GDPR COMPLIANCE STATEMENT
GDPR Compliance Statement – Alo Loco Tattoo
Business name: Alo Loco Tattoo
Website: www.alolocotattoo.com
Contact: alolocotattoo@gmail.com
1. Purpose
This statement outlines how Alo Loco Tattoo complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in relation to the collection and processing of personal data.
2. Data We Collect
We collect and process limited personal information provided by clients and website visitors, including:
Name and contact details (email, phone)
Tattoo enquiry details (ideas, preferences, reference images)
Website usage data (via cookies and analytics tools)
3. Lawful Basis for Processing
We process personal data on the following lawful bases:
Consent: when an individual contacts us via the website form or email.
Legitimate interest: to manage bookings, consultations, and customer communication.
Legal obligation: where required for tax, record-keeping, or regulatory purposes.
4. Data Storage and Security
Personal data is stored securely in password-protected systems and email accounts.
Our website is hosted with SiteGround, which provides SSL encryption and server-level security.
Access to personal data is restricted to the business owner.
5. Data Sharing
We do not sell, rent, or trade personal data. Information is only shared if legally required (for example, for law enforcement or tax authorities).
6. Data Retention
Personal data is retained only as long as necessary to fulfil its purpose (e.g., managing an enquiry or booking) or as required by law. Once no longer needed, data is securely deleted.
7. Individual Rights
In accordance with GDPR, individuals have the right to:
Access the personal data we hold
Request correction or deletion of data
Restrict or object to processing
Withdraw consent at any time
Lodge a complaint with the UK Information Commissioner’s Office (ICO)
8. Contact
To exercise these rights or for GDPR-related enquiries, contact:
Email: alolocotattoo@gmail.com