Privacy Policy

1. WHO WE ARE

This website is operated by HB Boutique Hair Ltd, trading as HB Boutique ('HB', 'we', 'us', 'our'). We are an award-winning hair, beauty and aesthetics salon based in Bromsgrove, Worcestershire.

We are the data controller responsible for the personal data we collect from you as a client or website visitor.HB Boutique 29 Meadow Road, Bromsgrove, Worcestershire, B61 0JJ 

2. WHAT THIS POLICY COVERS

This Privacy Policy explains what personal data we collect from you, why we collect it, how it is used, the legal basis on which it is processed, and your rights under applicable data protection legislation — including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

'Personal data' means any information that relates to you and from which you can be identified. By using our website or submitting your personal data to us, you are taken to have read and accepted the terms of this Privacy Policy.

3. THE PERSONAL DATA COLLECT

Appointment and contact information

When you book an appointment or register with us, we collect your name, email address, phone number, date of birth, and any other details you choose to share with us. We also collect information about your debit or credit card provided to our payment service providers, as required to process bookings and take payment in line with our Cancellation Policy.

Treatment and consultation records

For hair colouring and certain beauty and aesthetics treatments, we hold consultation and patch test records as required by industry best practice. This may include information about sensitivities, allergies, or health conditions relevant to the service you are receiving. This data is treated as sensitive personal data and stored securely.

Payment information

Payment details are handled securely by our booking and payment provider, Phorest. Our team does not have access to your full card details. All payment data is encrypted and managed to industry-standard PCI DSS compliance.

Correspondence and other information

We collect personal details you provide when contacting us by phone, email, or via our website, including enquiries, feedback, or complaints.

4. Automatically Collected Data

When you visit our website, our servers automatically record certain information, including your IP address, browser type and version, the pages you visit, and the date and time of your visit. This data helps us maintain website security and improve your experience.

Our website may use cookies and similar technologies. For further detail, please see our Cookie Policy.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To book and manage your appointments, including sending confirmations, reminders, and waitlist notifications via Phorest.

  • To process payments and enforce our Cancellation Policy.

  • To maintain accurate treatment and consultation records for your safety.

  • To communicate with you about your appointments, queries, or complaints.

  • To send you marketing communications by email, SMS, or WhatsApp where you have given us your consent.

  • To personalise the service and communications we provide to you.

  • To comply with our legal and regulatory obligations.

  • To detect and prevent fraud, abuse, or illegal activity.

  • To improve our services through internal analysis and client feedback.

Where we rely on legitimate interests as our lawful basis for processing, those interests include running and improving our business, responding to enquiries, and maintaining the security of our systems. We will not rely on legitimate interests where your interests or fundamental rights override ours.

6. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract — where processing is necessary to fulfil a booking or service you have requested.

  • Legal obligation — where we are required to process or retain data to comply with the law.

  • Legitimate interests — where processing is necessary for our legitimate business purposes and does not unduly affect your rights.

  • Consent — where you have specifically agreed to receive marketing communications, or where we process sensitive data such as health or allergy information.

7. Sharing Your Personal Data

We do not sell your personal data. We may share it in the following limited circumstances:

Service providers

We work with carefully selected third-party providers who support our operations, including Phorest (our booking and client management system), payment processors, and IT support providers. These parties access your data only as instructed by us and solely to perform the services we have engaged them to provide.

Digital messaging services

Where you have opted in to receive communications via SMS, WhatsApp, or other digital messaging platforms, we may use third-party providers to deliver those messages. Your data is shared only as needed to facilitate delivery.

Legal and regulatory requirements

We may disclose your personal data where required by law, in response to a valid request from a public authority, or to protect the rights, property, or safety of HB Boutique, our clients, or others.

Business transfers

In the event that HB Boutique is sold or its assets are transferred, client data may form part of the transferred assets. You would be notified of any such change.

8. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by law:

  • Client and appointment records are retained for six years from the date of your last transaction.

  • Treatment and consultation records (including colour and sensitivity records) are retained for as long as you remain a client, and for a minimum period thereafter in line with our insurance and regulatory obligations.

  • Marketing data is retained until you withdraw your consent or unsubscribe.

On expiry of the applicable retention period, your data will be securely deleted or anonymised in accordance with applicable law.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.

  • Right to rectification — you may ask us to correct or complete inaccurate or incomplete data.

  • Right to erasure — you may ask us to delete your personal data, subject to certain legal exceptions.

  • Right to restrict processing — you may ask us to limit how we use your data in certain circumstances.

  • Right to data portability — you may request your data in a structured, commonly used and machine-readable format.

  • Right to object — you may object to processing based on our legitimate interests, or to direct marketing at any time.

  • Right to withdraw consent — where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@hbboutique.co.uk. We will respond within one calendar month of receipt of your request.

10. Complaints

If you have a concern about how we handle your personal data, please contact us in the first instance at info@hbboutique.co.uk so we can address it directly.

You also have the right to lodge a complaint with the UK's data protection authority:

Information Commissioner's Office (ICO) Website: ico.org.uk Helpline: 0303 123 1113

11. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or damage. Where you have registered an account or login with our booking system, you are responsible for keeping those credentials confidential. Whilst we take all reasonable steps to protect your data, no internet transmission can be guaranteed to be entirely secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The current version will always be available on our website, with the date of last update shown at the top of this page. We encourage you to review this policy periodically.

13. Contact Us

All queries, requests, and concerns relating to this Privacy Policy or our use of your personal data should be directed to:


HB Boutique 29 Meadow Road, Bromsgrove, Worcestershire, B61 0JJ Email: info@hbboutique.co.uk Telephone: 01527 758778 Website: www.hbboutique.co.uk