Privacy Policy & GDPR Statement

Beauty Bonbon

Last updated: 28th January 2026

Beauty Bonbon is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Business name: Beauty Bonbon
Location: Norwich, UK
Contact email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Telephone: 07958 276925

For the purposes of data protection law, Beauty Bonbon is the Data Controller of your personal data.

2. What Personal Data We Collect

We may collect and process the following information:

  • Name

  • Contact details (email address, phone number)

  • Appointment and treatment details

  • Medical or health information relevant to treatments (only where necessary and with consent)

  • Payment information (processed securely via third-party providers – we do not store card details)

  • Website usage data (IP address, browser type, cookies)

3. How We Collect Your Data

We collect personal data when you:

  • Book an appointment (online, in person, or by phone)

  • Complete a consultation or medical form

  • Contact us via email, phone, or website

  • Subscribe to marketing communications (if applicable)

  • Use our website

4. How We Use Your Data

Your data is used to:

  • Manage appointments and provide beauty treatments

  • Ensure treatments are safe and suitable

  • Communicate with you about bookings or services

  • Process payments

  • Improve our services and website

  • Meet legal and regulatory obligations

We will only use your data where we have a lawful basis, such as consent, contractual necessity, or legal obligation.

5. Special Category Data (Health Information)

Some treatments require us to collect limited health or medical information. This data is:

  • Collected only when necessary

  • Stored securely

  • Used solely to ensure your safety

  • Processed only with your explicit consent

6. Marketing Communications

We will only send marketing emails or messages if you have opted in. You can unsubscribe at any time by following the link in our messages or contacting us directly.

7. Data Sharing

We do not sell or share your personal data with third parties, except where necessary:

  • Online booking systems

  • Payment processors

  • Legal or regulatory authorities (if required by law)

All third-party providers are GDPR-compliant.

8. Data Storage & Security

We take appropriate technical and organisational measures to protect your data, including:

  • Secure digital systems

  • Password-protected files

  • Limited access to personal information

We only keep your data for as long as necessary for business or legal purposes.

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Object to processing

  • Withdraw consent at any time

  • Request data portability

To exercise any of these rights, please contact us using the details above.

10. Cookies

Our website may use cookies to improve user experience and analyse website traffic. You can control or disable cookies through your browser settings.

11. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO):www.ico.org.uk

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website.