Privacy & Cookie Policy

The controller of your personal data is Patrycja Mikolajczyk Beauty — a beauty salon run by Patrycja Mikołajczyk in Perth.
Address: 283 High Street, Perth PH1 5QN, United Kingdom.
Contact: Instagram @patrycja_mikolajczyk_beauty or Facebook.

The website and booking system are built and technically operated for the studio by Lange Software Solutions (LSS) of Edinburgh (ICO registration: ZC147184) — acting as our processor under a data processing agreement.

• When you contact us (Instagram, Facebook, phone, email): your name, contact details and message — provided voluntarily.
• When you book a visit (via the booking system on this site, the LUCY chat assistant, Instagram or by phone): name, phone, email, the treatment, date and time.
• When you chat with the LUCY assistant: the conversation content is processed to answer you and — if you ask — to place a booking. Please don't type anything into the chat you don't want to share with us.
• Treatment notes: information needed for the safe delivery of a service (e.g. result of a patch test before laser treatment, known contraindications).
• Cookies and localStorage: essential only — see section 7. The Google map on the homepage only loads with your consent.

• Responding to enquiries and arranging your appointment — legitimate interests and steps prior to a contract (Art. 6(1)(b)/(f) UK GDPR).
• Performing the treatment and invoicing — performance of a contract (Art. 6(1)(b)).
• Keeping accounting and tax records — legal obligation (Art. 6(1)(c), HMRC).
• Recording contraindications for laser / Keratin treatments — legitimate interests in health and safety (Art. 6(1)(f)); for special category data, explicit consent (Art. 9(2)(a)).
• We do not sell your data, do not share it with advertisers, do not profile you.

• Enquiries that did not result in a visit — 12 months.
• Appointment records and invoices — 6 years (HMRC accounting standard).
• Treatment safety notes — for the duration of our relationship + a reasonable period after, where required by treatment safety standards.
• Cookies — consent record up to 12 months from the last update.

• Vercel — website hosting (US/EU, SCCs / UK IDTA in place).
• Supabase — booking database and admin login (servers in the EU, AWS region eu-north-1 / Stockholm).
• Google Maps — the embedded directions map on the homepage (loaded only with your consent; Google may then set its own cookies — see Google's privacy policy).
• Anthropic — AI assistant “LUCY” in the chat (US, transient processing, your data is not used to train models).
• Resend — transactional email (US, SCCs).

Each provider operates under arrangements that ensure appropriate safeguards (Standard Contractual Clauses or UK IDTA for transfers outside the UK).

You have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased (except for what we must keep for HMRC — 6 years);
• restrict or object to certain processing;
• data portability;
• withdraw consent at any time where we rely on consent.

Send requests via the studio's Instagram or Facebook. We respond within one month. You also have the right to complain to the UK supervisory authority — Information Commissioner's Office, ico.org.uk.

We set no cookies of our own on the public website. We use:

• Essential cookies — only when signing in to the salon's admin panel (Supabase Auth session). Regular visitors never receive them.
• localStorage (browser storage, not a cookie): remembering your cookie choice (up to 12 months) and the position of the LUCY chat window. This data never leaves your browser.
• Third-party cookies — Google Maps: the embedded map can set Google cookies. That's why it only loads once you click “Accept all” in the banner or “Show map” on the map itself. Without consent the map doesn't load and no Google cookies are set.
• Analytics and marketing: we don't use any. If we ever want to, we'll ask for consent via the banner first.

You can change your choice by clearing this site's data in your browser — the banner will appear again on your next visit.

If we update this policy, we will refresh the date at the top. Material changes will be announced on the homepage and — if you have an upcoming booking with us — also by email.