top of page

Privacy Policy

Data Controller:
Ciro Arellano
Email: tattoo@ciroarellano.com
Website: ciroarellano.com
Activity: Tattoo services and appointment management.

1.⁠ ⁠Personal data I collect

Through the booking request form, I collect the following information:
   •    Full name
   •    Email address
   •    Telephone number (optional)
   •    City or location
   •    Project description
   •    Reference photographs
   •    Photographs of the body area to be tattooed
   •    Availability preferences

This information is used solely to prepare personalised tattoo proposals and to coordinate appointments.

2.⁠ ⁠Purpose of processing

Your personal data is processed for the following purposes:
   •    Reviewing and assessing your tattoo request
   •    Contacting you for questions or clarifications
   •    Sending proposals, sketches, and quotes
   •    Scheduling and managing appointments
   •    Requesting consent to take and publish photographs of the finished work (if applicable)

Your data is not used for advertising nor shared with third parties for marketing purposes.

3.⁠ ⁠Legal basis for processing

The processing of your data is based on:
   •    Your explicit consent when submitting the form (Article 6.1.a GDPR)
   •    The performance of a contract or pre-contract (managing your appointment) (Article 6.1.b GDPR)

4.⁠ ⁠Data retention period

Your data will be kept for:
   •    12 months if no appointment is booked
   •    5 years if the tattoo is completed (for health documentation and proof of service)

All data will then be securely deleted.

5.⁠ ⁠Data sharing with third parties

I do not share your personal data with third parties except for:
   •    Web hosting provider where the form is stored
   •    Email service platforms used to contact you

These providers comply with GDPR and operate under appropriate data-processing agreements.

6.⁠ ⁠Your rights

You may exercise any of the following rights at any time by contacting: [your email]
   •    Right of access
   •    Right to rectification
   •    Right to erasure (“right to be forgotten”)
   •    Right to restriction of processing
   •    Right to object
   •    Right to data portability

You may also lodge a complaint with the Spanish Data Protection Agency (AEPD).

7.⁠ ⁠Security measures

I apply technical and organisational measures to ensure the protection of your data, including:
   •    SSL encryption on the website
   •    Restricted access to email and web platform
   •    Secure deletion of images and documents

8.⁠ ⁠Consent

By submitting the booking form, you confirm that:
   •    You have read and accept this Privacy Policy
   •    You are over 18 years of age
   •    You authorise the use of your data solely for the purpose of managing your tattoo request

9.⁠ ⁠Image policy

Any photographs taken of the tattoo will only be published (on social media or website) with your explicit and separate consent.
This consent is voluntary, independent from the service itself, and may be revoked at any time.

bottom of page