Massage Beauty Therapy Services

Aetheria Lux  

Luxurious Wellness with ESPA Products  

Last updated: February 2026  

I am committed to protecting your privacy and handling your personal information responsibly. This Privacy Notice explains how I collect, use, store, and protect your personal data when you interact with me—whether through my website, booking an appointment, completing a pre-treatment consultation form, or receiving massage, facial, or aromatherapy treatments.  

I am a sole trader/small business based in North Wales, UK, operating as Aetheria Lux. My contact details are:  

Aetheria Lux 

aetherialux@aetherialux.com

North Wales

I act as the data controller for the personal data I process, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.  

#### 1. What Personal Data I Collect  

I collect only the information necessary to provide safe, personalised, and effective wellness treatments. This may include:  

- Basic contact details: Full name, phone number, email address, and (if provided) postal address.  

- Booking and communication details: Appointment dates/times, preferences, and any messages exchanged.  

- Health and treatment-related information (special category/sensitive data under UK GDPR): Medical history, allergies/sensitivities (especially to essential oils, fragrances, nuts, or ESPA product ingredients), medications, pregnancy/breastfeeding status, skin conditions, injuries, and other details from my Pre-Treatment Consultation Form. This is essential for your safety and to tailor treatments (e.g., choosing plain grape seed oil for unscented options).  

- Other: Emergency contact details, payment information (processed securely via my booking provider if applicable), and any feedback or notes from sessions.  

I do not collect data automatically via cookies for tracking/marketing unless you explicitly consent (my site uses only essential cookies—see my Cookie Notice if applicable).  

#### 2. How I Collect Your Data  

- Directly from you: When you book an appointment, complete my consultation form, email or call me, or attend a session.  

- From third parties: Rarely (e.g., if you book via a platform like a calendar tool), but only with your consent or as necessary.  

#### 3. Why I Process Your Data (Lawful Basis & Purposes)  

I process your personal data for the following reasons, with the corresponding lawful basis under UK GDPR:  

- To provide and personalise your treatments (Article 6(1)(b) – contract; Article 9(2)(h) – health/medical purposes for provision of health care): Booking, preparing safe sessions, using ESPA products appropriately, offering unscented options, and ensuring no contraindications.  

- For your vital interests/safety (Article 6(1)(d) & Article 9(2)(c)): Protecting your health during treatments.  

- Legal obligations (Article 6(1)(c)): Keeping treatment records for insurance, professional standards (if registered with any body), or regulatory requirements (typically 7 years for adult records).  

- Legitimate interests (Article 6(1)(f)): Internal administration, appointment reminders, and basic follow-up care (balanced against your rights).  

I do not use your data for marketing unless you opt in separately.  

#### 4. Who I Share Your Data With  

Your information remains confidential. I share it only when necessary:  

- With professional insurers or regulators (if required for claims/complaints).  

- With emergency services (in rare medical situations).  

- With IT/service providers (e.g., secure email, booking calendar, or GoDaddy hosting)—all bound by strict data protection agreements.  

I do not sell, rent, or share your data with third parties for marketing. All processing stays within the UK (or EEA-equivalent secure locations).  

#### 5. How I Keep Your Data Secure  

- Data is stored on password-protected, encrypted devices/cloud services.  

- Consultation forms (digital or paper) are kept in locked/secure locations accessible only to me.  

- Emails/attachments are handled carefully; I recommend you use secure methods if sending sensitive info.  

- I regularly review security and delete data when no longer needed.  

#### 6. How Long I Keep Your Data  

- Treatment/consultation records: Typically 7 years after your last appointment (for insurance/professional purposes), then securely deleted/shredded.  

- Basic contact/booking info: Only as long as needed for ongoing care or legal requirements.  

- If you request deletion earlier (and no legal reason to retain), I will comply where possible.  

#### 7. Your Rights Under UK GDPR  

You have rights over your personal data, including:  

- Right to access: Request a copy of your data.  

- Right to rectification: Correct inaccurate info.  

- Right to erasure ("right to be forgotten"): Request deletion (subject to legal retention needs).  

- Right to restrict processing or object: In certain circumstances.  

- Right to data portability: Receive your data in a structured format.  

- Right to withdraw consent: Where I rely on consent (though most processing is for contract/health reasons).  

To exercise any right, contact me at [your email]. I will respond within one month (free of charge, unless requests are excessive). You can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk or 0303 123 1113.  

#### 8. Changes to This Notice  

I may update this Privacy Notice occasionally (e.g., to reflect legal changes). The latest version is always on my website—check the "Last updated" date.  

#### 9. Contact Me  

If you have questions about this notice, your data, or wish to exercise your rights:  

Email: [your email address]  

I’m here to help with love and care.  

With love & real relaxation,  

Aetheria Lux  

Nurturing your well-being, one gentle touch at a time.  

---