Privacy Policy

Privacy Policy – The Ear Care Studio

(UK GDPR & Data Protection Act 2018 Compliant)

Last updated: April 2026

1. Introduction

The Ear Care Studio (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information safely, lawfully, and transparently. This Privacy Policy explains what personal data we collect, how we use it, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We do not collect or store any personal data relating to individuals under 18 years old.

2. Who We Are

The Ear Care Studio Thurcroft, Rotherham, UK Email: bookings@theearcarestudio.co.uk Phone: 07493 775857 Website: www.theearcarestudio.co.uk company number 17157295

We act as the Data Controller, meaning we determine how and why your personal data is processed.

3. What Personal Data We Collect

We only collect the information necessary to provide safe and effective ear‑care services. This may include:

Identity & Contact Information

Name

Email address

Address

Phone number

Appointment Information

Booking details

Appointment history

Service type

Clinical Information

Relevant ear‑health history

Symptoms

Treatment notes

Clinical photographs (if taken during your appointment)

Communication Information

Messages or enquiries sent via our website, email, or telephone

Payment Information

Records of payments received (We do not store full card details. - processed securely via stripe - we do not store any full card details)

Website Usage Information

Basic analytics such as pages visited and time spent on the site

Essential cookies only

We do not collect unnecessary or excessive information.

4. How We Use Your Personal Data

We process your data only when we have a lawful basis to do so. This includes:

To provide ear‑care services

Assessing suitability for treatment

Delivering safe clinical care

Recording treatment notes

To manage appointments

Booking, confirming, and rescheduling appointments

Sending reminders or follow‑up messages

For business administration

Maintaining accurate records

Handling payments

Responding to enquiries

For legal and regulatory compliance

Insurance requirements

Record‑keeping obligations

Responding to lawful requests

We do not use your data for automated decision‑making or profiling.

5. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

Consent – when you voluntarily provide information or agree to treatment

Contract – to deliver the services you have booked

Legal obligation – for tax, insurance, and record‑keeping requirements

Legitimate interests – for appointment management, communication, and business operations

6. How Long We Keep Your Data

We keep personal data only for as long as necessary. Our retention periods are:

Client treatment records: 8 years from the date of the last appointment

Consent forms: 8 years

Appointment & booking information: up to 2 years after last contact

Email/message correspondence: up to 2 years

Financial records: 6 years (HMRC requirement)

Supplier/service provider information: duration of relationship + 2 years

We do not store data for individuals under 18.

After the retention period ends, data is securely deleted or anonymised.

7. How We Store and Protect Your Data

We take appropriate technical and organisational measures to keep your data secure, including:

Encrypted digital storage

Password‑protected systems

Restricted access to authorised personnel only

Secure disposal of digital and paper records

We never sell your data or share it for marketing purposes.

8. Sharing Your Data

We only share your data when necessary and lawful, such as:

With our secure booking or payment providers

With insurers or legal advisers (if required)

When legally required by authorities

We do not transfer your data outside the UK unless adequate safeguards are in place.

9. Your Rights Under UK GDPR

You have the right to:

Access your personal data

Correct inaccurate information

Request erasure (in certain circumstances)

Restrict processing

Object to processing based on legitimate interests

Data portability (where applicable)

Withdraw consent at any time

To exercise your rights, contact: bookings@theearcarestudio.co.uk

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe your data has been mishandled.

10. Cookies

Our website uses only essential cookies required for basic functionality and security. We do not use advertising or tracking cookies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

©Copyright. All rights reserved.

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.