GDPR & Data Protection Policy

At UK PMU Experts, we are committed to protecting the privacy and security of all personal information belonging to our clients, models, students, and staff.
We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all data we collect is handled lawfully, fairly, and transparently.

This policy explains what personal data we collect, why we collect it, how we store it, and how individuals can exercise their rights.

Our Commitment

We take your privacy seriously.
We will:

  • Only collect information that is necessary for legitimate business or legal purposes.

  • Keep your information accurate, relevant, and up to date.

  • Store your data securely and protect it from unauthorised access or misuse.

  • Never sell, rent, or share your information with third parties without your explicit consent, except where required by law.

  • Dispose of data safely once it is no longer needed.

What Information We Collect

We may collect personal data from:
Clients & Models

  • Full name, address, contact number, and email.

  • Medical history, allergies, and health information (for treatment safety).

  • Treatment records, before-and-after photographs, consent forms, and patch test results.

  • Payment details (processed securely through third-party payment platforms).

Students

  • Full name, address, contact details, and date of birth.

  • Proof of ID and qualification records.

  • Payment details and enrolment history.

  • Coursework, assessments, and progress records.

  • Photographs or videos taken during training sessions (only with consent).

Staff & Tutors

  • Employment and training records, emergency contacts, and payroll information.

Why We Collect Data

We collect personal information for the following reasons:

  • To deliver treatments safely and professionally.

  • To manage bookings, payments, and communication.

  • To meet insurance and licensing requirements.

  • To register learners with awarding bodies (e.g. ProQual).

  • To provide certification, assessment records, and learner support.

  • To meet legal, auditing, or safeguarding obligations.

  • To contact clients or students regarding appointments, aftercare, or course updates.

How We Store & Protect Your Data

All personal data is stored securely in password-protected systems, both digitally and physically.

  • Digital Data is stored within secure platforms such as GoHighLevel, Skool, and Google Workspace, which are GDPR-compliant and protected by encryption and two-factor authentication.

  • Paper Records (e.g., consent forms or assessments) are kept in locked cabinets in restricted areas.

  • Access to personal data is limited to authorised staff and tutors only.

  • Sensitive health or financial information is never shared via unsecured methods such as personal email or messaging apps.

We regularly review our data security systems to ensure continued compliance.

How Long We Keep Data

We retain personal data only for as long as necessary to fulfil the purpose it was collected for, including legal, accounting, or insurance requirements:

  • Client & Model treatment records: minimum of 7 years (as required by insurers).

  • Student records & assessments: minimum of 7 years after completion (for awarding-body compliance).

  • Financial transactions: retained in line with HMRC requirements.

After these periods, data is securely destroyed or permanently deleted.

Sharing of Data

We may share limited information with:

  • Awarding bodies (e.g. ProQual) for learner registration and certification.

  • Insurance companies if required for claims or compliance audits.

  • Professional advisors (e.g. accountants or solicitors) where legally necessary.

We will never sell, trade, or transfer personal information to marketing companies or third parties for profit.

Images & Media

Photographs and videos may occasionally be taken during treatments, training, or academy events.
These will only be used for educational or promotional purposes with explicit written consent from the individual(s) involved.
Consent can be withdrawn at any time by emailing:
📧 amy@amylouiseuk.com

Marketing Communication

We only send marketing emails or text messages to individuals who have opted in to receive them.
You can unsubscribe from marketing communications at any time by clicking “unsubscribe” in our emails or contacting us directly.

Your Rights Under UK GDPR

Under UK GDPR, all individuals have the right to:

  • Access the personal data we hold about them.

  • Request correction of inaccurate or incomplete information.

  • Request deletion of personal data (where legally permissible).

  • Restrict or object to how their data is processed.

  • Withdraw consent for marketing at any time.

  • Request a copy of their personal data in a portable format.

Requests should be made in writing to:
📧 amy@amylouiseuk.com
We aim to respond to all valid requests within 30 days.

Data Breach Procedure

If a data breach is suspected or confirmed:

  • It will be investigated immediately by the Centre Coordinator.

  • Affected individuals will be notified as soon as possible.

  • Serious breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours, as required by law.

Policy Review

This policy is reviewed annually, or sooner if changes occur in legislation, systems, or operational practices.

By enrolling on a course, modelling, or booking a treatment with UK PMU Experts, you consent to the collection and lawful use of your personal information in accordance with this GDPR & Data Protection Policy.

We are committed to protecting your privacy and maintaining your trust at all times

Sign up