Book Now
Skip to main content
Sandor Logo
Background texture

Privacy Policy

At Sandor Tattoos, we are committed to protecting your privacy and ensuring your personal data is handled securely and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

Sandor Tattoos is the data controller for the personal information we collect. If you have any questions about this policy or how we handle your data, please contact us at: booking@sandortattoos.co.uk

2. What Data We Collect

When you book an appointment or use our services, we may collect the following information:

  • Contact Information: Name, email address, phone number
  • Booking Details: Appointment date, time, tattoo description, reference images
  • Payment Information: Processed securely through Stripe (we do not store full card details)
  • Health Information: Medical conditions, allergies, or other health-related information you choose to disclose (voluntary)
  • Usage Data: IP address, browser type, pages visited, cookies (for website functionality)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Managing and confirming your tattoo appointments
  • Processing deposit and payment transactions
  • Sending booking confirmations and reminders
  • Ensuring health and safety during your session
  • Improving our services and website functionality
  • Complying with legal and regulatory obligations
  • Maintaining business records for accounting purposes via Xero

4. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: To fulfill our booking agreement with you
  • Legitimate Interests: To manage our business operations and improve our services
  • Legal Obligation: To comply with tax and financial record-keeping requirements
  • Consent: Where you have provided explicit consent (e.g., for marketing communications)

5. Data Sharing & Third Parties

We may share your data with the following trusted third-party services:

  • Stripe: Payment processing (PCI DSS compliant)
  • Xero: Accounting and invoicing
  • Cloudinary: Secure image storage for reference photos
  • Hostinger: Website hosting and email services
  • Vercel: Website infrastructure and deployment

We never sell or rent your personal data to third parties for marketing purposes. Data is only shared with service providers necessary to deliver our services, and they are contractually obligated to protect your data.

6. Data Storage & Security

Your data is stored securely in a MySQL database hosted by Hostinger in the EU. We implement industry-standard security measures including:

  • Encrypted connections (HTTPS/SSL)
  • Secure password hashing and JWT token authentication
  • Two-factor authentication (2FA) for admin access
  • Regular security updates and monitoring
  • Access controls and audit logs

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Booking Records: Kept for 6 years for tax and accounting purposes
  • Payment Records: Kept for 6 years as required by UK tax law
  • Marketing Data: Until you withdraw consent or 2 years of inactivity
  • Reference Images: Deleted upon request or after 1 year

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing or optional processing

To exercise any of these rights, please contact us at booking@sandortattoos.co.uk. We will respond within one month.

9. Cookies

Our website uses essential cookies to ensure functionality (e.g., session management, authentication). We do not use tracking or advertising cookies. By using our website, you consent to the use of essential cookies.

10. International Data Transfers

Your data is primarily stored within the EU/UK. Some third-party services (e.g., Stripe, Vercel) may process data in other jurisdictions with adequate data protection safeguards in place.

11. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. Continued use of our services constitutes acceptance of the updated policy.

13. Complaints

If you believe your data has been mishandled, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk

Last updated: 8 February 2026

© 2026 Sandor Tattoos. All rights reserved.