top of page

Privacy Policy

Privacy Policy — Kindred Ink

Last updated: 3 January 2026

This Privacy Policy explains how Kindred Ink (“we”, “us”, “our”) collects, uses, stores and shares personal information.

1) Who we are (Data Controller)

Kindred Ink is the “data controller” for the personal information we process. That means we decide how and why your personal data is used.

Studio address: Kindred Ink, 43 High Street, Ross on Wye, HR9 5HD, United Kingdom
Privacy contact: info@kindredink.co.uk

If you have any questions about this policy or your information, contact us using the details above.

2) The personal information we collect

We may collect and store the following types of personal information:

A. Identity & contact details

  • Name, date of birth (to confirm you are 18+), address, email, phone number

  • Emergency contact details (name/number/relationship)

B. Booking & transaction details

  • Appointment dates/times, artist allocated, deposit/payment status, receipts/invoices

  • Communications with us (messages, emails, calls, DMs)

C. Tattoo service records

  • Design brief/consultation notes, placement, size, style, stencil approval notes

  • Photos of the tattoo (progress and healed results), where you consent (see section 7)

D. Health information (special category data)

  • Your answers to health screening questions (e.g., allergies, medications, medical conditions that may affect tattooing/healing)
    This can include “data concerning health”, which the UK GDPR treats as special category data needing extra protection. 

E. Website & social media (if you use them)

  • If you use our website: basic technical data such as IP address, device/browser info, and cookies (see section 10)

  • If you contact us on social media: your handle/name and messages you send us

F. CCTV (if installed)

  • If CCTV is in operation on the premises, we may collect images of visitors for safety and security

3) How we collect your information

We collect information when you:

  • Book or enquire (in person, by phone, by email, via social media, or via any booking platform we use)

  • Complete consultation/consent forms in the studio

  • Attend appointments (including photographs taken with your consent)

  • Visit our website (cookies/analytics) 

  • Visit the premises (CCTV) 

4) Why we use your information (purposes)

We use personal information to:

  • Provide tattoo services safely (consultation, consent, suitability checks, appointment delivery)

  • Manage bookings, deposits, payments and studio administration

  • Communicate with you about your appointment (confirmation, changes, aftercare reminders, replies to questions)

  • Maintain hygiene/safety standards and manage incidents (e.g., adverse reactions, complaints)

  • Keep accurate business records and comply with legal/insurance/accounting obligations

  • Protect our business, clients and staff (security, preventing misuse, dealing with disputes/legal claims)

5) Our lawful bases for processing (UK GDPR)

The UK GDPR requires us to have a lawful basis for using your data. Common lawful bases we rely on include:

  • Contract: to provide the service you book and manage the appointment and payment.

  • Legal obligation: to keep certain records (e.g., accounting/tax) and meet legal duties.

  • Legitimate interests: to run the studio, keep appropriate records, prevent fraud/misuse, and protect the business (balanced against your rights).
    We decide lawful bases before processing and explain them transparently, as the ICO expects.

Special category (health) information

Health information needs both:

  1. a lawful basis under Article 6, and

  2. a separate condition under Article 9. 

We typically process health data using:

  • Explicit consent (Article 9(2)(a)) where you clearly agree to us using your health answers for the purpose of assessing suitability and delivering tattoo services safely. 
    Where appropriate, we may also retain minimal necessary information to establish, exercise or defend legal claims if a dispute arises.

 

You can withdraw consent at any time (see section 11), but withdrawal does not affect processing already carried out.

6) If you do not provide information

If you do not provide information we reasonably need (for example, age verification or key health screening answers), we may not be able to proceed with the tattoo service safely or legally.

7) Photo/video policy (portfolio & marketing)

We may take photos of your tattoo:

  • For your client record / quality control (non-public), and/or

  • For marketing (website/social media/portfolio)

We will only use photos for marketing where you have given clear permission (for example, by ticking an opt-in box). You can withdraw marketing consent at any time.

8) Who we share your information with

We do not sell your personal information.

We may share information with trusted service providers where necessary, such as:

  • Payment providers (to process card payments)

  • Booking/diary systems (if we use an online booking platform)

  • IT providers / cloud storage (secure storage of client records)

  • Accountants/bookkeepers (financial records)

  • Insurers/professional advisers (e.g., if an incident occurs or a claim is made)

  • Law enforcement or regulators where required by law

All third parties are expected to handle your information securely and lawfully.

9) International transfers

Some service providers (e.g., cloud/booking/communications platforms) may process data outside the UK. Where this happens, we use appropriate safeguards recognised under UK data protection law (for example, adequacy arrangements or contractual protections).

10) Cookies and website analytics

If we operate a website, it may use cookies or similar technologies for essential functions and (optionally) analytics/marketing. Where required, we will ask for your consent and provide a cookie notice/settings.

11) Marketing communications (texts/emails)

We may contact you:

  • Service messages (appointment confirmations, changes, aftercare reminders) — these are not “marketing”.

  • Marketing (offers/news/flash days) — we will only send electronic marketing in line with PECR rules (and typically using opt-in tick boxes). 

You can opt out of marketing at any time by using the unsubscribe option (where provided) or contacting us.

12) How long we keep your information (retention)

We keep personal information only as long as necessary for the purposes we collected it for, including safety, legal, accounting, and insurance reasons. The ICO expects you to state retention periods or the criteria used to set them. ICO

Typical retention periods (guidance — may vary by circumstance):

  • Consultation/consent & procedure records (including health screening): typically up to 7 years from your last appointment (or longer if needed for an ongoing dispute/claim).

  • Financial records (invoices/receipts): typically 6 years (for accounting/tax record-keeping).

  • Marketing contact preferences: until you opt out, or we decide they are no longer current.

  • CCTV (if installed): typically up to 30 days, unless needed for an incident investigation.

  • Website logs/analytics: typically up to 12–26 months depending on settings.

 

13) How we protect your information

We use appropriate technical and organisational measures to protect your information, such as:

  • Access controls (need-to-know access)

  • Secure storage for paper records

  • Password protection / device security

  • Limiting who can view health information
    No method of storage is 100% secure, but we take practical steps to reduce risk.

 

14) Your data protection rights

You have rights under UK data protection law, including the right to:

  • Be informed about how your data is used

  • Access your data (subject access)

  • Correct inaccurate data

  • Erase data in some circumstances

  • Restrict processing in some circumstances

  • Data portability (in some circumstances)

  • Object to processing in some circumstances

  • Withdraw consent (where consent is the basis)

  • Complain to the ICO

To exercise your rights, contact us using the details in section 1. We may need to verify your identity.

15) Complaints

We hope we can resolve any concerns directly. You also have the right to complain to the UK supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113 ICO

16) Children

We do not tattoo anyone under 18. We do not knowingly collect children’s data for tattoo services.

17) Changes to this policy

We may update this policy from time to time. The latest version will be available at the studio and/or on our website, with the “Last updated” date shown at the top.

We are registered with the ICO: 

bottom of page