About
Aesthetics
Hair Extensions
Training Academy
Contact
38A High Street, Dunstable
Bedfordshire, LU6 1TA
+44 07943576095
info@aurabyaj.co.uk

Privacy Policy

Last updated: April 27, 2026
AURA by AJ (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This privacy policy explains what data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
If you have any questions about this policy or your data, please contact us at andreajanebunker@icloud.com.

1. Who We Are

AURA by AJ is a mobile aesthetics and hair extensions clinic based in Dunstable, Bedfordshire, serving clients across Bedfordshire, Hertfordshire, Buckinghamshire, and Greater London.
Data Controller:
contact informations
We are the “data controller” for any personal data we collect about you. This means we decide how and why your data is used.

What Data We Collect

We collect the following personal data when you book or enquire about our services:
Contact information
  • Confirm and manage your studio appointments or Academy enrolments
  • Send booking reminders, follow-ups, and relevant service updates
  • Improve our website experience and understand how clients engage with our content
  • Respond to your enquiries promptly and thoughtfully
  • Comply with applicable legal obligations
Health information (sensitive personal data, “special category” under GDPR)
  • Medical history relevant to your treatment
  • Current medications and allergies
  • Pregnancy and breastfeeding status
  • Skin condition and concerns
  • Photographs of treated areas (only with your written consent)
Treatment information
  • Treatments you have booked or had with us
  • Dates of past appointments
  • Practitioner notes about your treatment
  • Signed consent forms
  • Aftercare form responses
Technical information (when you use our website)
  • IP address
  • Browser type and version
  • Pages you visit on our site
  • Time and date of your visit
Payment information
  • We use third-party payment processors. We do not store your full card details on our website.

3. How We Use Your Data

We use your data only for the following purposes:
  • Manage your appointment
  • Send booking confirmations and reminders
  • Carry out medical screening before treatment
  • Maintain medical records as required by law
  • Provide aftercare and follow-up
  • Reply to your enquiries
  • Improve our services
  • Send marketing emails (only if you opt in)
  • Process payments
We will never use your data for purposes other than those listed above without first asking your permission.

4. How We Store Your Data

Your data is stored securely on:
  • Our website's database
  • Our email system
  • Our practitioner's password-protected device for treatment notes
All data transmission uses HTTPS encryption. Access to your records is restricted to authorised practitioners only.
We follow the Care Quality Commission and General Medical Council guidance on storing patient health records, even though we are not formally regulated by either body. Specifically:
  • Adult medical records are kept for 8 years after your last treatment
  • Children's medical records (where applicable, very rare for us) are kept until their 25th birthday
  • Records of consent and treatment are required to be kept this long under UK insurance and indemnity standards
After this retention period, your data is securely deleted.

5. Who We Share Your Data With

We share your data only when necessary, and only with:
Service providers we use to run AURA
  • Website hosting: Hostinger International Ltd (UK/EU servers)
  • Email delivery: Hostinger Mail
  • Payment processing: Stripe / PayPal / etc. — they handle your card data, we never see it
  • Calendar and scheduling: Our website's booking system
All providers above are bound by data protection agreements and are GDPR-compliant.
Healthcare professionals (only when necessary)
  • Your GP or another healthcare provider, if you are referred or if a complication requires medical follow-up. This always requires your explicit consent.
  • Our prescribing pharmacist (for prescription-only treatments). They see only the medical screening information needed to authorise prescription.
Legal authorities
  • If required by law (court order, regulatory request, or police enquiry).
  • If we believe in good faith that disclosure is necessary to prevent serious harm.
We never sell your data. We never share it for advertising. We never share it with third parties for any purpose other than those above.

6. Photographs

Some treatments may benefit from before-and-after photographs as part of your medical record.
  • Photos are only taken with your explicit, written consent on each occasion.
  • They are stored securely with the rest of your record.
  • They are never used for marketing or social media unless you give separate, additional written consent.
  • You can withdraw consent for photos at any time, and we will delete them from our records.
To exercise any of these rights, please contact us at andreajanebunker@icloud.com

7. Your Rights

Under UK GDPR you have the following rights:
Right
What it means
Right of access
You can ask for a copy of all data we hold about you
Right to rectification
You can ask us to correct anything that is wrong
Right to erasure
You can ask us to delete your data, subject to medical record retention requirements
Right to restrict processing
You can ask us to pause certain uses of your data
Right to object
You can ask us to stop using your data for marketing or for legitimate interest purposes
Right to portability
You can ask for your data in a portable format
Right to withdraw consent
If we are using your data based on consent, you can withdraw that consent
To exercise any of these rights, email us at [hello@aurabyaj.com]. We will respond within one calendar month.
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling +4407943576095.

8. Marketing

We will only send you marketing emails or messages if you have opted in. You can opt out at any time by clicking “unsubscribe” in any marketing email, or by emailing us.

9. Cookies

Our website uses cookies. Cookies are small files stored on your device. We use them to make the site work properly and to understand how visitors use our site.

10. Children

We do not provide aesthetic treatments to anyone under 18. We do not knowingly collect data from anyone under 18. If you are a parent and believe your child has provided us with information, please contact us and we will delete it.

11. Changes to This Policy

We may update this policy occasionally. The “Last updated” date at the top will reflect any changes. For significant changes, we will let you know by email if we have your address.

9. Contact

If you have questions about this policy or about how we handle your data:

AURA by AJ

A mobile aesthetics and hair extensions clinic. Considered work, in your home or our studio. Beds, Herts, Bucks, and London.
Explore
Stay Connected

AURA

by AJ

About
Aesthetics
Hair Extensions
Training Academy
Contact
Based in Dunstable, Bedfordshire
© 2026 AURA by AJ. All Rights Reserved.
privacy
terms