Privacy Policy

1. Who we are and how to contact us

This Privacy Policy explains how Liverpool Hair and Beauty (“we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you use the website liverpoolhairandbeauty.co.uk and our related online services (the “Site”). We are the data controller for personal data processed via the Site.

Contact for privacy matters: privacy@liverpoolhairandbeauty.co.uk

We are established in the United Kingdom and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Personal data we collect

1. Information you provide to us

   • Identity and contact data: name, email address, phone number.
   • Account details: username, password (stored in encrypted form), preferences.
   • Booking and service data: appointment details, service preferences, stylist/therapist preference, notes you choose to share.
   • Payment and transaction data: billing address, transaction amounts, dates, partial payment details. We do not store full card numbers; payment processing is handled by third-party providers.
   • Marketing preferences and communications: your subscription status and correspondence with us.
   • Special category data (only if you choose to provide it): information about allergies, patch-test results, and relevant health information necessary to deliver certain treatments safely.

2. Information collected automatically

   • Technical and usage data: IP address, device and browser type, operating system, pages viewed, referring URLs, time and date of visits, and other standard server log information.
   • Cookie and similar technologies data: details described in Section 5.

3. Information from third parties

   • Payment and fraud-prevention partners: confirmation of payments and fraud checks.
   • Appointment/booking tools and service providers: booking confirmations and updates.
   • Analytics and marketing providers: aggregated insights about Site usage and campaign performance.

3. How we use your personal data (purposes)

1. To provide and manage the Site, your account, and bookings.
2. To process payments and issue receipts or invoices.
3. To communicate with you about appointments, changes, cancellations, and customer support.
4. To deliver marketing communications where permitted (see Section 11), including service updates, offers, and news.
5. To personalise your experience (for example, remembering preferences) and improve the Site, services, and customer experience.
6. To perform analytics, measure performance, and maintain Site functionality.
7. To ensure security, prevent fraud, and detect misuse of the Site.
8. To comply with legal or regulatory obligations and respond to lawful requests.
9. To protect your vital interests (for example, allergy/sensitivity information to provide services safely).

4. Our legal bases for processing

1. Performance of a contract: to create and manage your account, accept and manage bookings, process payments, and provide customer service.
2. Consent: for non-essential cookies and similar technologies; for email/SMS marketing where required; and for special category data (e.g., allergies or patch-test results). You can withdraw consent at any time (see Section 10).
3. Legitimate interests: to run, maintain, and secure our Site; to prevent fraud; to improve our services; and to send marketing to existing customers in line with PECR’s “soft opt-in.” We balance these interests against your rights and interests.
4. Legal obligations: to keep necessary records for tax, accounting, and regulatory compliance; to respond to lawful requests from authorities.
5. Vital interests: in rare cases, to help ensure your safety in connection with treatments.

5. Cookies and similar technologies

1. What we use

   • Strictly necessary cookies: required for core functionality such as security, network management, and accessibility. These cannot be switched off in our systems.
   • Performance/analytics cookies: help us understand how visitors use the Site (for example, pages visited and time on page) so we can improve functionality and user experience.
   • Functionality cookies: remember choices (such as language or region) to provide enhanced features.
   • Advertising/targeting cookies: may be used to deliver relevant ads and measure their effectiveness.

2. Managing cookies

   • On your first visit, we will ask for your consent to use non-essential cookies. You can withdraw consent at any time by adjusting your browser settings and clearing cookies. If you clear cookies, the consent banner may reappear so you can update preferences.
   • You can block or delete cookies in your browser settings. Some features may not function correctly without certain cookies.

3. Typical retention

   • Session cookies: deleted when you close your browser.
   • Persistent analytics or preference cookies: typically last from 6 to 24 months, unless you delete them sooner.

6. Sharing your personal data

We share personal data only as necessary for the purposes set out in this Policy, with appropriate safeguards:

• Service providers (processors): website hosting and infrastructure, booking and scheduling platforms, payment processors, email/SMS and communications platforms, analytics and performance tools, IT support and security providers, and customer relationship tools.
• Professional advisers: accountants, auditors, legal counsel, and insurers, where necessary and subject to confidentiality obligations.
• Authorities and law enforcement: where required by law or to protect our rights, users, staff, or the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy continuing to protect your data.

We do not sell your personal data.

7. International data transfers

Some of our service providers may be located outside the UK. Where we transfer personal data internationally, we will ensure an adequate level of protection by using one or more of the following safeguards:

• Transfers to countries that the UK has deemed to provide an adequate level of data protection.
• ICO-approved International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with supplementary measures where necessary.

8. Data security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls, monitoring, regular backups, and staff awareness measures. While we strive to protect your information, no method of transmission or storage is completely secure.

9. Data retention

We keep personal data only for as long as necessary for the purposes set out in this Policy, including to meet legal, accounting, or reporting requirements. Typical retention periods are:

• Account and booking records: up to 6 years from your last interaction.
• Transaction records and invoices: 6 years.
• Customer service communications: up to 3 years after resolution.
• Marketing preferences and logs: until you opt out or for 24 months of inactivity, whichever comes first.
• Special category data (e.g., allergy and patch-test information): typically up to 2 years from your last relevant service, unless a longer period is required by law or recommended for safety reasons.
• Website logs and analytics data: typically 12 to 24 months.

We may retain data longer where necessary to establish, exercise, or defend legal claims.

10. Your rights

Subject to applicable law, you have the right to:

• Access your personal data and receive a copy.
• Rectify inaccurate or incomplete data.
• Erase your data in certain circumstances (“right to be forgotten”).
• Restrict processing in certain circumstances.
• Object to processing based on legitimate interests, including direct marketing (you can always object to marketing).
• Data portability, where applicable, for data you provided to us and processed by automated means based on consent or contract.
• Withdraw consent at any time where processing is based on consent (this does not affect the lawfulness of processing before withdrawal).

To exercise your rights, contact: privacy@liverpoolhairandbeauty.co.uk. We may ask for information to verify your identity. We aim to respond within one month. If requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, as permitted by law.

11. Marketing communications

We may send you marketing about our services:

• With your consent; or
• Under the PECR “soft opt-in” where you are an existing customer and we obtained your contact details in the course of a sale or negotiations for a sale of similar products or services. You can opt out at any time.

Every marketing message will include a simple way to unsubscribe. You can also opt out by emailing privacy@liverpoolhairandbeauty.co.uk.

12. Special category data

Where you choose to provide health-related information (such as allergies or patch-test results) to help us deliver treatments safely, we will process this special category data with your explicit consent and/or to protect your vital interests. You can withdraw consent at any time, but this may affect our ability to provide certain services safely.

13. Children’s privacy

Our Site is not intended for children under 13, and we do not knowingly collect personal data from children under 13 online. If you believe a child under 13 has provided us with personal data, please contact privacy@liverpoolhairandbeauty.co.uk so we can delete it.

14. Automated decision-making

We do not use your personal data to make decisions based solely on automated processing that produce legal or similarly significant effects.

15. Third-party websites

The Site may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

16. Data Protection Officer (DPO) and privacy contact

We are not required to appoint a Data Protection Officer. For any privacy-related queries, including exercising your rights, please contact our data privacy lead at privacy@liverpoolhairandbeauty.co.uk.

17. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@liverpoolhairandbeauty.co.uk so we can try to resolve the issue. You also have the right to lodge a complaint with the UK data protection authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Telephone: 0303 123 1113

18. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will take appropriate steps to inform you (for example, by displaying a prominent notice on the Site). Please review this Policy periodically.

Effective date: 18 December 2025