Privacy Policy 

Privacy Policy

Last updated: 3 December 2025

Who We Are

Stocko's Body Arts (trading as L1 Electric Tattoo Co) is a professional tattoo and body piercing studio committed to protecting your privacy. We are the “data controller” for in-studio services and the website at www.stockosbodyarts.co.uk.

How to contact us about privacy:

What Personal Information We Collect

We only collect what we need to run the studio safely and deliver great service.

Information you provide to us

  • Contact details: name, phone number, email address, postal address
  • Booking information: appointment dates/times, artist preference, service type, special requirements
  • Age verification: date of birth and ID documents (required by law for tattoo services)
  • Health information (special category data): medical conditions, allergies, medications, skin conditions, anticoagulant use, and other health details relevant to tattooing/piercing and aftercare
  • Design and service preferences: tattoo ideas, placement, size, styles, reference images
  • Consent forms and signatures: service consent, aftercare acknowledgement, model release where applicable
  • Payment information: billing details, partial card information as shown on receipts (we do not store full card numbers; our payment processors handle this securely)
  • Communications: messages/emails, phone notes, and preferences (e.g. preferred contact method)

Information we collect automatically

  • Website usage: IP address, device and browser type, pages visited, referring site, time spent, general location (city/region)
  • Cookies and similar tech: used for site functionality, analytics, and (if you agree) marketing
  • Security footage: CCTV in-studio for safety and crime prevention

Photos and documentation

  • Service photos: stencil placement, in-progress and healed results (only taken with your consent where required)
  • Portfolio images: photographs for our website and social media (separate written consent required)
  • ID copies: securely stored for age/identity verification where required by law or to establish/defend legal claims

How We Collect Your Information

  • Directly from you: in person at the studio, over the phone, via email, or via our website forms
  • Booking and payment systems: when you make or change an appointment, pay a deposit, or purchase services
  • Cookies/analytics: when you browse our website (subject to your cookie choices)
  • Social media and messaging: if you message us on platforms like Instagram or Facebook
  • Third-party tools we use to run the business: e.g. payment providers, booking platforms, email/SMS services, and analytics services. These act as our data processors under contract.

Why We Use Your Information

We process your data for the following purposes:

Essential business and legal purposes

  • Service delivery: to take bookings, provide tattoo and piercing services, and manage deposits/payments
  • Health and safety: to assess suitability for services and provide safe care and aftercare
  • Age verification and legal compliance: to meet licensing and legal requirements
  • Security and fraud prevention: including the use of CCTV and payment verification
  • Record keeping and tax: to maintain accurate accounts and business records

Communication and customer care

  • Appointment management: confirmations, reminders, rescheduling, and follow-ups
  • Customer support: answering questions and resolving issues
  • Aftercare: sending aftercare guidance and checking in where appropriate

Improvement and marketing

  • Service improvement: quality control, training, and understanding what clients value
  • Portfolio development: showcasing our work with your permission
  • Updates and offers: sending news about artists, services or promotions (only with consent or as permitted by PECR’s “soft opt-in” for existing clients; you can opt out any time)

We do not carry out automated decision-making that produces legal or similarly significant effects for you.

Our Legal Bases for Processing

Depending on what we’re doing, we rely on one or more of the following:

  • Contract (UK GDPR Art. 6(1)(b)): to provide services you’ve requested (bookings, deposits, aftercare).
  • Legal obligation (Art. 6(1)(c)): to meet age verification, health/safety, tax, accounting and licensing requirements.
  • Legitimate interests (Art. 6(1)(f)): to run and secure our business (e.g., studio security/CCTV, fraud prevention, service improvement). We balance these interests against your rights.
  • Consent (Art. 6(1)(a)): for marketing messages, portfolio photos, and non-essential cookies. You can withdraw consent at any time.

Special category data (health information):

  • Explicit consent (Art. 9(2)(a)): we rely on your explicit consent to collect and use health details relevant to your service. You may withdraw this consent, but it may mean we cannot provide the service.
  • Legal claims (Art. 9(2)(f)): we may retain relevant records where necessary for the establishment, exercise or defence of legal claims.

Marketing rules (PECR):

  • We only send email/SMS marketing with your consent or under the “soft opt-in” for existing clients about similar services. You can opt out at any time.

How and Where We Store Your Data

  • Paper records: certain consent forms/ID checks may be stored in locked cabinets on-site with restricted access.
  • Electronic records: stored in secure booking, payment, email and file storage systems with access controls and audit logs.
  • Locations: where possible, data is stored in the UK/EEA. Some providers may store or access data in countries outside the UK/EEA—see “International Data Transfers”.

Security measures we use include:

  • Role-based access, strong passwords and multi-factor authentication for staff accounts
  • Encryption in transit, and encryption at rest where supported by our providers
  • Regular staff training on privacy and confidentiality
  • Device security and secure disposal of paper/electronic records
  • Data minimisation, retention limits and routine reviews

How Long We Keep Your Information

We keep data only as long as needed for the purpose collected and to meet legal/regulatory requirements:

  • Client service records (including consent and health forms, ID used for verification): 7 years after your last visit (or longer if required for ongoing legal claims).
  • Payment and transaction records: 6 years for tax/accounting.
  • Booking enquiries that do not lead to an appointment: up to 12 months.
  • Marketing preferences and contact details: until you unsubscribe/opt out or ask us to delete them.
  • Portfolio photos (with consent): until you withdraw consent or we retire the image.
  • CCTV footage: typically 30 days, unless required for investigation.
  • Website analytics data: typically up to 26 months (or sooner if you withdraw consent).

When retention ends, we securely delete or anonymise your data.

Who Has Access to Your Data

Access is limited to people and providers who need it to do their job:

  • Our team: artists, piercers and front-of-house staff who need access for bookings, service delivery, aftercare and customer support (access is role-based and confidential).
  • Payment processors: to securely process deposits and payments (e.g., providers such as Stripe or SumUp).
  • Booking and scheduling tools: to manage appointments and reminders.
  • Communication tools: email, SMS and business messaging services we use to contact you.
  • Website, hosting and IT providers: to run and protect our website and systems.
  • Analytics and cookie tools: to understand website usage and improve our site (only with your consent for non-essential cookies).
  • Professional advisers: accountants, lawyers and insurers under confidentiality duties.
  • Regulators and law enforcement: if we are legally required to share information.
  • Emergency services/healthcare: in rare emergencies where sharing may protect life.

We never sell your personal data.

International Data Transfers

Some providers may process data outside the UK/EEA. Where this happens, we ensure appropriate safeguards are in place, such as:

  • UK/EU adequacy regulations/decisions
  • UK/EU Standard Contractual Clauses (SCCs)
  • Other approved transfer mechanisms and supplementary measures where required

Cookies, Analytics and Tracking

Our website uses:

  • Strictly necessary cookies: essential for site security and core features (cannot be switched off).
  • Performance/analytics cookies: help us understand site traffic and improve the site (requires consent).
  • Functional cookies: remember settings to improve your experience (may require consent).
  • Advertising/targeting cookies: for personalised ads and social media features (requires consent).

Your choices:

  • Use the cookie banner to accept/reject categories and update your choices at any time.
  • You can also control cookies via your browser or device settings. Blocking cookies may affect site features.
  • You may opt out of certain analytics and advertising cookies via industry tools (e.g., YourOnlineChoices, NAI) where available.

Your Rights (UK GDPR)

You have the right to:

  • Access: get a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: ask us to delete your data (where we have no legal reason to keep it).
  • Restrict processing: ask us to limit how we use your data.
  • Data portability: receive data you provided in a commonly used, machine-readable format and ask us to transfer it where technically feasible.
  • Object: object to processing based on legitimate interests and to direct marketing at any time.
  • Withdraw consent: where we rely on consent (e.g., marketing, portfolio photos, certain cookies).
  • Not be subject to automated decision-making: we do not make solely automated decisions with legal or similarly significant effects.

How to make a request:

  • Contact us using the details above. We may need to verify your identity.
  • We aim to respond within one month. Complex or numerous requests may take longer (we’ll let you know).
  • Requests are free of charge unless manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

How You Can Manage Your Data

  • Update details: ask us to update your contact info, preferences or health details at any time.
  • Marketing: use the unsubscribe link in emails/SMS or contact us to opt out.
  • Cookies: adjust settings via our cookie banner or your browser/device.

Security

We use technical and organisational measures appropriate to the nature of the data, including:

  • Secure payment processing via reputable providers
  • Encryption, access controls and MFA on systems where available
  • Staff confidentiality and training
  • Regular reviews of suppliers and data handling
  • Secure storage for any paper records and safe disposal procedures

Children’s Privacy

Our services are only available to individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18.

Changes to This Policy

We may update this privacy policy from time to time. We’ll post the latest version on our website with an updated “Last updated” date. If we make significant changes, we’ll take additional steps to let you know (for example, email or a prominent website notice). Previous versions are available on request.

Contact Us and Complaints

Questions or requests about your data? Please contact:

Stocko's Body Arts (trading as L1 Electric Tattoo Co.)
28-30 Williamson Street, Liverpool, L1 1EB
Email: stockosbodyarts@gmail.com
Phone: +44 151 2303424

If you’re not satisfied with our response, you can complain to the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

 

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.