1. Introduction
Welcome to 3 Studios. This privacy policy explains how we collect, use, and protect your personal information when you use our services or interact with our website. 3 Studios is a collective of independent practitioners, including the brands Ink’d Wright (Tattoos & Piercing) and Surrey Sculpt (Body Sculpting), all operating from our shared location in Aldershot.
We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 [1].
2. Who We Are (Data Controller)
For the purpose of UK data protection law, the data controller is 3 Studios.
Our contact details are:
•Address: 3 Old Chapel Ln, Ash, Aldershot GU12 6LQ
•Email for privacy inquiries: shaun@3studios.co.uk
•Website: https://3studios.co.uk
If you have any questions about this privacy policy or how we handle your data, please contact us at the email address provided above.
3. The Information We Collect
We collect various types of personal information to provide and improve our services. The data we collect depends on how you interact with us and is necessary for the safe provision of our specialized beauty and body modification services [2].
How We Collect Data | Types of Data Collected |
When you contact us | Name, email address, phone number, the content of your message |
During consultation | Information about your health, allergies, medical history, and suitability for procedures (special category data) |
When you book a service | Appointment details, contact information, and service history |
During your procedure | Before and after photographs of our work for records and, with explicit consent, for portfolio use |
When you use our website | Technical data via cookies: IP address, browser type, and navigation patterns |
4. How We Use Your Information
We use your personal data for the following purposes, each with a clear legal basis under UK GDPR:
To Provide Our Services: We process your data to schedule appointments, conduct consultations, and perform the services you have requested, including tattoos, piercings, body sculpting, and semi-permanent makeup. This processing is necessary for the performance of our contract with you.
For Health and Safety: We collect and process health information to ensure our procedures are safe and suitable for you. This is essential for protecting your wellbeing and is processed with your explicit consent as required for special category data [3].
To Communicate With You: We use your contact details to respond to inquiries, send appointment reminders, and provide essential aftercare information. This supports our contractual obligations and legitimate business interests.
For Our Business Records: We maintain accurate records of our clients and services provided, as required for insurance and legal purposes. This processing is necessary to comply with our legal obligations.
For Marketing: With your explicit consent, we may use your contact details to send information about our services or promotions. We may also use consented photographs in our online and physical portfolios to showcase our work.
To Improve Our Website: We analyze website usage to enhance user experience, which serves our legitimate business interests while respecting your privacy choices.
5. Our Lawful Basis for Processing Your Data
We only process your personal data where we have a lawful basis to do so under UK GDPR [4]:
Performance of a Contract: We process your data to fulfil our contractual obligation to provide you with the service you have booked.
Explicit Consent: We rely on your explicit consent to process special category (health) data and to use your photographs for marketing purposes. You can withdraw this consent at any time by contacting us.
Legitimate Interests: We process some data for our legitimate business interests, such as responding to inquiries and managing our website. We always balance our interests against your rights and freedoms.
Legal Obligation: We may need to process your data to comply with our legal and regulatory obligations, such as those required by our insurers and health and safety regulations.
6. Special Category (Health) Data
Due to the nature of our services, we must collect health-related information to ensure your safety. This is “special category data” and receives enhanced protection under UK GDPR [5]. We will only collect and use this data with your explicit consent, which will be obtained via a written consent form before your procedure. This information is stored securely and is only accessible to the practitioner responsible for your treatment.
Health data we may collect includes information about allergies, skin conditions, medications, previous procedures, and any medical conditions that could affect the safety or suitability of our services.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or insurance requirements [6]. Our retention schedule is as follows:
Client and Appointment Records: Kept for a minimum of 7 years following your last service, as required by our insurance providers and professional standards.
Consent Forms: Stored for the same period as your client records to maintain proof of consent for any procedures performed.
General Inquiries: Data from general inquiries will be deleted after 12 months if you do not become a client.
Marketing Consents: Retained until you withdraw consent or we determine the data is no longer needed for marketing purposes.
8. Data Sharing and Third Parties
We do not sell your personal data. We will only share it with trusted third parties when necessary and lawful:
Our Practitioners: Your data is shared with the specific practitioner at 3 Studios (Shaun, Debbie, or Holly) who is providing your service.
Insurance Providers: In the event of a claim, we may be required to share your records with our insurers as part of our legal obligations.
Legal and Regulatory Authorities: If required by law, we may disclose your information to law enforcement or other government bodies.
Website and IT Support: Our website is maintained by Dead on Digital, who may have incidental access to data while performing their technical duties under strict confidentiality agreements.
9. Cookies and Website Analytics
Our website uses cookies to enhance your browsing experience and analyze our traffic. We use CookieYes to manage your cookie preferences, allowing you to accept or reject non-essential cookies when you visit our site [7].
The types of cookies we use include:
•Necessary cookies: Essential for basic website functionality
•Analytics cookies: To understand how visitors use our website
•Functional cookies: To remember your preferences and improve your experience
For detailed information about our cookie usage, please refer to the cookie consent banner on our website.
10. Your Data Protection Rights
Under UK GDPR, you have comprehensive rights regarding your personal data [8]:
The right to be informed: To know how we use your data (fulfilled by this privacy policy).
The right of access: To request a copy of the personal data we hold about you.
The right to rectification: To have inaccurate or incomplete data corrected.
The right to erasure: To have your data deleted in certain circumstances, subject to legal and professional obligations.
The right to restrict processing: To limit how we use your data in specific situations.
The right to data portability: To receive your data in a structured, commonly used format.
The right to object: To object to processing based on legitimate interests or for marketing purposes.
Rights related to automated decision making: We do not use automated decision-making or profiling.
To exercise any of these rights, please contact us using the details in Section 2. We will respond to your request within one month.
11. Data Security
We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way [9]. These measures include:
•Secure storage of physical records in locked filing systems
•Password-protected digital systems with restricted access
•Regular security reviews and updates
•Staff training on data protection responsibilities
•Secure disposal of data when no longer required
Access to your personal data is limited to those who have a genuine business need to know it.
12. International Transfers
We do not routinely transfer personal data outside the UK. If we need to do so in the future, we will ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.
13. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website at https://3studios.co.uk. We will notify you of any significant changes by email (where we have your contact details) or through a prominent notice on our website.
14. How to Complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details in Section 2. We will investigate your complaint promptly and keep you informed of our progress.
You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data:
Information Commissioner’s Office (ICO)
•Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
•Helpline number: 0303 123 1113
•Website: https://www.ico.org.uk