Privacy Policy

Last updated: December 2025

We respect your privacy and keep your data safe. We use your information only to run our online shop
and training services – to process orders, manage course bookings, communicate with you and improve
what we do. This Privacy Policy explains in detail how we collect, use and protect your personal
data.
----------------------------------------
This Privacy Policy explains how AB nails ("we", "us", "our") collects, uses and protects your
personal data when you:
- use our website https://abnails.co.uk ("Website");
- buy our nail-related products ("Products");
- book, purchase or attend our training and education services ("Courses" or "Training Services");
- contact us by email, social media or other channels.
We are committed to protecting your privacy and handling your personal data in a lawful, fair and
transparent way, in line with UK data protection law (including UK GDPR and the Data Protection Act
2018).
By using our Website or providing your personal data, you agree to this Privacy Policy.
----------------------------------------
1. Who we are (Data Controller)
AB nails
Sole trader established in England
Business address (for correspondence):
Dagenham, RM10, United Kingdom
Email (all privacy enquiries):
info@abnails.co.uk
For data protection law, we are the Data Controller of your personal data – we decide how and why
your personal data is used.
----------------------------------------
2. Key definitions
To help you understand this Privacy Policy, we use the following terms:
- "Personal data" – any information about a living person that can identify them directly or
indirectly (for example name, email address, delivery address, order number, IP address).
- "Processing" – any use of personal data, such as collecting, storing, sharing, analysing or
deleting it.
- "Data controller" – the person or organisation that decides how and why personal data is processed
(that’s us).
- "Data processor" – a person or organisation that processes personal data on behalf of the
controller (for example our website host, email service provider, payment provider).
- "Service" – our Website, online shop and the services we provide through it.
- "Cookies" – small text files placed on your device when you visit a website, used to remember
information about you (see Section 8).
----------------------------------------
3. What personal data we collect
The type of personal data we collect depends on how you interact with us.
3.1 Identity and contact data
- First name and last name
- Billing address and delivery address
- Email address
- Telephone number
- Social media handle (e.g. Instagram username) if you contact or tag us
3.2 Order and booking data
- Products you purchase
- Courses you book or attend (including date, location / online platform)
- Order and booking numbers
- Invoice and payment status
- Notes related to your order or training (for example nail style preferences, level of experience)
3.3 Payment and transaction data
We do not store your full card details. Payments are processed securely by third-party payment
providers. We may receive limited information, such as:
- payment method (e.g. card / PayPal / other provider)
- last few digits of your card (where shown by the provider)
- payment status (paid / pending / failed)
- transaction date and amount
3.4 Technical and usage data
When you use our Website, we may automatically collect:
- IP address
- browser type and version
- device type and operating system
- pages visited, time spent on pages, navigation paths
- approximate location (city/region) based on IP
- information about how you interact with our Website (for example clicks, scrolls)
This may be collected via cookies and similar technologies (see Section 8).
3.5 Marketing and communication data
- your preferences for receiving marketing emails or newsletters
- your responses to campaigns (for example whether you opened an email or clicked a link)
- unsubscribe requests and opt-out preferences
3.6 Course and training data
If you book or attend our Courses, we may process:
- which Course(s) you attend
- Course date, level and format (group / 1:1, in-person / online)
- training feedback or notes we give you
- copies of certificates issued by us under the name AB nails
- photos of your nail work or hands made during training (if you agree and/or share them with us)
3.7 Health and allergy information (optional)
You may choose to tell us about:
- allergies (for example to certain nail products or ingredients);
- relevant medical issues affecting your nails or skin.
We use this only:
- to help keep you safe (e.g. avoid using certain products); and
- based on your consent or where it is necessary to protect your vital interests.
You do not have to provide this information, but if you do not, we might not be able to offer some
services safely.
3.8 User content and social media
If you:
- send us photos or videos (for example of your nail work or healed results), or
- tag us or use our branded hashtags on social media,
we may view that content and, where appropriate and in line with platform rules and our Terms &
Conditions, re-share it on our Website or social channels.
----------------------------------------
4. How we collect your personal data
We collect personal data in these ways:
- Directly from you:
- when you place an order;
- when you book or attend a Course;
- when you create an account;
- when you contact us by email, form or social media;
- when you sign up to our newsletter.
- Automatically:
- through cookies and similar technologies when you use our Website (see Section 8).
- From third parties:
- payment providers (to confirm payment and prevent fraud);
- delivery and courier companies (delivery information and tracking);
- social media platforms (if you interact with our accounts or ads, within their own privacy
rules).
----------------------------------------
5. Why we use your personal data and legal bases
We must have a valid reason ("lawful basis") to process your personal data. Below is what we do with
your data and on what legal basis.
5.1 To process orders and deliver Products
- To process your order and take payment
- To send order confirmations and updates
- To deliver Products to your address
- To handle returns and refunds (where applicable)
Legal basis:
- Performance of a contract (we need your data to fulfil your order)
- Legal obligation (for example keeping tax records)
5.2 To manage Course bookings and deliver Training Services
- To confirm your booking and secure your place
- To send Course details, reminders and any changes
- To deliver the Course (in-person or online)
- To keep training records and issue certificates
Legal basis:
- Performance of a contract (we need your data to provide the Course)
- Legitimate interests (to keep accurate records of training and certificates)
5.3 To manage your account
- To create and maintain your customer account
- To allow you to log in, view orders, manage details
- To help you reset your password
Legal basis:
- Performance of a contract
- Legitimate interests (efficient customer account management)
5.4 To communicate with you
- To respond to your questions and requests
- To contact you about issues with your order or booking
- To notify you about important changes to our terms, policies or services
Legal basis:
- Performance of a contract
- Legitimate interests (effective customer service and communication)
- Legal obligation (in some cases)
5.5 Marketing and newsletters
- To send you emails about new Products, Courses, special offers or updates
- To tailor marketing to what we think may interest you (for example based on past orders or
Courses)
Legal basis:
- Consent (where you actively sign up to our mailing list); and/or
- Legitimate interests (for existing customers, to tell you about similar products or services,
where the law allows this, with a clear opt-out option).
You can unsubscribe from marketing at any time (see Section 9).
5.6 Website improvement and analytics
- To understand how visitors use our Website
- To improve layout, content and user experience
- To measure performance of pages and campaigns
Legal basis:
- Legitimate interests (to develop and improve our business and Website)
- Consent (for non-essential/analytics cookies where required – managed via cookie banner/settings)
5.7 Legal, regulatory and security purposes
- To comply with legal and regulatory obligations
- To keep proper business and tax records
- To prevent and detect fraud and misuse of our Website
- To protect our rights and defend claims
Legal basis:
- Legal obligation
- Legitimate interests (protecting our business and customers)
----------------------------------------
6. Who we share your personal data with
We do not sell your personal data. We may share it with:
- Service providers / Data processors who help us run our business, such as:
- Website hosting and technical support providers;
- Payment processors and banks;
- Delivery and courier companies;
- Email and newsletter platforms;
- IT and security providers;
- Cloud storage and backup services.
- Professional advisers – such as accountants, lawyers, insurers, where necessary.
- Authorities and regulators – if required by law, court order or to protect our legal rights.
These third parties are only allowed to use your personal data to provide services to us and must
keep it confidential and secure.
If we ever sell or transfer part of our business, your personal data may be transferred to the new
owner, who must continue to use it in line with this Privacy Policy.
----------------------------------------
7. International transfers
Some of our service providers may store or process personal data outside the UK (for example within
the EEA or in other countries).
Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in
place, such as:
- an adequacy regulation (the UK government recognises that country’s data protection as adequate);
or
- approved contractual clauses and other safeguards in line with UK data protection law.
You can contact us if you want more information about international transfers.
----------------------------------------
8. Cookies and similar technologies
Our Website uses cookies and similar technologies to:
- make the site work (for example keep items in your cart);
- remember your preferences;
- help us understand how visitors use the Website;
- improve performance and marketing.
8.1 Types of cookies we may use
- Strictly necessary cookies – required for the Website to function (e.g. cart, checkout, basic
security). These cannot usually be switched off.
- Preference or functional cookies – remember choices such as language or region.
- Analytics / performance cookies – help us understand how visitors use the Website (for example
which pages are most popular, how long visitors stay).
- Advertising / social media cookies – may be set by us or third parties to show you relevant ads or
allow sharing content on social networks.
8.2 Managing cookies
When you first visit our Website, you may see a cookie banner asking you to accept or manage
cookies. Where required by law, we will only use non-essential cookies (such as analytics or
advertising cookies) if you consent.
You can usually:
- change your cookie preferences through our cookie banner or settings; and
- adjust your browser settings to refuse or delete cookies.
If you block or delete cookies, some parts of our Website may not work correctly.
For more detail, please see our Cookie Policy (if available on the Website).
----------------------------------------
9. Marketing communications
We may send you marketing emails or messages about our Products, Courses, offers or news if:
- you have asked to receive them (subscribed / given consent); or
- you have previously bought from us and we are allowed to contact you about similar products or
services, with an easy way to opt out.
You can stop receiving marketing at any time by:
- clicking the "unsubscribe" link in any marketing email; or
- contacting us at info@abnails.co.uk.
Even if you opt out of marketing, we may still send service messages (for example order
confirmations, Course details, important changes to our terms).
----------------------------------------
10. How long we keep your personal data
We keep your personal data only for as long as we reasonably need it for the purposes described in
this Privacy Policy and to meet legal, tax and accounting requirements.
As a guide:
- Orders and transaction records – generally kept for up to 6 years from the end of the relevant tax
year.
- Course and training records (including certificates) – generally kept for up to 7 years from your
last interaction with us, to evidence training and deal with any future queries.
- Customer service messages – usually kept for up to 2 years after we resolve your enquiry.
- Marketing data – kept until you unsubscribe or until we decide to delete it as part of a regular
review.
- Technical and analytics data – kept for shorter periods where possible (for example up to 2
years), depending on the tools and settings used.
We may keep data for longer if needed in connection with a legal claim, investigation or dispute.
----------------------------------------
11. How we protect your personal data
We take appropriate technical and organisational measures to protect your personal data against
accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These may
include:
- secure servers and password-protected systems;
- limiting access to personal data only to those who need it for their role;
- using reputable service providers with appropriate security standards;
- regular software updates and security checks.
However, no method of transmission or storage is completely secure. We cannot guarantee absolute
security, but we work to minimise risks as far as reasonably possible.
You are responsible for:
- keeping your account login details and password confidential;
- logging out and closing your browser on shared devices;
- telling us promptly if you suspect unauthorised access to your account.
----------------------------------------
12. Your data protection rights
Under UK data protection law, you have certain rights regarding your personal data. These include:
- Right to access – to request a copy of the personal data we hold about you.
- Right to rectification – to ask us to correct inaccurate or incomplete data.
- Right to erasure – to request deletion of your data in certain circumstances (for example where it
is no longer needed or you withdraw consent and there is no other legal basis).
- Right to restrict processing – to ask us to limit how we use your data in certain cases.
- Right to data portability – to receive certain data in a structured, commonly used, machinereadable
format and/or for us to transfer it to another controller where technically possible.
- Right to object – to object to certain types of processing, including direct marketing at any
time.
- Rights related to automated decision-making and profiling – you have rights where we make
decisions about you solely by automated means. We do not currently carry out automated decisionmaking
that has legal or similar significant effects on you.
These rights are not absolute and may only apply in certain situations.
12.1 Exercising your rights
To exercise any of your rights, please contact us at:
info@abnails.co.uk
We may need to verify your identity before responding. We aim to respond within one month of
receiving your request, or explain if more time is needed for complex requests.
12.2 Withdrawing consent
Where we rely on consent (for example, for marketing emails), you can withdraw your consent at any
time by:
- clicking "unsubscribe" in our emails; or
- contacting us at info@abnails.co.uk.
This will not affect the lawfulness of any processing carried out before you withdraw consent.
12.3 Complaints
If you are unhappy with how we use your personal data, please contact us first so we can try to
resolve the issue.
You also have the right to complain to the UK data protection regulator:
Information Commissioner’s Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
----------------------------------------
13. Children’s privacy
Our Website, Products and Courses are intended for adults. We do not knowingly collect personal data
from anyone under 18.
If you are a parent or guardian and believe your child has provided us with personal data, please
contact us so we can delete it where appropriate.
----------------------------------------
14. Third-party websites and social media
Our Website may contain links to other websites or services, including social media platforms. These
websites have their own privacy policies. We are not responsible for how they collect or use your
personal data.
We recommend that you read the privacy policy of every website you visit.
----------------------------------------
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example if:
- the law changes; or
- our services or the way we process personal data change.
When we make significant changes, we will:
- update the "Last updated" date at the top of this page; and
- where appropriate, show a notice on our Website and/or contact you by email.
----------------------------------------
16. Contact us
If you have any questions about this Privacy Policy, or about how we handle your personal data, or
if you wish to exercise your rights, you can contact us at:
AB nails
Email: info@abnails.co.uk
Business address: Dagenham, RM10, United Kingdom