Effective Date: 25 April 2025

Welcome to Bodhial.com (“we”, “our”, or “us”). We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains:

What personal data we collect. How we use it. Your rights. How we keep your data safe.

1. Who We Are

Bodhial Limited. London, United Kingdom.
Email: concierge@bodhial.com Phone:  +44 7457 414324
Website: https://bodhial.com

We are the controller of your personal data, meaning we decide how and why your data is used.

2. What Data We Collect

We may collect and process the following types of data:

a) Personal Data:
- Name
- Email address
- Postal address
- Phone number
- Payment details (processed via third-party providers)
- IP address
- Account login details

b) Usage Data:
- Pages visited
- Time spent on site
- Browser and device data
- Referral source

c) Special Category Data (if applicable)

We only collect special category data (e.g. health information) with your explicit consent and only where necessary.

3. How We Collect Your Data

We collect data in the following ways:
- When you use our website (e.g. browsing or creating an account)
- When you book an appointment for a beauty treatment or consultation (online, by phone, or in person)
- When you register or create an account
- When you make a purchase online or in person
- When you subscribe to our newsletter
- When you contact us via email, contact form, phone, or social media
- When you interact with us on social media platforms
- When you complete surveys, provide feedback, or participate in promotions
We may collect your name, contact details, appointment history, relevant preferences (e.g. treatment choices), and any information you choose to share that helps us provide safe and tailored services (e.g. allergies or skin sensitivities — with your consent if it includes special category data).

3a. Special Category Data (Health & Safety for Treatments)

As part of providing beauty treatments, we may need to collect special category data, for example:
- Allergies or sensitivities
- Skin conditions
- Medical conditions relevant to treatment (e.g. pregnancy, medication)

We collect this information:
- Only when necessary to ensure your health, safety, and wellbeing during treatments
- With your explicit consent (usually via a consultation or consent form at the time of booking or in person)
We will never use this information for marketing or any other purposes unrelated to your treatment.
You have the right to withdraw your consent at any time, although this may affect our ability to offer certain services safely.

4. Legal Bases for Processing

Under UK GDPR, we must have a lawful basis for processing your data. We rely on:
- Consent – when you sign up for newsletters or marketing.
- Contract – to fulfill our obligations when you make a purchase or request a service.
- Legal obligation – for compliance with legal or regulatory requirements.
- Legitimate interest – for analytics, improving our services, and fraud prevention (balanced against your rights).

5. How We Use Your Data

We use your data to:
- Process orders and payments
- Deliver products or services
- Send updates or marketing communications
- Respond to your enquiries
- Improve our website and services
- Meet legal obligations

6. Who We Share Your Data With

We may share your data with:
- Payment processors (e.g. Stripe, PayPal)
- Email marketing platforms (e.g. Mailchimp, ConvertKit)
- IT service providers (e.g. hosting services)
- Analytics providers (e.g. Google Analytics)
- Law enforcement or regulatory bodies when required by law
We ensure that all third parties are GDPR-compliant and process data under strict agreements.

7. International Transfers

Some of our service providers may be located outside the UK. In such cases, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or adequacy decisions).

8. Data Retention

We keep your personal data only as long as necessary for the purpose it was collected, or as required by law. For example:

- Customer records: up to 6 years

- Marketing data: until you withdraw consent

9. Your Rights

Under UK GDPR, you have rights including:
- Right to access – request copies of your personal data
- Right to rectification – correct inaccurate data
- Right to erasure – request deletion (right to be forgotten)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
- Right to lodge a complaint with the ICO
To exercise any of your rights, email us at concierge@bodhial.com

10. Cookies

We use cookies to enhance your experience and analyse website traffic.
You can manage cookie preferences via your browser settings or our cookie banner. For more info, see our [Cookie Policy].

11. Security

We implement appropriate technical and organisational measures to protect your data, including:
- HTTPS encryption
- Firewalls
- Access control
- Regular backups

12. Children’s Privacy

Our website is not intended for children under 13. We do not knowingly collect data from children without parental consent.

13. Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via email or website notice.

14. Contact Us

If you have questions or concerns about this policy or your data:

Email: concierge@bodhial.com
Phone: +44 7457 414324