Privacy Policy

Last updated: June 2026

Lumos Skin (“we”, “us”, “our”) is committed to protecting your privacy. This policy explains how we collect, use and store your personal data when you use our website or book a treatment with us, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Lumos Skin is a skin treatment clinic based at The Coach House, Kempshott Park, Dummer, Basingstoke RG25 2DB. You can contact us at 01256 578133 or by email at the address shown on our contact page.

What data we collect

We collect the following personal data when you book a consultation or treatment:

• Contact details: name, phone number, email address
• Booking details: treatment type, preferred dates and times (processed via Phorest, our booking platform)
• Treatment records: skin assessment notes, treatment history, and aftercare instructions — kept as part of your professional care record
• Website analytics: anonymous browsing data (page views, device type, general location) via our hosting platform

Why we collect it

We use your personal data for the following purposes:

• To book and manage your appointments
• To provide safe, appropriate skin treatments and maintain clinical records
• To communicate with you about your treatment, including appointment reminders and aftercare
• To respond to enquiries you send us
• To improve our website and services

We do not use your data for marketing without your explicit consent.

Legal basis for processing

Under UK GDPR, we process your data on the following legal bases:

• Contract: to fulfil your booking and provide treatment
• Legal obligation: to maintain clinical treatment records as required by professional regulations
• Legitimate interests: to respond to your enquiries and improve our services
• Consent: for any marketing communications (you can withdraw this at any time)

Who we share your data with

We do not sell your data. We share it only with:

• Phorest — our booking and salon management platform (they process bookings and reminders on our behalf)
• Cloudflare — our website hosting and email routing provider
• Google — for the embedded map on our contact page and anonymous website analytics

All third parties process your data under their own GDPR-compliant agreements. Your clinical treatment records are not shared with any third party except where required by law.

How long we keep your data

• Treatment records: retained for the period required by our professional insurance and regulatory body (typically 7 years after your last treatment)
• Booking and enquiry data: retained for 2 years after your last interaction
• Website analytics: anonymous and retained for up to 26 months

Your rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your data (subject to clinical record retention requirements)
• Restriction — ask us to limit how we use your data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — for any processing based on consent, at any time

To exercise any of these rights, contact us using the details above.

Cookies

This website does not set any marketing or tracking cookies. Our booking platform (Phorest) and the embedded Google Map may set functional cookies as part of their services. We do not use third-party advertising cookies.

Data security

We take appropriate technical and organisational measures to protect your data, including encrypted transmission (HTTPS), secure cloud hosting, and access controls. Booking data is processed through Phorest’s secure platform.

International transfers

Your data is primarily stored and processed within the UK and EU. Where any data is processed outside the UK (e.g. by Google or Cloudflare), appropriate safeguards such as UK International Data Transfer Agreements are in place.

Your right to complain

If you believe we have mishandled your data, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated date.