Skip to content
Kiara Alles-Shah
Book a call

Legal

Privacy policy

kiaraallesshah.com · SKIN DISCOVERY LTD

Last updated: 27 May 2026

Effective from: 27 May 2026

1. Who we are

This Privacy Policy explains how SKIN DISCOVERY LTD (“we”, “us”, “our”) collects, uses, stores and protects personal information about visitors to our website kiaraallesshah.com and people who use our services.

  • Company name: SKIN DISCOVERY LTD
  • Registered address: 17 Tudor Walk, Watford, WD24 7NY, United Kingdom
  • Contact email: kiara@kiaraallesshah.com

We are the “data controller” of the personal information you share with us. This means we decide how and why your data is processed.

2. The personal information we collect

We collect personal information in the following ways:

2.1 Information you give us directly

  • Your name, email address and phone number when you fill out a contact form, application form, newsletter sign-up or enquiry form on the website.
  • Payment details when you book or purchase one of our services (payments are processed by Stripe, and we do not store full card numbers ourselves).
  • Information you provide about yourself, your business or your goals when you apply for our coaching programme or community.
  • Communications you send us by email, social media direct message, or WhatsApp.
  • Feedback, testimonials or reviews you choose to share with us.

2.2 Information we collect automatically

  • Your IP address, browser type, device type and operating system.
  • Pages visited, time spent on each page and how you arrived at our website.
  • Cookie data (see Section 7 for more).

2.3 Information from third parties

  • Information you share with us through social media platforms (such as Instagram, LinkedIn or TikTok) when you contact us via those channels.
  • Information from our payment processor (Stripe) confirming successful payments.

3. Why we use your information and the legal basis for doing so

Under UK GDPR and the Data Protection Act 2018, we are required to tell you the legal basis on which we process your personal information. We rely on the following:

3.1 To enter into and perform a contract with you

When you book or purchase one of our services (for example, The Audacity Room coaching programme), we use your information to deliver that service, manage your account, communicate with you about your sessions and provide any related support.

Legal basis: Performance of a contract.

3.2 To respond to your enquiries

When you contact us via the website, email or social media, we use your information to respond to your message.

Legal basis: Legitimate interests (responding to enquiries).

3.3 To send you marketing communications

If you sign up to our newsletter, fill out a form that includes a clear marketing opt-in, or have purchased a service from us, we may send you marketing emails about our content, offers, programmes and events. You can unsubscribe at any time using the link in the bottom of every marketing email.

Legal basis: Consent (for newsletter sign-ups) or legitimate interests / soft opt-in (for existing customers).

3.4 To improve our website and services

We use analytics data (collected via cookies, see Section 7) to understand how visitors use our website, what content is most useful and how we can improve.

Legal basis: Consent (for non-essential analytics cookies) / legitimate interests.

3.5 To meet our legal obligations

We may need to keep certain records (such as financial records and tax records) to comply with UK law. We also need to keep records of consent and communications relating to data protection.

Legal basis: Legal obligation.

4. Who we share your information with

We do not sell your personal information to anyone. We only share it with the following types of third parties, and only where it is necessary to deliver our services or meet our legal obligations:

  • Stripe, our payment processor, who handles your payment securely. Stripe's privacy policy is available at stripe.com/gb/privacy.
  • Email service providers, used to send you our newsletter and transactional emails. [INSERT PROVIDER, e.g. Mailchimp, Flodesk, ConvertKit]
  • Website hosting and analytics providers, [INSERT, e.g. Google Analytics, hosting provider]
  • Our small team and trusted contractors, such as our marketing lead, web developer or admin support, who may have limited access to your information solely to help us deliver our services.
  • Professional advisers, such as our accountants or solicitors, where required.
  • Law enforcement or regulators, where required by law.

All third parties we share information with are required to handle your data in line with UK data protection law.

5. International transfers

Some of the third parties we use (for example, our email or analytics providers) may be based outside the UK or European Economic Area (EEA). Where this is the case, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms approved by the Information Commissioner's Office (ICO), to protect your information.

6. How long we keep your information

We only keep your personal information for as long as we need it. Specifically:

  • Enquiry information: up to 24 months from your last contact with us, unless you become a client.
  • Client records: for the duration of our working relationship, plus 6 years afterwards (to meet UK accounting and tax record-keeping requirements).
  • Marketing list data: until you unsubscribe, at which point your email is removed from the active list within 30 days.
  • Website analytics data: typically 14 to 26 months, depending on the analytics provider's settings.

7. Cookies

Our website uses cookies and similar technologies to function properly and to help us understand how visitors use the site. When you first visit our website, you will see a cookie banner where you can accept or reject non-essential cookies.

7.1 Types of cookies we use

  • Strictly necessary cookies, required for the website to function (for example, logging into your client portal). These do not require consent.
  • Analytics cookies, help us understand how visitors use the site so we can improve it. These only run if you give consent via the cookie banner.
  • Functionality cookies, remember your preferences (such as language or display settings). These only run if you give consent.

You can change your cookie preferences at any time by clicking the cookie settings link in the website footer or by clearing cookies in your browser.

8. Your rights

Under UK GDPR, you have the following rights in relation to your personal information:

  • The right to be informed about how we use your data (this policy).
  • The right of access, you can ask us for a copy of the personal information we hold about you.
  • The right to rectification, you can ask us to correct inaccurate or incomplete information.
  • The right to erasure, you can ask us to delete your personal information, in certain circumstances.
  • The right to restrict processing, you can ask us to limit how we use your information.
  • The right to data portability, you can ask us to provide your data in a portable format.
  • The right to object, you can object to certain types of processing, including direct marketing.
  • Rights relating to automated decision-making and profiling, we do not use automated decision-making in any way that has a legal effect on you.

To exercise any of these rights, please email us at hello@kiaraallesshah.com. We will respond within one month.

9. How to complain

If you have concerns about how we are handling your personal information, please contact us first at hello@kiaraallesshah.com so we can try to resolve your concerns directly.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

  • ICO website: ico.org.uk
  • ICO helpline: 0303 123 1113
  • ICO postal address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Security

We take reasonable steps to protect your personal information from accidental loss, unauthorised access, alteration or disclosure. This includes secure password protection, encrypted communications where appropriate and limiting access to your information to people who genuinely need it to do their jobs.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we do our best to protect your personal information, we cannot guarantee its absolute security.

11. Children's privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If you believe a child has provided us with personal information, please contact us and we will take steps to delete that information.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a new “last updated” date. If we make significant changes, we will notify you by email or through a notice on the website.

13. Contact us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact:

  • Kiara Alles-Shah
  • SKIN DISCOVERY LTD
  • 17 Tudor Walk, Watford, WD24 7NY
  • Email: hello@kiaraallesshah.com

This Privacy Policy is governed by the laws of England and Wales.