Privacy Policy.

Last updated: November 2025

Glooped (“we”, “us”, “our”) is committed to protecting your personal information and respecting your privacy. This Privacy Notice explains how we collect, use, store and protect your data when you interact with us online or in person.

We are the Data Controller for all personal data we process.

  • Business Name: Glooped

  • Owner: Isabel Sturgess

  • Location: Bristol, United Kingdom

  • Email: helloglooped@gmail.com

1. What Personal Data We Collect

We collect the following categories of personal data:

A. Personal Identification

  • Full name

  • Email address

  • Phone number

  • Address (if needed for consultation)

B. Consultation & Treatment Information

  • Medical history

  • Skin concerns

  • Allergies

  • Patch test results

  • Treatment notes

  • Consent forms

C. Website Data (via Squarespace)

  • IP address

  • Device type

  • Browser type

  • Cookies and analytics data

  • Interaction with website pages

D. Booking & Payment Data

  • Treatment bookings

  • Payment confirmation

  • Invoices

  • Transaction history
    (Note: All card payments are processed securely by third-party payment processors — we do not store card details.)

E. Photos

  • Before/after treatment photos (only with your consent)

2. Why We Collect Your Data (Lawful Basis)

To manage bookings and appointments: Contract

To assess suitability for treatments: Legitimate interests / Vital interests

To provide safe, effective treatments: Legitimate interests

To maintain treatment records: Legal obligation

To comply with insurance requirements: Legal obligation

To send appointment reminders: Legitimate interests

Marketing emails (optional): Consent

Website analytics: Legitimate interests

Before/after photos: Consent

3. How We Use Your Data

We use your personal data to:

  • Provide aesthetic treatments safely

  • Comply with insurance, licensing and record-keeping requirements

  • Contact you about appointments

  • Maintain treatment history

  • Improve website performance

  • Respond to enquiries

  • Send marketing only if you’ve opted in

We do not sell your data or share it with unrelated third parties.

4. Who We Share Your Data With

We may share your data with:

  • Payment processors (e.g., Stripe, PayPal)

  • Booking system providers (e.g Fresha)

  • Insurance providers (only if legally required)

  • Regulatory authorities (if required by law)

All third parties are GDPR-compliant.

5. How Long We Keep Your Data

We retain your data for:

Client treatment records: 7 years from the date of your last treatment (insurance requirement).

Consultation forms: 7 years

Financial/invoice data: 6 years (HMRC requirement)

Marketing data: Until you withdraw consent

Website analytics: Up to 26 months (depending on Squarespace)

6. Your Rights Under UK GDPR

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion (in some cases)

  • Withdraw consent

  • Object to processing

  • Restrict processing

  • Data portability

  • Complain to the ICO

ICO contact: www.ico.org.uk

To exercise your rights, email: helloglooped@gmail.com

7. How We Protect Your Data

We use:

  • Secure cloud storage

  • Password-protected devices and apps

  • Encrypted consultation forms

  • Restricted staff access (sole trader)

  • Regular data reviews and deletion

8. Cookies & Website Tracking

Our website uses cookies through Squarespace to:

  • Analyse website traffic

  • Improve site functionality

  • Enhance user experience

For more information, see our Cookie Policy.

9. Before & After Photos

We will never publish or share your photos unless:

  • You give explicit written consent, and

  • You may withdraw consent at any time

Withdrawal does not affect treatments already performed.

10. Contact Us

For all privacy or data protection enquiries:

Glooped
Email: helloglooped@gmail.com
Bristol, United Kingdom