Privacy Policy

Last Updated: January 2026

1. Business Name and Contact Details

Business Name: Icarus Tanning Salon
Address: 36 Eastgate Street, Bury St Edmunds, IP33 1YQ, United Kingdom
Phone: 01284 725455
Email: info@icarussalon.co.uk
Website: https://www.icarussalon.co.uk

If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number, postal address
  • Service Information: Tanning session preferences, skin type, service history, appointment records
  • Payment Information: Payment card details (processed securely through payment providers), transaction history
  • Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages, referral sources
  • Communication Data: Messages sent through our contact form, email correspondence, social media interactions
  • Marketing Preferences: Your preferences for receiving marketing communications

3. Purpose of Processing

We process your personal data for the following purposes:

  • To provide tanning, beauty, and retail services
  • To process bookings, appointments, and payments
  • To manage customer accounts and service history
  • To communicate with you about your bookings, services, and enquiries
  • To send you marketing communications (with your consent)
  • To improve our website and services
  • To comply with legal obligations (e.g., health and safety records, tax requirements)
  • To prevent fraud and ensure security
  • To respond to customer service requests and complaints

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary to perform our contract with you (e.g., providing tanning services, processing payments)
  • Consent: Where you have given clear consent (e.g., marketing communications, cookies)
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as:
    • Improving our services and customer experience
    • Preventing fraud and ensuring security
    • Managing customer relationships
    • Website analytics and optimization
  • Legal Obligation: Processing necessary to comply with legal requirements (e.g., health and safety records, tax obligations)

5. Data Retention Period

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law:

  • Customer Records: 7 years from last transaction (for tax and accounting purposes)
  • Service History: 2 years from last service (for customer service and safety records)
  • Marketing Data: Until you withdraw consent or opt-out
  • Website Analytics: 26 months (Google Analytics default)
  • Contact Form Enquiries: 2 years from date of enquiry
  • Payment Records: 7 years (legal requirement)

After the retention period expires, we will securely delete or anonymize your personal data.

6. Third-Party Sharing

We may share your personal data with the following third parties:

  • Payment Processors: To process payments securely (e.g., PayPal, card payment providers)
  • Service Providers: IT service providers, website hosting, email service providers
  • Analytics Providers: Google Analytics (anonymized data) to understand website usage
  • Social Media Platforms: If you interact with us on social media (Facebook, Instagram)
  • Legal and Regulatory Bodies: When required by law or to protect our legal rights
  • Business Partners: Independent nail technicians operating at our salon (with your consent for service provision)

We ensure all third parties have appropriate data protection measures in place and only process your data for specified purposes.

7. International Transfers

Some of our service providers may be located outside the UK/EEA. When we transfer your personal data internationally, we ensure appropriate safeguards are in place:

  • We only transfer data to countries with adequate data protection laws
  • We use Standard Contractual Clauses (SCCs) approved by the UK/EU
  • We ensure service providers comply with GDPR/UK GDPR requirements

For example, Google Analytics may process data in the USA under appropriate safeguards. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8. Your Data Subject Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us using the details provided in Section 1. We will respond to your request within one month (or two months for complex requests).

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for website functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how visitors use our website (Google Analytics)
  • Marketing Cookies: Used to deliver relevant advertisements (with your consent)

You can manage cookie preferences through your browser settings. Note that disabling cookies may affect website functionality.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (SSL/TLS)
  • Secure storage of data at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

13. How to Complain to the ICO

If you are not satisfied with how we have handled your personal data or a complaint, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: https://ico.org.uk
Email: casework@ico.org.uk

We would appreciate the opportunity to resolve any concerns directly with you first, so please contact us before making a complaint to the ICO.