Privacy Policy

Privacy Policy for XOXO Tattoo Studio

Effective Date:September 2024

1. Introduction

Welcome to XOXO Tattoo Studio. We are committed to protecting the privacy and security of our clients and website visitors. This Privacy Policy outlines how we collect, use, process, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and Irish data protection laws.

The data controller responsible for your information is XOXO Tattoo Studio, located at 112 Capel Street, Dublin 1, Ireland. You can contact our Data Protection representative at any time regarding your data at [email protected].

2. Information We Collect

We may collect the following types of personal data:

  • Identity & Contact Data: Your first name, last name, email address, and phone number when you contact us directly.
  • Booking Data (via Fresha): When you book an appointment, your personal details are collected and processed through our booking partner, Fresha. This includes your name, email address, and phone number.
  • Appointment & Health Data: To ensure your safety during the tattoo process, we require you to fill out a consent form which may include sensitive health information such as allergies, skin conditions, or other medical details relevant to the procedure. We collect this data only with your explicit consent and for the sole purpose of ensuring your health and safety.
  • Technical Data: When you browse our website, we automatically collect technical information such as your IP address, browser type, and operating system.

3. How We Use Your Information

We use your personal data based on the following legal grounds:

  • To Fulfill a Contract: To manage your tattoo bookings, send appointment reminders, and communicate with you about your appointment.
  • With Your Explicit Consent: To collect necessary health information on our consent forms and to send you marketing communications if you have opted in.
  • For our Legitimate Interests: To improve our website and services, to ensure the security of our site, and for administrative record-keeping. We always ensure our legitimate interests do not override your rights.

4. Cookies and Tracking Technologies

Our website uses cookies to enhance your experience. A cookie is a small file placed on your device. We use them for the following purposes:

  • Cookie Consent Cookie: When you accept or decline our cookie banner, we set a cookie (xoxo_cookie_status) to remember your choice for one year.
  • Analytics Cookies: We may use services like Google Analytics to understand how visitors engage with our site.
  • Embedded Content: Our site may include embedded content (e.g., videos, Instagram posts). This content behaves as if you have visited the other website, and they may set their own cookies.

5. Data Sharing and Third-Party Processors

We do not sell your personal data. We only share it with trusted third-party companies (known as “data processors”) when necessary to provide our services. Our main data processors are:

  • Fresha (Booking Platform): We use Fresha to manage all client appointments. When you make a booking, your personal data (name, email, phone number) is processed by Fresha on our behalf to secure your appointment and send reminders. Fresha is also a data controller for its own purposes. We encourage you to review their policies to understand how they handle your data. You can find the Fresha Privacy Policy here.
  • Other Service Providers: Companies that provide services to us, such as website hosting and analytics (e.g., Google Analytics).
  • Legal Obligations: If required by law, we may need to disclose your information to law enforcement or other government bodies.

6. Data Retention

We will only retain your personal data for as long as necessary. Client consent forms, which include personal and health data, are kept securely for a minimum period of 7 Years as required for insurance and legal liability purposes. Booking information held within Fresha is subject to their data retention policies.

7. Your Data Protection Rights under GDPR

As a resident of the EU, you have extensive rights over your data, including the rights to access, rectify, erase, or object to the processing of your personal data.

To exercise any of these rights, please contact us at [email protected] as your first point of contact. If your request pertains to data processed by Fresha for your booking, we will assist you and coordinate with Fresha to ensure your request is fulfilled.

8. Right to Lodge a Complaint

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Irish supervisory authority, the Data Protection Commission (DPC). You can find their contact details on the Data Protection Commission website.

9. Changes to This Privacy Policy

We may update this policy from time to time. The latest version will always be published on this page. We recommend you review it periodically.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: [email protected]
  • By visiting our studio: 112 Capel Street, Dublin 1, Ireland