files.

  • Locked cabinets for physical records.

  • Limited access to your personal data on a need-to-know basis.

  • Secure, password-protected systems.

We have procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner's Office (ICO) of a breach where we are legally required to do so.

​

​

​

8. Data Retention

​

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Health Records: As a healthcare provider, we are required to retain adult health records for a minimum of 8 years after your last treatment, or until the age of 25 if the client is under 18. We may retain them for longer for clinical best practice and legal protection.

  • Financial Records: We are required to keep basic financial records (e.g., invoices) for 6 years after the end of the current tax year for HMRC purposes.

After the retention period, your data will be securely destroyed or anonymised.

​

​

​

9. Your Legal Rights

​

Under data protection laws, you have rights including:

  • The right to access – You have the right to request copies of your personal data.

  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please note: Your right to erasure is not absolute. Due to our legal and clinical obligations as a healthcare provider, we must retain your health records for the period stated in section 8, even if you request erasure.

​

​

​

10. How to Complain

​

If you have any concerns about our use of your personal data, please contact us in the first instance. We will do our best to resolve the issue.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

​

​

11. Contact Us

​

To exercise any of your rights, or if you have any questions about this privacy policy, please contact us:

Email: HELLO@evolutionlaserstudio.co.uk]
Post: Evolution Advanced Laser Studio, Unit 8, The Courtyard, Falkirk, FK11XR.
Phone: 07399213830

​

​

12. Changes to This Policy

​

We may update this policy from time to time. The latest version will always be available on our website and will be dated accordingly.

bottom of page