Privacy and Cookies Policy

Effective Date: 31/08/2025

 

This Privacy Policy (“Policy”) helps you understand how Darcey Thomson (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our website and services. By accessing or using our website, you consent to the practices described in this Policy.

 

We reserve the right to change the policy at any given time. Any changes will be posted on this page with the updated ‘effective date.’  If you wish to make are you are up to date with the latest changes, we advise you to frequently visit this page. 

 

Information We Collect

When you visit our website, we may collect the following data:

• Booking Information: When you schedule an appointment, your name, contact details, and appointment preferences are collected and managed through Acuity Scheduling.

• Payment Information: Payments are processed securely by Stripe, our third-party payment processor. We do not receive or store your full credit card details; Stripe handles this information directly in compliance with PCI DSS Level 1 (the highest security standard for payments).

• Cookies: Our site uses a minimal cookie to note when you interact with an emoji. Acuity and Stripe may also use cookies or similar technologies for purposes such as fraud prevention, functionality, and analytics.

• Your IP address
• Data profiling regarding your online behaviour on our website.

 

How We Use Information

We use the information we collect to:

• Schedule and manage your appointments

• Process payments 

• Communicate with you about your bookings or inquiries

• Improve our services and website functionality

• To contact you to fill out surveys and participate in other types of market research

 

Third Party Services

We share your information only with trusted service providers essential for delivering our services:

• Acuity Scheduling (appointment booking)

• Stripe (payment processing)

These providers may collect and process data in accordance with their own privacy and cookie policies:

• Acuity Scheduling (Squarespace) Privacy Policy

• Acuity Cookie Disclosure

• Stripe Privacy Policy

• Stripe Cookie Policy

We do not sell or rent your personal information.

 

Security

Our website uses SSL (Secure Socket Layer) technology to encrypt the transmission of information. While we take reasonable technical and organizational measures to safeguard your data, no method of transmission or storage over the internet is 100% secure, and we cannot guarantee absolute protection.

 

Data Retention 

• Appointment details and related records are retained for 5 years after the date of your last interaction with us, in line with professional and insurance requirements.

• If you are under 18, we are required to retain your records until you reach 18 years of age, and then for an additional 5 years.

• Payment details are handled and retained by Stripe in accordance with their policies, not by us.

 

Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

 

Your Rights

Under the UK GDPR, you have the following rights:

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object

• Rights regarding automated decision-making and profiling
  (Source: ICO – Individual rights)

To exercise any of these rights, please email us at dt@darceythomson.online.  If you are unhappy with the response, you can complain to the

Information Commissioner’s Office. 

 

Practitioner’s Right

To comply with legal, professional, and insurance requirements, we are obligated to retain certain personal information, including:

• Appointment records and related communications

• Billing and payment records

• Notes on lifestyle/medical history where appropriate to the service.

• Client’s full name and date of consultation.
• Any unusual reactions to the services provided.

Because these records are necessary for providing services safely and responsibly, we cannot provide services if a client does not allow the recording  of information that we are legally or professionally required to retain. We also cannot delete the above information 

 

If you have questions about what data is required to be retained or how long it will be kept, please contact us at dt@darceythomson.online.

 

External Links

Our website may include links to third-party websites for your convenience or reference. These links are provided for informational purposes only. We do not control these external sites, and we cannot guarantee their content, privacy practices, or security measures.

 

We encourage you to review the privacy policies of any external websites you visit. Your use of those sites is subject to their terms and conditions, not ours, and we cannot be held liable for any damage or implications at your use of any external links mentioned. 

 

Contact

If you have questions or concerns about this Privacy Policy or your personal data, please contact us:

dt@darceythomson.online