Pin & Poke Ltd — Privacy Notice

Last updated: October 2025

BACKGROUND

We respect the privacy of our clients and everyone who visits our website, www.pinandpoke.com (“Our Site”). Pin & Poke Ltd (we/us/our) will only collect and use personal data in ways that are described in this Privacy Notice, and that are consistent with our obligations and your rights under the Data Protection Legislation.

This Privacy Notice also applies to the purchase of our gua sha products via Our Site.

1. Definitions and Interpretation

Client: an individual who engages our services, purchases products, or on whose behalf our services/products are purchased.

Data Protection Legislation: all applicable UK privacy and data protection legislation, including the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426), and any other applicable laws/regulations.

2. Information About Us

Pin & Poke Ltd is a limited company incorporated in England & Wales (company number 15287096), with registered office at Bennet Brooks, Macclesfield, United Kingdom. We are the controller responsible for your personal data.

For any questions about your personal data or this Privacy Notice, email: hello@pinandpoke.com.

3. Third-party links

Our Site may include links to third-party websites (e.g., social media, payment platforms). Clicking these links may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their handling of personal data. Always review their privacy policies.

Our social media is @pin.andpoke.

4. Your personal data

Personal data is any information that identifies you, such as your name, contact details, or online identifiers. Anonymous data is not considered personal data.

We rely on accurate, up-to-date information. If your personal data changes, please inform us. Failure to provide requested data may prevent us from fulfilling a contract or order.

5. Your rights

You have the following rights under UK GDPR:

  • Right to be informed about our collection and use of personal data

  • Right of access to your personal data

  • Right to rectify inaccurate/incomplete data

  • Right to request deletion or withdraw consent

  • Right to prevent or restrict processing

  • Right to data portability

  • Rights regarding automated decision-making (we do not use this)

  • Right to lodge a complaint with the ICO: www.ico.org.uk

To exercise your rights, email: hello@pinandpoke.com.

6. What Data We Collect

We collect different types of personal data depending on your interaction:

Contact & Biographical Information: name, email, postal address, phone, DOB, emergency contact (for in-person treatments).

Account Information: username, password, profile info.

Payment Information: billing address, transaction history. Payments are securely processed by Stripe; we do not store full card numbers.

Order & Shipping Data: product orders, Royal Mail delivery information.

Communication Data: emails, messages, or other correspondence.

Usage & Technical Data: pages visited, time on site, IP address, device/browser info, analytics via Squarespace and Google.

Social Media Data: interactions via social media platforms.

Sensitive Data (with consent): health/medical info relevant to treatments.

Cookies & Tracking: see our [Cookie Policy].

Other Information: any additional information you provide voluntarily or as required by law.

7. How we use your personal data

We use your personal data to:

  • Perform contracts or provide services/products

  • Develop and administer our business and Our Site

  • Maintain security, legal compliance, and records

  • Send marketing communications (with consent, opt-out available)

With your permission and/or where permitted by law, to market our products and/or services to you. You will not be sent any unlawful marketing or spam, and you will always have the opportunity to opt-out of marketing communications at any time. Please see our Terms & Conditions for full details regarding product purchases, returns, and orders.

We do not carry out automated decision-making or profiling. We will notify you if your data is needed for a new purpose.

8. Keeping your personal data

We retain personal data only as long as necessary for its purpose.

  • For regulatory/tax purposes, basic client/order info is kept for 7 years.

  • Data may be anonymised for research/statistical purposes indefinitely.

  • Longer retention may apply in the event of complaints or potential litigation.

9. Storing your personal data

Your personal data is protected through:

  • SSL encryption on Our Site

  • Secure storage via Stripe, Cliniko, Squarespace, and Google

  • Access limited to authorised personnel only

  • Regular audits, software updates, and data breach procedures

10. Transferring and sharing your personal data

We may share your personal data with:

  • Service providers (Stripe, Squarespace, Cliniko, Google)

  • Royal Mail for delivery of gua sha products

  • Professional advisers (lawyers, auditors, insurers)

  • Regulators (e.g., HMRC)

  • New business owners in the event of a sale/merger

All transfers comply with UK GDPR.

11. Controlling and withholding your personal data

You can control the use of your personal data for direct marketing by unsubscribing from emails. Certain features may require providing personal data.

You may also manage your cookie preferences via our [Cookie Policy]

12. Accessing your personal data

To request your personal data (Subject Access Request), email hello@pinandpoke.com with “Subject Access Request” in the subject line.

  • Standard requests are free; excessive/unfounded requests may incur a fee.

  • Response time: up to 1 month (complex requests: max 3 months).

13. Contact Details

For data protection inquiries, contact: hello@pinandpoke.com.

14. Updates to this Privacy Notice

We may update this Privacy Notice at any time. The latest version will be posted on Our Site. Continued use constitutes acceptance.