IAMAesthetics
Privacy Policy
In compliance with the Protection of Personal Information Act (POPIA), 2013
Last updated: May 2026
1. Introduction
IAM Aesthetics is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA). This policy explains how we collect, use, store, and protect your personal data.
2. Information We Collect
| Category | Examples | Purpose |
| Identity | Full name | Booking identification, communication |
| Contact | Phone number, email address | Appointment confirmations, reminders, receipts |
| Health | Allergies, skin conditions, medical history | Safe treatment delivery |
| Financial | Payment method (card/EFT) | Processing payments |
| Preferences | Treatment preferences, pressure, room lighting | Personalised service |
3. How We Use Your Information
- To process and manage your bookings
- To communicate appointment confirmations, reminders, and follow-ups
- To provide safe and personalised treatments
- To process payments and issue receipts/invoices
- To manage loyalty rewards and vouchers
- To improve our services based on feedback
- To comply with legal obligations
4. Legal Basis for Processing
We process your personal information based on:
- Consent — you provide consent when booking an appointment or opting in to marketing
- Contract — processing is necessary to fulfil our service agreement with you
- Legitimate interest — to improve our services and communicate relevant information
- Legal obligation — to comply with tax, health, and safety regulations
5. Data Sharing
We do not sell, rent, or trade your personal information. We may share data with:
- Payment processors — to process card/EFT payments securely
- Email service providers — to send booking confirmations and receipts
- Legal authorities — if required by law or court order
6. Data Security
- All data is stored on secure servers with encrypted connections (SSL/TLS)
- Access to personal information is restricted to authorised staff only
- Passwords and sensitive credentials are encrypted using industry-standard algorithms
- Regular security reviews are conducted
7. Data Retention
- Booking and client records are retained for 5 years for business and legal purposes
- Financial records are retained as required by SARS (5 years)
- Marketing consent records are retained until you withdraw consent
- You may request deletion of your data at any time (subject to legal retention requirements)
8. Your Rights Under POPIA
You have the right to:
- Access — request a copy of your personal information we hold
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your data (where legally permissible)
- Object — object to processing of your data for direct marketing
- Withdraw consent — withdraw previously given consent at any time
- Complain — lodge a complaint with the Information Regulator
9. Marketing Communications
We will only send marketing communications if you have opted in. You may unsubscribe at any time by contacting us or using the unsubscribe link in our emails.
10. Information Officer
For any queries, requests, or complaints regarding your personal information:
11. Changes to This Policy
This policy may be updated from time to time. The latest version will always be available on our website. Continued use of our services after changes constitutes acceptance of the updated policy.