Privacy Policy

Thanks for your interest with The Lash Lab to glam up your lashes and/or brows!

Effective Date: 1 March 2025
Last Updated: 18 June 2026

Introduction

Welcome to The Lash Lab.

At The Lash Lab, we understand that your privacy is important. We are committed to protecting the personal information you share with us and handling it responsibly, transparently, and securely. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit our website, book appointments, contact us, receive treatments, or otherwise interact with our business.

We have developed this Privacy Policy in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Irish Data Protection Act 2018, and other applicable data protection laws.

By using our website, booking an appointment, or providing us with your information, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

The Lash Lab is a specialist lash and brow artistry studio located in Sligo, Ireland.

The Lash Lab
Studio 10
Holborn Street, Rathquarter
Sligo, Co. Sligo
F91 X9VH
Ireland

Email: info@thelashlab.ie

For the purposes of GDPR, The Lash Lab acts as the Data Controller, meaning we determine how and why your personal information is processed.

2. Our Commitment to Your Privacy

We believe that trust is earned through transparency.

As a highly specialised lash and brow studio, we only collect information that is reasonably necessary to:

  • Deliver safe and effective treatments

  • Manage appointments and client records

  • Communicate with clients

  • Improve our services

  • Meet our legal and professional obligations

We do not sell, rent, or trade personal information to third parties.

3. Information We Collect

Depending on how you interact with us, we may collect the following categories of personal information.

Personal Identification Information

  • Full name

  • Mobile telephone number

  • Email address

  • Date of birth (where relevant)

  • Emergency contact details (where applicable)

Appointment Information

  • Appointment history

  • Services booked

  • Appointment notes

  • Cancellation and rescheduling records

  • Payment status information

Consultation Information

To provide treatments safely and effectively, we may collect information disclosed during consultations, including:

  • Previous lash or brow treatment history

  • Product sensitivities

  • Allergies

  • Skin sensitivities

  • Medical information relevant to treatment suitability

  • Client preferences and desired outcomes

We only request information that is necessary to safely deliver our services.

Website Information

When you visit our website, certain information may be collected automatically, including:

  • IP address

  • Browser type

  • Device information

  • Operating system

  • Referral sources

  • Pages viewed

  • Session duration

  • Website interaction data

This information helps us improve website performance and user experience.

Payment Information

To secure appointments and support our booking policies, clients may be required to provide payment card details during the booking process. Payment information is processed securely through authorised third-party payment providers and may be used to process service payments, deposits, late cancellation fees, and no-show charges in accordance with our Terms of Service. The Lash Lab does not store or have access to complete payment card details.

Photography and Media Consent

As part of our services, photographs may be taken during appointments to document treatment results and maintain service records. The use of any photographs or videos for marketing, social media, website content, or promotional purposes is governed by the Media Capture and Release Consent completed during the booking process. Clients may choose whether to grant or withhold consent, and this decision will not affect their ability to receive services. Where consent is not provided, media will not be used for public marketing or promotional purposes.

4. Special Category Data

Certain information disclosed during consultations may constitute "special category data" under GDPR, particularly information relating to health, allergies, or sensitivities.

Where such information is collected, it is processed solely for the purpose of:

  • Determining treatment suitability

  • Protecting client safety

  • Managing allergic reactions or sensitivities

  • Delivering treatments responsibly

We process this information only where legally permitted and where necessary for the provision of beauty services requested by you.

5. Why We Collect Your Information

We collect and process personal information for legitimate business purposes including:

Appointment Management

  • Creating and managing bookings

  • Sending confirmations

  • Sending appointment reminders

  • Managing cancellations and reschedules

Service Delivery

  • Conducting consultations

  • Performing patch tests

  • Maintaining treatment records

  • Providing aftercare advice

Customer Support

  • Responding to enquiries

  • Addressing concerns or complaints

  • Providing service recommendations

Business Operations

  • Improving client experience

  • Monitoring service quality

  • Training and quality assurance

  • Website improvement and analytics

Legal and Regulatory Compliance

  • Complying with legal obligations

  • Protecting health and safety

  • Preventing fraud and misuse

6. Legal Basis for Processing

Under GDPR, we rely on one or more of the following lawful bases:

Contractual Necessity

Processing required to fulfil our obligations when you book and receive services.

Legitimate Interests

Processing necessary for operating, managing, and improving our business.

Consent

Where consent is required, including:

  • Marketing communications

  • Client photography

  • Social media content

  • Certain website cookies

You may withdraw consent at any time.

Legal Obligation

Where processing is necessary to comply with legal requirements.

7. Photography and Marketing Content

At The Lash Lab, we are proud to showcase our work through our website, social media platforms, promotional materials, and portfolio galleries.

Photographs or videos of treatment results may occasionally be requested.

We will always seek your permission before publishing identifiable images.

Granting permission is entirely voluntary and will not affect your ability to receive services.

You may withdraw consent for future use at any time by contacting us.

8. Digital Booking Systems

The Lash Lab operates as a digital-first business.

Appointments are managed through secure third-party booking platforms. When you book an appointment, your information may be processed by those providers solely for the purpose of:

  • Managing appointments

  • Sending reminders

  • Processing payments

  • Maintaining booking records

We select providers that implement appropriate security and privacy measures.

9. Marketing Communications

Where permitted by law, we may send information relating to:

  • Service updates

  • Promotional offers

  • New treatments

  • Business announcements

  • Educational content

You may unsubscribe from marketing communications at any time.

Operational communications relating to booked appointments will continue where necessary.

10. Cookies and Analytics

Our website may use cookies, tracking technologies, and analytics tools to:

  • Improve website functionality

  • Analyse traffic

  • Understand visitor behaviour

  • Enhance user experience

  • Support marketing campaigns

You can control cookies through your browser settings.

Disabling certain cookies may affect website functionality.

11. Data Sharing

We may share information with trusted service providers who assist us in operating our business, including:

  • Booking platform providers

  • Website hosting providers

  • Email service providers

  • Payment processors

  • Marketing providers

  • IT support providers

These providers are only given access to information necessary for their services and are required to protect your information appropriately.

We may also disclose information where legally required by courts, regulators, law enforcement authorities, or government agencies.

12. International Data Transfers

Some service providers may process information outside the European Economic Area (EEA).

Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions

  • Standard Contractual Clauses

  • GDPR-compliant transfer mechanisms

13. Data Retention

We retain information only for as long as necessary to:

  • Deliver services

  • Maintain treatment records

  • Meet legal obligations

  • Resolve disputes

  • Protect business interests

Retention periods may vary depending on the nature of the information.

Once information is no longer required, it is securely deleted or anonymised.

14. Data Security

We implement appropriate technical and organisational measures to protect personal information against:

  • Unauthorised access

  • Loss

  • Theft

  • Misuse

  • Alteration

  • Disclosure

These measures include secure systems, access controls, staff awareness, and reputable service providers.

While we take reasonable precautions, no system can guarantee absolute security.

15. Your Rights Under GDPR

You have the following rights:

Right of Access

Request a copy of your personal information.

Right to Rectification

Request correction of inaccurate information.

Right to Erasure

Request deletion of information where applicable.

Right to Restrict Processing

Request limitations on processing activities.

Right to Data Portability

Receive your information in a portable format.

Right to Object

Object to certain processing activities.

Right to Withdraw Consent

Withdraw consent where processing relies on consent.

To exercise any of these rights, please contact us.

16. Children's Privacy

Our services are generally intended for individuals aged 18 years and over.

Where services are provided to minors, parental or guardian consent may be required.

We do not knowingly collect personal information from children without appropriate authorisation.

17. Third-Party Websites

Our website may contain links to external websites, booking platforms, social media services, or third-party applications.

We are not responsible for the privacy practices of those external services and encourage you to review their privacy policies separately.

18. Complaints

If you are dissatisfied with how your personal information has been handled, we encourage you to contact us first so we can attempt to resolve the issue.

You also have the right to lodge a complaint with the Irish Data Protection Commission.

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

Website: www.dataprotection.ie

19. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements, business operations, technologies, or industry best practices.

Any changes will be published on this page together with an updated revision date.

We encourage you to review this page periodically.

20. Contact Us

If you have any questions regarding this Privacy Policy or your personal information, please contact:

The Lash Lab
Studio 10, Holborn Street, Rathquarter
Sligo, Co. Sligo
F91 X9VH

Email: info@thelashlab.ie

At The Lash Lab, protecting your privacy is part of our commitment to delivering a professional, safe, and trusted experience for every client.

Still have questions?

We're always happy to help. If you have any questions about our treatments, suitability, aftercare, or booking process, please get in touch and we'd be delighted to assist.