Last Updated: November 2025
This Privacy Policy explains how Tattoos By Scott Ltd collects, uses, stores, and protects your personal data. We comply fully with UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018.
1. Who We Are
Data Controller: Tattoos By Scott Ltd
- Address: 4 Finchley Grove, Moston, Manchester, M40 9PU, United Kingdom
- Contact: scott@tattoosbyscott.co.uk | 0330 043 9199
- Company Registration: 07163343 (Companies House)
- Data Protection: Compliant with UK GDPR and Data Protection Act 2018
2. What Data We Collect
We collect only the minimum personal data necessary to provide our services:
Information You Provide Directly
- Booking Information: Full name, email address, phone number, date of birth
- Design Details: Tattoo design preferences, placement, size, color
- Health Information: Medical history, allergies, medications (via health screening form)
- Payment Details: Card details, bank transfer information (processed securely via payment providers)
- ID Documentation: Proof of age (photo ID copy for compliance)
- Contact Messages: Any enquiries or messages sent via contact forms
Information Collected Automatically
- Website Usage: IP address, browser type, pages visited, time on site (via cookies and analytics)
- Device Information: Device type, operating system, screen resolution
- Photographs: Photos of completed tattoos (if you consent)
3. Legal Basis for Processing Data
We process your data on the following legal bases under UK GDPR:
- Contract: Processing necessary to fulfil our service agreement with you (booking, design, payment)
- Legal Obligation: Age verification and compliance with health & safety regulations
- Legitimate Interest: Marketing communications (if opted in), fraud prevention, security
- Consent: Photography, portfolio use, marketing emails (you control this)
4. How We Use Your Data
Essential Uses (Required)
- Processing and confirming your tattoo appointment
- Creating and refining your custom design
- Processing payment and invoicing
- Age verification and health screening
- Providing customer support
- Complying with legal and regulatory obligations
Optional Uses (Consent Required)
- Sending marketing emails about new designs, special offers, or promotions
- Photographing your completed tattoo for portfolio use
- Using your image on our website or social media (with permission)
- Customer testimonials or case studies
Non-Marketing Uses
- Website analytics and improvement
- Security and fraud prevention
- Responding to legal requests
5. Who We Share Your Data With
We do not sell or share your personal data for commercial purposes.
Data Shared When Necessary
- Payment Processors: Stripe, PayPal, or other secure payment gateways (PCI-DSS compliant)
- Email Service Providers: For appointment confirmations and newsletters (encrypted, UK-based or compliant)
- Website Hosting Provider: For site functionality and security
- Legal Authorities: If required by law or court order
- Health Professionals: Only if you request or authorize (e.g., if reporting injury)
No Third-Party Sales
- We never sell your email address to marketing companies
- We never share your data with third-party advertisers
- We never use your data for targeted advertising without consent
6. International Data Transfers
All your data is processed and stored within the United Kingdom or in countries with UK GDPR-equivalent protections.
- Payment processors may transfer data to US partners (with Standard Contractual Clauses in place)
- Email providers are either UK-based or certified under data adequacy agreements
- We do not transfer personal data to countries with inadequate data protection without your explicit consent
7. Data Retention
We retain your personal data only for as long as necessary to provide our services and comply with legal obligations:
Retention Periods
- Booking Information: 3 years after service completion (for aftercare support and warranty)
- Health Screening Data: 6 years (UK health records standard)
- Payment Records: 6 years (for tax and accounting purposes)
- ID Copies: Deleted 30 days after verification (retained only during appointment booking)
- Photographs: Indefinitely (unless you request deletion)
- Website Analytics: 13 months (Google Analytics standard)
- Marketing Data: Until you unsubscribe from emails
Deletion Upon Request
You have the right to request deletion of your data (subject to legal exceptions). We will delete non-essential data within 30 days of written request.
8. Your Data Rights (UK GDPR)
You have the following rights regarding your personal data:
Right to Access
You have the right to request a copy of all personal data we hold about you. We will provide this within 30 days at no cost.
Right to Rectification
If your data is inaccurate or incomplete, you have the right to request correction. Contact us to update your information.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your data, except where we have legal obligations to retain it (e.g., tax records, warranty claims).
Right to Restrict Processing
You can ask us to limit how we use your data while we verify its accuracy or assess your deletion request.
Right to Data Portability
You can request your data in a structured, commonly-used format so you can transfer it to another provider.
Right to Object
You can opt out of:
- Marketing emails at any time (unsubscribe link in all emails)
- Photography and portfolio use
- Automated decision-making (not currently used)
- Legitimate interest processing
Rights Regarding Automated Decision-Making
We do not make decisions about you based solely on automated processing. All service decisions involve human review.
Exercising Your Rights
To exercise any of these rights, contact us at: scott@tattoosbyscott.co.uk | 0330 043 9199
We will respond to all requests within 30 days.
9. Cookies & Tracking
Our website uses cookies to improve your experience. Cookies are small files stored on your device.
Types of Cookies We Use
- Essential Cookies: Required for website functionality (booking forms, shopping cart)
- Analytics Cookies: Track page views and user behavior (Google Analytics)
- Marketing Cookies: Enable retargeting ads on social media (Facebook Pixel, Google Ads)
Your Cookie Choices
- Essential cookies cannot be disabled (required for website operation)
- You can accept or reject analytics and marketing cookies via cookie banner
- You can disable cookies via your browser settings, but this may affect website functionality
- Third-party cookies (Google Analytics, Meta) can be managed via your privacy settings
Cookie Preferences
Visit our cookie preference center in the footer to manage your choices at any time.
10. Security Measures
We take data security very seriously and implement multiple safeguards:
- HTTPS encryption on all website pages (SSL/TLS certificates)
- Payment data processed through PCI-DSS compliant payment gateways
- Passwords hashed and salted
- Regular security audits and penetration testing
- Firewalls and intrusion detection systems
- Staff trained in data protection and security
- Encrypted backups of critical data
- Limited access to personal data (need-to-know basis)
Data Breach Notification: In the unlikely event of a data breach affecting your personal data, we will notify you within 72 hours and report to the Information Commissioner's Office (ICO) as required.
11. Children's Data
Tattoos By Scott Ltd does not knowingly collect data from children under 18. All clients must be 18+ with valid ID. If we discover we have collected data from a minor, we will delete it immediately and attempt to notify the parent/guardian.
12. Third-Party Links
Our website may contain links to external sites. This Privacy Policy applies only to our website. We are not responsible for the privacy practices of linked websites. Please review their privacy policies before sharing information.
13. Marketing Communications
We only send marketing emails to clients who have opted in. These may include:
- Special offers and promotions
- New design announcements
- Seasonal campaigns
- Product recommendations
How to Manage Communications
- Every email contains an unsubscribe link
- You can adjust preferences in your account (future feature)
- You can contact us at scott@tattoosbyscott.co.uk to manage preferences
14. Complaints & Data Protection Authority
If you have concerns about how we handle your data, please contact us first:
- Email: scott@tattoosbyscott.co.uk
- Phone: 0330 043 9199
If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: www.ico.org.uk
- Email: casework@ico.org.uk
- Phone: +44 (0) 1625 545 745
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
15. Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee compliance with UK GDPR. While we are currently in setup phase, you can contact our privacy lead for data protection inquiries at scott@tattoosbyscott.co.uk
16. Updates to This Privacy Policy
- We may update this Privacy Policy to reflect changes in data handling practices
- Significant changes will be notified via email or website notification
- Continued use of our website indicates acceptance of updates
- Current version date is shown at the top of this page
17. Accessibility
If you need this Privacy Policy in an alternative format (large print, audio, other language), please contact us and we will provide it promptly.
Questions About Your Data?
Contact us at:
📧 scott@tattoosbyscott.co.uk
📞 0330 043 9199
Data Protection Officer Inquiries:
Send requests for formal data subject access requests to the above contact address.