Privacy Policy
Last updated: April 2026
1. Who We Are
Revive Beauty Wellness & Aesthetics (“we”, “us”, or “our”) is a beauty salon based in Weston-super-Mare, North Somerset, United Kingdom. We are the data controller for the personal information we collect about you.
Business Name: Revive Beauty Wellness & Aesthetics
Address: Weston-super-Mare, North Somerset, United Kingdom
Email: hello@revive-bwa.co.uk
Phone: +44 7542 714599
Website: revive-bwa.co.uk
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity data: your full name.
- Contact data: email address and telephone number.
- Booking data: appointment date, time, treatment type, and any preferences or notes you provide when making a booking.
- Enquiry data: the content of messages you send us through our contact form or by email.
- Technical data: IP address, browser type, and pages visited, collected automatically when you use our website (see Section 9 — Cookies).
We do not collect special category data (such as health data) through our website. If you voluntarily disclose health information relevant to a treatment (for example, contraindications), this is collected at the point of consultation and stored securely as part of your client record.
3. Why We Collect Your Data & Our Lawful Basis
Under UK GDPR Article 6, we rely on the following lawful bases to process your personal data:
| Purpose | Lawful Basis (UK GDPR Art. 6) |
|---|---|
| Responding to enquiries and contact form submissions | Article 6(1)(f) — Legitimate interests (responding to prospective clients) |
| Processing and managing appointment bookings | Article 6(1)(b) — Performance of a contract |
| Sending booking confirmations and reminders | Article 6(1)(b) — Performance of a contract |
| Maintaining client records for treatment continuity and safety | Article 6(1)(f) — Legitimate interests (safe and effective service delivery) |
| Complying with legal and regulatory obligations | Article 6(1)(c) — Legal obligation |
| Sending marketing emails or promotional offers (only where you have opted in) | Article 6(1)(a) — Consent |
4. How We Store and Protect Your Data
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure.
- Database: Your data is stored in Supabase, a secure cloud database platform. Data is encrypted at rest using AES-256 encryption and in transit using TLS (HTTPS).
- Access controls: Access to personal data is restricted to authorised personnel only, using role-based access controls and strong authentication.
- Email communications: Transactional emails (such as booking confirmations) are sent via Resend, a secure email delivery service.
- Website security: Our website uses HTTPS throughout to encrypt all data transmitted between your browser and our servers.
Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. In the unlikely event of a personal data breach, we will notify the Information Commissioner’s Office (ICO) and affected individuals in accordance with our legal obligations under UK GDPR Article 33.
5. How Long We Retain Your Data
We retain your personal data only for as long as necessary for the purposes set out in this policy:
- Booking and client records: Retained for 7 years from the date of your last appointment, in line with standard business record-keeping obligations.
- Contact enquiries: Retained for 2 years from the date of the enquiry, unless a client relationship is established.
- Marketing consent records: Retained until you withdraw consent, plus a reasonable period thereafter.
- Accounting and financial records: Retained for 6 years as required by HMRC.
When your data is no longer required, we will securely delete or anonymise it.
6. Third-Party Processors
We share your personal data only with trusted third-party service providers acting as data processors on our behalf. These processors are contractually bound to handle your data securely and in accordance with UK GDPR:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Secure database hosting and storage of client and booking data | EU / USA (with appropriate safeguards) |
| Resend | Transactional email delivery (booking confirmations, notifications) | USA (with appropriate safeguards) |
Where processors are located outside the UK, we ensure appropriate safeguards are in place (such as UK adequacy decisions or Standard Contractual Clauses) before transferring your data.
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
7. Your Rights Under UK GDPR
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:
- Right of access: You may request a copy of the personal data we hold about you (a Subject Access Request).
- Right to rectification: You may ask us to correct any inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): You may ask us to delete your personal data where there is no compelling reason for its continued processing.
- Right to restriction: You may request that we restrict the processing of your data in certain circumstances.
- Right to data portability: You may request that we provide your data in a structured, machine-readable format so you can transfer it to another service.
- Right to object: You may object to processing based on our legitimate interests or for direct marketing purposes.
- Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated processing that significantly affect you. We do not engage in such processing.
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@revive-bwa.co.uk. We will respond within one calendar month as required by law. We may need to verify your identity before processing your request.
8. How to Complain
If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve the matter. You also have the right to lodge a complaint with the UK’s supervisory authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
9. Cookies
Our website uses a minimal number of cookies. We do not use tracking cookies, advertising cookies, or analytics cookies that collect personal data about your browsing behaviour.
We use only:
- Strictly necessary / functional cookies: These are essential for the website to function correctly (for example, maintaining session state on our booking system). These cookies do not collect personal data for marketing or tracking purposes and do not require your consent under the Privacy and Electronic Communications Regulations (PECR).
We do not use Google Analytics, Facebook Pixel, or any other third-party tracking technology on this website. If this changes, we will update this policy and, where required, obtain your consent beforehand.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
Email: hello@revive-bwa.co.uk
Phone: +44 7542 714599
Address: Weston-super-Mare, North Somerset, United Kingdom