Now Open | Call: +44 7542 714599

Privacy Policy

Last updated: April 2026

1. Who We Are

Revive Beauty Wellness & Aesthetics (“we”, “us”, or “our”) is a beauty salon based in Weston-super-Mare, North Somerset, United Kingdom. We are the data controller for the personal information we collect about you.

Business Name: Revive Beauty Wellness & Aesthetics

Address: Weston-super-Mare, North Somerset, United Kingdom

Email: hello@revive-bwa.co.uk

Phone: +44 7542 714599

Website: revive-bwa.co.uk

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data: your full name.
  • Contact data: email address and telephone number.
  • Booking data: appointment date, time, treatment type, and any preferences or notes you provide when making a booking.
  • Enquiry data: the content of messages you send us through our contact form or by email.
  • Technical data: IP address, browser type, and pages visited, collected automatically when you use our website (see Section 9 — Cookies).

We do not collect special category data (such as health data) through our website. If you voluntarily disclose health information relevant to a treatment (for example, contraindications), this is collected at the point of consultation and stored securely as part of your client record.

3. Why We Collect Your Data & Our Lawful Basis

Under UK GDPR Article 6, we rely on the following lawful bases to process your personal data:

PurposeLawful Basis (UK GDPR Art. 6)
Responding to enquiries and contact form submissionsArticle 6(1)(f) — Legitimate interests (responding to prospective clients)
Processing and managing appointment bookingsArticle 6(1)(b) — Performance of a contract
Sending booking confirmations and remindersArticle 6(1)(b) — Performance of a contract
Maintaining client records for treatment continuity and safetyArticle 6(1)(f) — Legitimate interests (safe and effective service delivery)
Complying with legal and regulatory obligationsArticle 6(1)(c) — Legal obligation
Sending marketing emails or promotional offers (only where you have opted in)Article 6(1)(a) — Consent

4. How We Store and Protect Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure.

  • Database: Your data is stored in Supabase, a secure cloud database platform. Data is encrypted at rest using AES-256 encryption and in transit using TLS (HTTPS).
  • Access controls: Access to personal data is restricted to authorised personnel only, using role-based access controls and strong authentication.
  • Email communications: Transactional emails (such as booking confirmations) are sent via Resend, a secure email delivery service.
  • Website security: Our website uses HTTPS throughout to encrypt all data transmitted between your browser and our servers.

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. In the unlikely event of a personal data breach, we will notify the Information Commissioner’s Office (ICO) and affected individuals in accordance with our legal obligations under UK GDPR Article 33.

5. How Long We Retain Your Data

We retain your personal data only for as long as necessary for the purposes set out in this policy:

  • Booking and client records: Retained for 7 years from the date of your last appointment, in line with standard business record-keeping obligations.
  • Contact enquiries: Retained for 2 years from the date of the enquiry, unless a client relationship is established.
  • Marketing consent records: Retained until you withdraw consent, plus a reasonable period thereafter.
  • Accounting and financial records: Retained for 6 years as required by HMRC.

When your data is no longer required, we will securely delete or anonymise it.

6. Third-Party Processors

We share your personal data only with trusted third-party service providers acting as data processors on our behalf. These processors are contractually bound to handle your data securely and in accordance with UK GDPR:

ProcessorPurposeLocation
SupabaseSecure database hosting and storage of client and booking dataEU / USA (with appropriate safeguards)
ResendTransactional email delivery (booking confirmations, notifications)USA (with appropriate safeguards)

Where processors are located outside the UK, we ensure appropriate safeguards are in place (such as UK adequacy decisions or Standard Contractual Clauses) before transferring your data.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

7. Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you (a Subject Access Request).
  • Right to rectification: You may ask us to correct any inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): You may ask us to delete your personal data where there is no compelling reason for its continued processing.
  • Right to restriction: You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: You may request that we provide your data in a structured, machine-readable format so you can transfer it to another service.
  • Right to object: You may object to processing based on our legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated processing that significantly affect you. We do not engage in such processing.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@revive-bwa.co.uk. We will respond within one calendar month as required by law. We may need to verify your identity before processing your request.

8. How to Complain

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

9. Cookies

Our website uses a minimal number of cookies. We do not use tracking cookies, advertising cookies, or analytics cookies that collect personal data about your browsing behaviour.

We use only:

  • Strictly necessary / functional cookies: These are essential for the website to function correctly (for example, maintaining session state on our booking system). These cookies do not collect personal data for marketing or tracking purposes and do not require your consent under the Privacy and Electronic Communications Regulations (PECR).

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking technology on this website. If this changes, we will update this policy and, where required, obtain your consent beforehand.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: hello@revive-bwa.co.uk

Phone: +44 7542 714599

Address: Weston-super-Mare, North Somerset, United Kingdom