Privacy Policy

207 Health and Beauty ("we", "us", "our") is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our website at 207healthandbeauty.co.uk.

We are the data controller for the personal data we process. You can contact us at:

• 207 Worple Road, Raynes Park, London SW20 8QY
• 207beauty@gmail.com
• +44 7940 720 270

This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We collect different types of information depending on how you interact with us:

Contact form: First name, last name, email address, phone number (optional), subject, and your message.

Online shop: When you make a purchase, your name, email, shipping and billing address, and payment details are collected by Stripe, our payment processor. We do not store your card details on our servers.

Gift cards: Gift card codes and balances are stored securely to manage redemption and remaining balances.

Bookings: Appointments made through the Treatwell booking widget are processed by Treatwell. Any data you enter there is subject to Treatwell's privacy policy.

Technical data: Our hosting provider (Cloudflare) may collect your IP address, browser type, and pages visited for security and performance purposes.

We use the information we collect to:

• Respond to your contact form enquiries
• Process and fulfil your orders
• Send order confirmation and gift card code emails
• Manage gift card balances
• Improve our website and services

Our legal bases for processing are:

• Contract performance: processing orders and delivering products you have purchased
• Legitimate interests: responding to enquiries and improving our services
• Consent: where you have given us specific permission

We use the following third-party services, each with their own privacy policies:

• Stripe — payment processing
• Resend — transactional emails (order confirmations, gift card codes, contact form responses)
• Treatwell — appointment booking
• Cloudflare — website hosting and security
• Google Fonts — typography (loaded from Google servers)

Our use of cookies and browser storage is minimal:

• Essential cookies: Cloudflare may set cookies required for security and routing. These are strictly necessary and exempt from consent requirements under UK PECR.
• Shopping cart: We use your browser's local storage to remember items in your cart. This data stays on your device and is not sent to our servers.
• Treatwell widget: The booking widget may set its own cookies, governed by Treatwell's cookie policy.

We do not use any analytics or marketing cookies.

• Contact form messages: forwarded to us by email and not stored on our servers beyond delivery
• Order data: retained by Stripe in accordance with their data retention policies
• Gift card balances: retained for 12 months from the date of purchase (gift cards expire after 12 months)
• Technical logs: retained by Cloudflare per their standard retention periods

Under the UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Restrict or object to our processing of your data
• Request a portable copy of your data

To exercise any of these rights, please email 207beauty@gmail.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled improperly.

We take appropriate measures to protect your data. All data transmitted to and from our website is encrypted via HTTPS. Payment processing is handled by Stripe, which is PCI-DSS compliant. We do not store card details on our servers.

We may update this privacy policy from time to time. The date at the top of this page indicates when it was last revised. We encourage you to review this page periodically.