Privacy Notice

Last updated: April 2026

Data controller: Viola Hilton

Contact: violatattoos@gmail.com

1. What data we collect

We collect the following categories of personal data when you submit an enquiry or booking:

Standard personal data

  • Name, email address, phone number, date of birth
  • Legal basis: contract performance (to provide tattooing services)
  • Retention: 3 years from your last appointment, then deleted

Health data (special category)

  • Skin type, allergies, medical conditions, medications
  • This is special category data under UK GDPR Article 9
  • Legal basis: your explicit consent, given when you submit an enquiry
  • Retention: 3 years from your last appointment, then deleted

Financial data

  • Payment amounts and methods (processed via Stripe)
  • We do not store card numbers — Stripe handles payment processing
  • Legal basis: contract performance
  • Retention: 7 years (legal requirement for financial records)

Marketing preferences

  • Whether you've opted in to email or WhatsApp marketing communications
  • Legal basis: your explicit consent
  • Retention: until you withdraw consent

2. Who we share your data with

We use the following third-party services (subprocessors) to operate this service:

  • Supabase — database and file storage (EU, eu-west-1 region)
  • Stripe — payment processing (US, Standard Contractual Clauses)
  • Resend — email delivery (US, Standard Contractual Clauses)

Your data is never sold or shared with third parties for marketing purposes.

3. Your rights under UK GDPR

You have the right to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Withdraw consent for health data or marketing at any time
  • Request restriction of processing
  • Data portability (receive your data in a machine-readable format)
  • Object to processing
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email violatattoos@gmail.com

4. Health data and consent

When you submit an enquiry, you explicitly consent to the collection and processing of health-related information (skin type, allergies, medical conditions) for the purpose of providing safe tattooing services. You can withdraw this consent at any time by contacting us — however, we may be unable to provide services without this information.

5. Cookies

This website does not use tracking or analytics cookies.

6. Changes to this notice

We may update this notice from time to time. The current version is always available at /privacy/viola-tattoos