Privacy Policy
Effective date: 1st October 2025
​
Needle and Moon LTD (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data in line with the UK General Data Protection Regulation (UK GDPR).
1. Who We Are -
Business name: Needle and Moon LTD Registered address: 13 Channel View Crescent, Portishead, Bristol, BS20 6LY Contact email: hello@needleandmoon.co.uk
If you have any questions about this policy or how your data is used, you can contact us at the above email address.
2. Information We Collect -
We may collect the following information when you interact with us: - Name - Email address - Postal address - Phone number - Photos and images (e.g. tattoo references) - Website usage data (IP address, device information, cookies – managed via Wix) We also collect information you choose to share when contacting us by enquiry form, booking form, social media, email, or direct message.
3. How We Collect Information-
Your data may be collected through: - Enquiry and contact forms - Booking and appointment forms - Newsletter and mailing list sign-ups - Direct communication (email, phone, DM, or social media) - Referrals and collaborations - Cookies and analytics on our website (via Wix)
4. Why We Collect Information -
We process your personal data for the following purposes: - To respond to enquiries - To manage bookings and appointments - To send updates if you have signed up to our mailing list (with your consent) - To communicate with you about services or collaborations - To improve our website experience (through Wix analytics and cookies) - To comply with legal obligations (such as record-keeping for tax purposes)
The legal basis for processing your data is in line with UK GDPR: - Consent – where you have opted in (e.g. mailing list) - Contract – to provide the services you have requested - Legitimate interests – to run our business effectively and communicate with clients - Legal obligation – where required by law
5. Payment Information -
We do not process or store your payment or billing information directly. Payments are handled securely through third-party providers, who process data in compliance with GDPR.
6. Data Sharing -
We do not sell or rent personal information. We may share your data with trusted third parties that support our services, such as: - Website host (Wix) - Cloud storage (Google Drive) - Payment processors - Email marketing platforms Where data is transferred outside the UK/EEA, we ensure it is protected by appropriate safeguards.
7. Data Retention -
We retain personal information for up to 3 years as standard. - You may request deletion of your data at any time by contacting us at hello@needleandmoon.co.uk. - Some data may be retained longer if required for legal, tax, or regulatory reasons.
8. Your Rights Under UK GDPR -
You have the right to: - Access your personal data - Correct inaccurate or incomplete data - Request deletion of your data - Restrict or object to processing - Withdraw consent (where consent was given) - Request a copy of your data in a portable format - Complain to the UK Information Commissioner’s Office (ICO) if you believe your rights have been violated
To exercise any of these rights, please contact us at hello@needleandmoon.co.uk.
9. Cookies and Website Data -
Our website is hosted on Wix, which uses cookies and similar technologies to provide, secure, and improve website functionality. These may include: - Essential cookies – required for site operation - Analytics cookies – to measure performance and improve services - Functional cookies – to remember user preferences You can manage or disable cookies via your browser settings.
For more details, see Wix’s Cookie Policy: https://www.wix.com/about/cookie-policy.
10. Children and Minors -
We do not provide services to, or knowingly collect data from, individuals under the age of 18.
11. Security -
We take appropriate technical and organisational measures to protect your data, including secure storage, password protection, and access controls. Data is stored in Google Drive and via trusted third-party providers.
12. Changes to This Policy -
This Privacy Policy may be updated from time to time. Any changes will be posted on this page with an updated effective date.