Privacy Policy

Effective Date: 20 September 2025  |  Last Updated: May 2026

CharlieMcCorry.com is the personal brand website of Charlie McCorry, Founding Partner of Bodhial Limited. This site serves as an introduction to Charlie’s work and to Bodhial. A separate Privacy Policy governs the Bodhial.com website and its services.

1. Who We Are

This website is operated by Charlie McCorry, Founding Partner of Bodhial Limited (“we”, “us”, or “our”). We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Bodhial Limited is registered with the Information Commissioner’s Office (ICO). Our ICO Registration Number is: [INSERT ICO REGISTRATION NUMBER].

Contact details:

2. What Data We Collect

a) Personal Data

  • Name

  • Email address

  • Postal address

  • Phone number

  • Payment details (processed via third-party providers)

  • IP address

  • Account login details

b) Usage Data

  • Pages visited and time spent on site

  • Browser and device data

  • Referral source

c) Special Category Data

We only collect special category data (e.g. health or allergy information relevant to beauty treatments) where strictly necessary and only with your explicit consent. See Section 3a for full details.

3. How We Collect Your Data

We collect data in the following ways:

  • When you use or browse our website

  • When you book an appointment for a beauty treatment or consultation (online, by phone, or in person)

  • When you create an account or make a purchase

  • When you subscribe to our newsletter

  • When you contact us via email, phone, contact form, or social media

  • When you complete surveys, provide feedback, or participate in promotions

3a. Special Category Data (Health & Safety for Treatments)

As part of providing beauty treatments, we may need to collect special category data, including:

  • Allergies or skin sensitivities

  • Skin or medical conditions relevant to treatment (e.g. pregnancy, current medication)

This data is collected:

  • Only when necessary to ensure your health and safety during a treatment

  • With your explicit consent, via a consultation or consent form at the time of booking or appointment

We will never use this information for marketing or any purpose unrelated to your treatment. You have the right to withdraw consent at any time, although this may affect our ability to provide certain services safely.

4. Legal Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Consent – for newsletter sign-ups and marketing communications.

  • Contract – to fulfil our obligations when you make a purchase or request a service.

  • Legal obligation – where processing is required to comply with a legal or regulatory requirement.

  • Legitimate interests – for website analytics, improving our services, and fraud prevention. We have assessed that these interests are not overridden by your rights and freedoms.

5. How We Use Your Data

We use your data to:

  • Process orders and payments

  • Deliver products or services

  • Send transactional updates or, with your consent, marketing communications

  • Respond to your enquiries

  • Improve our website and services

  • Comply with legal obligations

6. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you, as described under Article 22 of the UK GDPR.

7. Who We Share Your Data With

We may share your data with trusted third parties, including:

  • Payment processors (e.g. Stripe, PayPal)

  • Email marketing platforms (e.g. Mailchimp, ConvertKit)

  • IT and hosting service providers

  • Analytics providers (e.g. Google Analytics)

  • Law enforcement or regulatory bodies where required by law

All third-party processors are required to handle your data in compliance with UK GDPR and are bound by appropriate data processing agreements.

8. International Data Transfers

Some of our service providers may operate outside the UK. Where this is the case, we ensure that appropriate safeguards are in place, such as the use of UK International Data Transfer Agreements (IDTAs), Standard Contractual Clauses, or transfers to countries with an adequacy decision from the UK Government.

9. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. Our standard retention periods are:

  • Customer and transaction records: up to 6 years (in line with HMRC requirements)

  • Marketing and newsletter data: until you withdraw consent

  • Special category (health) data: only for the duration necessary for your treatment, unless a longer period is required by law

10. Data Breaches

In the event of a personal data breach, we will assess the risk to individuals and, where required, notify the ICO within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

11. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access – to request a copy of the personal data we hold about you

  • Right to rectification – to ask us to correct inaccurate or incomplete data

  • Right to erasure – to request deletion of your data in certain circumstances

  • Right to restrict processing – to ask us to limit how we use your data

  • Right to data portability – to receive your data in a structured, machine-readable format

  • Right to object – to object to processing based on legitimate interests or for direct marketing

  • Right to withdraw consent – at any time, where processing is based on consent

  • Right to lodge a complaint – with the Information Commissioner’s Office (ICO)

To exercise any of your rights, please contact us at: concierge@bodhial.com. You can also contact the ICO at: https://ico.org.uk or by calling 0303 123 1113.

12. Cookies and PECR

We use cookies to enhance your browsing experience and to analyse website traffic. Our use of cookies is governed by the UK Privacy and Electronic Communications Regulations (PECR) as well as the UK GDPR.

We will only place non-essential cookies on your device with your consent, obtained via our cookie consent banner. You can also manage or withdraw your cookie preferences at any time via your browser settings.

For full details of the cookies we use and how to manage them, please see our Cookie Policy.

13. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption across the website

  • Firewalls and access controls

  • Regular data backups

  • Restricted staff access to personal data on a need-to-know basis

14. Children’s Privacy

This website is not directed at children under the age of 18. In line with the UK’s Age Appropriate Design Code (Children’s Code), we treat anyone under 18 as a child for data protection purposes. We do not knowingly collect personal data from children. If you believe a child has provided us with their data without appropriate consent, please contact us immediately at concierge@bodhial.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are significant, we will notify you by email or by a prominent notice on this website. The “Last Updated” date at the top of this page will always reflect the most recent version.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your data, please contact us: