Skip to main content
Gloss Beauty by Louise

Privacy Policy

Last updated: 27 May 2026

Privacy contact: glossbeautylouise@gmail.com — Louise Savage acts as the privacy contact for Gloss Beauty by Louise. A formal Data Protection Officer (DPO) is not required for a solo sole-trader operation under GDPR Art. 37, AU Privacy Act, or CCPA.

Scope and Jurisdictions Covered

This policy applies to glossbeauty.com.au and to enquiries and bookings made through it. It is written to comply with the following privacy regimes that may apply to visitors:

  • Australia — Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs). Primary jurisdiction (Louise is based in Queensland, Australia).
  • European Union — General Data Protection Regulation (GDPR, Regulation 2016/679).
  • United Kingdom — UK GDPR (Data Protection Act 2018).
  • California, USA — California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
  • Other jurisdictions — where visitor residency triggers local data protection laws (e.g., Quebec Law 25, Brazil LGPD, India DPDP), we honour the same rights described below.

1. Information We Collect

When you use our website or contact us, we may collect the following personal information:

  • Name and contact details (email, phone number)
  • Event details (date, location, party size, venue)
  • Messages and enquiry content you submit via the contact form
  • Website usage data — anonymised page-view + session data via Google Analytics 4, only after you accept cookies
  • Standard server logs (IP address, user-agent, referrer) collected by our hosting provider Vercel

We do not collect special-category data (health, biometric, religious, political) and we do not perform automated decision-making or profiling under GDPR Art. 22.

2. Legal Basis for Processing (GDPR Art. 6)

Under the GDPR and UK GDPR, every processing activity must have a lawful basis. The bases we rely on are:

  • Contract (Art. 6(1)(b)) — to respond to your booking enquiry and deliver the makeup service you have requested.
  • Legitimate interests (Art. 6(1)(f)) — to keep records of past bookings, follow up on enquiries, and improve the website. You may object to processing on this basis at any time.
  • Consent (Art. 6(1)(a)) — for non-essential cookies and any future marketing emails. You may withdraw consent at any time via the cookie banner or by contacting us.
  • Legal obligation (Art. 6(1)(c)) — to retain financial records as required by Australian tax law.

3. How We Use Your Information

We use your personal information to:

  • Respond to your enquiries and booking requests
  • Provide our makeup artistry services on the agreed date
  • Send relevant follow-up communications about your booking
  • Improve our website and the service we offer
  • Meet legal record-keeping obligations

4. Third-Party Services and Data Processors

We use the following third-party processors. Each operates under their own privacy terms:

  • Google Analytics 4 (GA4) — collects anonymised usage data such as pages visited, session duration, and approximate location (city-level). Measurement ID: G-X0154M9H2M. Data is only collected after you accept cookies via the consent banner. Standard Google retention: 14 months. Google Privacy Policy.
  • Web3Forms — processes enquiry form submissions. Your name, email, event details, and message are transmitted to Web3Forms' servers for delivery to glossbeautylouise@gmail.com. Web3Forms Privacy Policy.
  • Vercel — hosts the website. Collects standard server logs (IP, browser type, pages visited) as part of normal hosting operations. Vercel Privacy Policy.
  • Cloudflare — DNS provider. May log standard DNS query data per their privacy policy.

We do not sell, rent, or share your personal information with any other third parties except as required by law. We have not received any "right to know" or sale-of-data requests under the CCPA in the last 12 months.

5. Cookies

Our website uses cookies to enhance your browsing experience and analyse site traffic. Google Analytics cookies are denied by default (Google Consent Mode v2) and only activated after you accept via our cookie consent banner. Strictly necessary cookies (e.g., the consent record itself) do not require consent. You can also manage cookie preferences through your browser settings.

6. Cross-Border Data Transfers

Some of the third-party services we use (Google, Web3Forms, Vercel, Cloudflare) are based in or transfer data to the United States and other countries outside Australia, the EU, and the UK. These transfers rely on the recipients' own data transfer mechanisms (Standard Contractual Clauses, Data Privacy Framework, or equivalent). By using our website, your information may be transferred to and processed in those countries.

7. Data Retention

We retain enquiry data (name, email, event details, messages) for up to 24 months after your last interaction with us, or until the completion of services, whichever is later. Booking-related financial records are retained for 7 years to meet Australian tax record-keeping obligations. Website analytics data collected via Google Analytics is retained for 14 months in accordance with Google's default retention settings. You may request deletion of your enquiry data at any time (see "Your Rights" below).

8. Data Security

We take reasonable technical and organisational measures to protect your personal information from unauthorised access, alteration, or destruction — including TLS encryption in transit (HSTS preloaded), DMARC + SPF email anti-spoofing, and access controls on the email account that receives enquiries. However, no method of electronic transmission is 100% secure.

9. Your Rights — Access, Correction, Deletion (DSAR)

Under the Australian Privacy Principles (APPs 12 + 13), GDPR Art. 15-22, UK GDPR, and CCPA, you have the following rights regarding your personal information:

  • Right to access — request a copy of the personal data we hold about you (Data Subject Access Request, "DSAR" under GDPR; "right to know" under CCPA).
  • Right to rectification — request correction of inaccurate or incomplete information.
  • Right to erasure / deletion — request that we delete your personal data (GDPR Art. 17 "right to be forgotten"; CCPA "right to delete"). We will erase your data within 30 days of a verified request unless we are legally required to retain it.
  • Right to data portability — request your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests, including any direct marketing.
  • Right to restrict processing — request we limit how we use your data while a complaint or correction is being resolved.
  • Right to withdraw consent — for any processing based on consent (e.g., cookies), at any time.
  • CCPA non-discrimination — California residents will not be discriminated against for exercising any of these rights.

How to exercise your rights — DSAR + Deletion procedure: email glossbeautylouise@gmail.com with the subject line "DSAR Request" or "Delete my data". Include the email address or phone number you used to contact us so we can locate your records. We will verify your identity (one follow-up email confirming the request from the same address) and respond within 30 days as required by GDPR / 45 days under CCPA. There is no fee for exercising these rights.

10. Children's Privacy

We do not knowingly collect personal information from anyone under 16 without parental or guardian consent. School-formal makeup bookings for Year 11/12 students are arranged through the parent or guardian who initiates the enquiry.

11. Complaints and Supervisory Authorities

If you believe we have mishandled your personal information, please contact us first at glossbeautylouise@gmail.com — we aim to resolve concerns within 30 days. If you are not satisfied, you may complain to the relevant supervisory authority for your jurisdiction:

12. Updates to this Policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes (e.g., a new processor or new processing purpose) will be highlighted at the top of the page for 30 days following the change.

Contact

For any privacy enquiry, DSAR, deletion request, or complaint, contact glossbeautylouise@gmail.com — typically responded to within 24-48 hours.