Privacy Policy

How we collect, use, and protect your information

Effective Date: January 1, 2026
Last Updated: January 1, 2026

1. Introduction

Welcome to Icarus Tanning Salon ("Icarus," "we," "our," or "us"). We are committed to protecting the privacy of our clients and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services or visiting our website, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our services or website.

2. Data We Collect

We collect the following types of personal data:

  • Contact Information: Name, email address, phone number, postal address (if provided)
  • Health & Safety Information: Consent forms, skin type information, medical history relevant to sunbed usage
  • Transaction Data: Purchase history, payment information (processed securely via third-party payment providers)
  • Website Usage Data: IP address, browser type, pages viewed, time spent on pages (via cookies and analytics)

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service Provision: To provide tanning services, beauty treatments, and product sales
  • Health & Safety Compliance: To ensure safe tanning practices and comply with Sunbed Association guidelines
  • Communication: To respond to inquiries, provide customer support, and send service-related updates
  • Marketing: To send promotional offers and newsletters (with your consent; you may opt out at any time)
  • Legal Compliance: To comply with legal obligations and resolve disputes
  • Website Analytics: To improve website functionality and user experience

4. Legal Basis for Processing

We process your data based on the following legal grounds under UK GDPR:

  • Contract Performance: Processing necessary to provide services you have requested
  • Consent: Where you have given explicit consent (e.g., marketing communications, consent forms)
  • Legal Obligation: Where required by law (e.g., age verification, health & safety records)
  • Legitimate Interests: For business operations, fraud prevention, and improving our services

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Consent forms and health & safety records are retained for 7 years in compliance with industry standards and legal requirements. You may request deletion of your data at any time, subject to our legal retention obligations.

6. Sharing Your Data

We do not sell your personal data. We may share your information with:

  • Service Providers: Payment processors (PayPal), email services, website hosting providers
  • Legal Authorities: If required by law or to protect our legal rights
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify.

7. International Data Transfers

Some of our service providers (e.g., website hosting, analytics) may be located outside the UK. When transferring data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, please contact us at info@icarussalon.co.uk or call 01284 725455.

9. Cookies

Our website uses cookies to improve user experience and analyze website traffic. Cookies are small text files stored on your device. You can control cookie settings through your browser preferences. For more details, see our Cookie Policy (if applicable) or contact us.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are under 18, please do not use our services or provide any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

13. Contact Us & Complaints

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: info@icarussalon.co.uk

Phone: 01284 725455

Address: 49-51 Guildhall Street, Bury St Edmunds, Suffolk, IP33 1QB

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
www.ico.org.uk | Tel: 0303 123 1113