Privacy Policy

1. Introduction

SANCTUM by Sophie McGeer (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website sanctumbysophie.co.uk and use our services. Please read this privacy policy carefully.

2. Information We Collect

Personal Information You Provide

We may collect personal information that you voluntarily provide when you:

• Fill out our contact form
• Book a consultation or appointment
• Contact us by phone or email
• Subscribe to communications

This information may include your name, email address, phone number, and any details you provide about your skin concerns.

Automatically Collected Information

When you visit our website, we may automatically collect certain information including your IP address, browser type, operating system, referring URLs, and information about how you interact with our website. We use Vercel Analytics and may use Google Analytics to collect this data.

3. How We Use Your Information

We use the information we collect to:

• Respond to your enquiries and messages
• Book and manage your appointments
• Provide our skin treatment services
• Send you appointment reminders and aftercare information
• Improve our website and services
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases: your consent, performance of a contract (when you book services), our legitimate interests (improving our services), and compliance with legal obligations.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted third-party service providers who assist us in operating our website (such as our web hosting provider, Vercel) and processing contact form submissions (Web3Forms). These providers are contractually obligated to protect your data.

6. Cookies

Our website may use cookies and similar tracking technologies to enhance your browsing experience and collect analytics data. You can control cookie preferences through your browser settings. Essential cookies are necessary for the website to function properly and cannot be disabled.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure (“right to be forgotten”)
• The right to restrict processing
• The right to data portability
• The right to object to processing
• The right to withdraw consent

To exercise any of these rights, please contact us using the details below.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Contact form submissions are retained for up to 12 months unless you request earlier deletion.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our website uses HTTPS encryption to protect data transmitted between your browser and our servers.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.