Privacy Policy
This Privacy Policy explains how Benjamin Aslani trading as Beni.ink ("Artist", "I", "me", "my") collects, uses, stores, and protects your personal data when you visit my website (beni-ink.com), make inquiries, book a tattoo appointment, or receive services. I am committed to protecting your privacy in line with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other applicable laws.
1. Who I Am (Data Controller)
Benjamin Aslani
Trading as: Beni.ink
Address: 38 Pickford Ln, Bexleyheath DA7 4QT, United Kingdom
Email: bookings@beni-ink.com
I am the sole data controller for the personal data I process. As a small sole trader, I do not have a designated Data Protection Officer.
2. What Personal Data I Collect
I may collect the following types of personal data:
- Contact and identification details: Name, email address, phone number (including WhatsApp), and postal address (if provided).
- Booking and service details: Appointment dates/times, tattoo design ideas, references or inspiration images you share, and any preferences or notes.
- Health-related information: Basic medical details (e.g., allergies, skin conditions, medications, pregnancy status) disclosed on consent forms (this is "special category" data).
- Technical data: IP address, browser type, device information, and website usage data (e.g., pages visited) collected automatically via cookies or analytics tools (if used).
- Photos/images: Images of your tattoos (with permission) for my portfolio.
I only collect what is necessary for providing tattoo services, bookings, and aftercare.
3. How I Collect Your Data
- Directly from you: When you contact me via email, WhatsApp, contact form, phone, or in person (e.g., for bookings or consultations).
- Automatically: Through website interactions (e.g., cookies for basic analytics).
- From third parties: Rarely, e.g., if you book via a referral platform.
4. Why I Process Your Data (Purposes and Lawful Basis)
I process your personal data for the following reasons:
- To provide tattoo services and manage bookings (e.g., scheduling, reminders, aftercare advice). Lawful basis: Contract (or steps to enter a contract) — Article 6(1)(b) UK GDPR.
- To handle health/safety information for safe tattooing. Lawful basis: Explicit consent — Article 9(2)(a) UK GDPR (for special category data). You give this via signed in-person consent forms.
- To communicate with you (e.g., confirm appointments, send aftercare instructions, respond to inquiries). Lawful basis: Contract or legitimate interests (efficient communication).
- For portfolio/marketing (photos of tattoos). Lawful basis: Consent (you can opt out verbally or in writing).
- To comply with legal obligations (e.g., record-keeping for health/safety). Lawful basis: Legal obligation — Article 6(1)(c).
I do not use your data for automated decision-making or profiling.
5. Who I Share Your Data With
I do not sell or share your data with third parties for marketing. Limited sharing may occur with:
- Service providers (e.g., email/WhatsApp for communication, basic website hosting/analytics if used — they act as processors under strict contracts).
- Professional advisors (e.g., accountant or lawyer) if required.
- Authorities if legally required (e.g., health/safety investigations).
WhatsApp is owned by Meta — their privacy policy applies to messages sent via WhatsApp.
6. How Long I Keep Your Data
I keep your data only as long as necessary:
- Booking/contact details: Up to 2 years after last interaction (for potential follow-ups or disputes).
- Consent forms/health info: Up to 7 years (standard for health-related records).
- Portfolio photos: Indefinitely (with your consent), unless you request removal.
After these periods, data is securely deleted or anonymised.
7. Your Rights Under UK GDPR
You have the right to:
- Access your data.
- Correct inaccurate data.
- Request deletion (right to be forgotten — subject to legal retention needs).
- Restrict or object to processing.
- Withdraw consent (where consent is the basis — e.g., for photos).
- Data portability (in limited cases).
To exercise these rights, email me at bookings@beni-ink.com. I will respond within one month (free of charge in most cases). You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk.
8. Data Security
I take reasonable steps to protect your data (e.g., secure email, password protection, limited access). However, no transmission over the internet is 100% secure.
9. International Transfers
Your data is processed in the UK. If any tools involve transfers outside the UK (e.g., US-based analytics), they use approved safeguards like UK adequacy decisions or standard contractual clauses.
10. Changes to This Policy
I may update this Privacy Policy occasionally. Changes will be posted here with an updated date. Continued use of my services/website after changes means acceptance.
11. Contact Me
If you have questions about this Privacy Policy or your data, contact:
Email: bookings@beni-ink.com
Address: 38 Pickford Ln, Bexleyheath DA7 4QT, United Kingdom
Last updated: February 2026