Privacy Policy

Version: 2026.02.24
Last updated: 24 February 2026

1. Who We Are

Aliya's Beauty is a beauty salon business trading in the United Kingdom. For privacy questions and data-rights requests contact info@aliyasbeauty.co.uk.

30 New Green Street, South Shields, Tyne and Wear, NE33 5DL, GB
Phone: 07802 271478

2. Scope

This policy applies to personal data we process through our website, booking system, account area, payment flows, issue-reporting tools, reviews/favorites features, and e-book purchase/delivery flows.

3. Data We Collect

We may collect and process:

  • Identity and contact data: first name, last name, phone number, email address.
  • Account and authentication data: password hash, account preferences, login/session metadata.
  • Booking data: services selected, appointment date/time/location, booking notes, cancellation status, and related history.
  • Payment-related data: checkout references, payment status, partial card metadata (for example masked card details where available), stored payment token references for scheduled payments, and refund records.
  • E-book purchase data: purchaser email, order/check-out references, download token, download count, and product fulfilment status.
  • Support and quality data: issue reports, review submissions, favorites, and communications metadata.
  • Technical/security data: IP address, user agent, request metadata, security and fraud-prevention logs, and rate-limit markers.
  • Marketing preference data: whether you opted in to promotional email marketing.

4. How We Use Your Data

  • To create and manage bookings, accounts, cancellations, and customer support interactions.
  • To process payments, schedule/collect remaining balances where authorised, and handle refunds when eligible.
  • To deliver digital products (including e-book access/download links) and purchase confirmations.
  • To send essential service communications (booking confirmations, updates, operational notices).
  • To improve service quality, detect abuse/fraud, and protect platform security.
  • To send marketing emails only where you have opted in, and to honour opt-out preferences.
  • To meet legal, accounting, tax, and compliance obligations.

5. Lawful Bases (UK GDPR)

  • Contract: when processing is required to provide bookings, accounts, payments, cancellations, and digital fulfilment.
  • Legitimate interests: service protection, abuse prevention, diagnostics, and business operations where rights are respected.
  • Consent: optional analytics cookies and optional marketing communications.
  • Legal obligation: where records must be retained/disclosed for tax, accounting, legal claims, or regulatory compliance.

6. Data Sharing and Processors

We do not sell personal data. We may share data with trusted processors acting on our instructions, including:

  • SumUp for checkout/payment processing and payment operations.
  • Email delivery providers (Resend and/or Mandrill) for transactional and operational email delivery.
  • Mailchimp for marketing list management where you opt in.
  • Hosting/infrastructure providers that support site/app operation and security.

7. International Transfers

Some processors may process data outside the UK. Where this occurs, we rely on recognised transfer mechanisms (such as UK adequacy regulations or contractual safeguards) as required by applicable law.

8. Retention

We keep data only for as long as necessary for the purposes above. Key operational periods currently include:

  • Application and security logs: typically up to 90 days.
  • Security events: typically up to 90 days.
  • Login attempt and rate-limit files: short-lived operational files (generally minutes to 24 hours).
  • Abandoned pending booking holds: cleaned when stale (heartbeat-based cleanup).
  • E-book pending checkouts: marked failed after timeout; download tokens are time-limited.
  • Account deletion requests: account profile is anonymized while certain business records may be retained for legal/accounting obligations.

Where longer retention is required by law, tax/accounting obligations, fraud prevention, or legal claims, we retain only what is necessary.

9. Cookies and Tracking

We use strictly necessary cookies for core website and account functions. Optional analytics cookies are only used after your consent. See our Cookie Policy for details and controls.

10. Security

We implement technical and organisational safeguards appropriate to the nature of the data we process, including access controls, session protections, rate limiting, input validation, and security/event monitoring. No system can be guaranteed 100% secure.

11. Your Rights

Subject to law, you may request access, correction, deletion, restriction, objection, and data portability. You may also withdraw consent where processing is consent-based (for example optional analytics/marketing). Contact info@aliyasbeauty.co.uk.

12. Children and Age Restrictions

Our services are intended for users aged 16 and over. Clients aged 16-17 require parent/guardian consent in accordance with our terms and treatment policies.

13. Complaints

If you are not satisfied with our response, you may raise a complaint with the UK Information Commissioner’s Office (ICO).

14. Updates to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the version and date shown above.