top of page
  • Salon Email
  • Salon Facebook
  • Salon Instagram

Privacy Policy

 

Last updated: 24 August 2025

​

Welcome to www.thehairhouse.online (the “Website”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what we collect, how we use it, who we share it with, and your rights.

If you do not agree with this Policy, please do not use the Website.

​

1) Who we are (Data Controller)

The Hair House is the data controller for this Website.
Legal entity: GThair LTD T/A The Hair House (company no. 15860882)
Registered address: [Registered/postal address]
Privacy contact: hello@thehairhouse.online

You also have the right to complain to the UK Information Commissioner’s Office (ICO): ico.org.uk | 0303 123 1113.

​

2) What data we collect

a) Personal Data you provide

  • Identity & Contact: name, email, phone, (optional) address.

  • Booking/Consultation notes: services requested, appointment preferences, stylist preferences.

  • Marketing preferences: your consent choices for email/SMS.

b) Special Category Data (health/allergy)

For safe service delivery, you may choose to share health information (e.g., allergies, sensitivities, patch test results). We only process this with your explicit consent, and only for the purpose of providing safe hair and beauty services.

c) Usage & Technical Data (Derivative Data)

When you use the Website we collect: IP address, device and browser type, operating system, pages viewed, referring/exit pages, and timestamps. This may be collected via cookies or similar technologies (see Cookies below).

d) Social & UGC

If you tag or message us on social platforms or submit reviews/testimonials, we may collect that content and your display name/handle for reposting or moderation.

Some of our team members run their own professional social media accounts and may occasionally ask to take photos or videos of your hair for portfolio, educational, or marketing content. This is entirely optional. If you do not wish to be photographed/filmed or featured online, please tell the team member at any time.

If you previously agreed to be featured and later change your mind, contact hello@thehairhouse.online and we’ll remove content from our channels where feasible. For content posted on a team member’s own account, please speak to them directly.

We will never tag or identify you by name/handle without your permission. For clients under 18, a parent/guardian must give consent before any images are captured or used.

e) Payment data

We do not collect or store full card details on this Website. If you pay online (e.g., via a third-party checkout or booking link), your payment is processed by a PCI-compliant provider who acts as a separate controller or processor. In-salon payments are handled through our terminal/provider; we do not retain your card number.

​

3) How and why we use your data (lawful bases)

We only use your personal data when the law allows. The main purposes and lawful bases are:

  • To provide services and manage bookings (including appointment confirmations and reminders).
    Lawful basis: Contract (performance of a contract or to take steps at your request before entering into one).

  • To keep client records and patch test results so we can deliver services safely.
    Lawful basis: Explicit Consent (Article 9(2)(a)) for any health/special category data; Legitimate Interests for basic client records.

  • To run and improve the Website, keep it secure, and understand usage trends (aggregated analytics).
    Lawful basis: Legitimate Interests (site operation and security). For non-essential analytics cookies, Consent (see Cookies).

  • To send marketing by email/SMS about our services, news, or offers.
    Lawful basis: Consent, or Legitimate Interests under the UK “soft opt-in” for existing customers (you can opt out anytime).

  • To comply with legal obligations (e.g., tax/accounting).
    Lawful basis: Legal Obligation.

  • To prevent fraud and protect our business and clients.
    Lawful basis: Legitimate Interests.

We do not engage in solely automated decision-making that produces legal or similarly significant effects about you.

​

4) Marketing & PECR

We only send direct marketing with your consent or under the soft opt-in (where you bought or negotiated to buy something similar from us and didn’t opt out). You can unsubscribe at any time using the link in our emails or by replying STOP to SMS. We never sell your personal data.

​

5) Cookies and similar technologies

We use essential cookies to make the site work, and (with your consent) analytics cookies to help us improve it. On your first visit you’ll see a cookie banner where you can accept, reject, or manage non-essential cookies at any time.

See our separate Cookie Policy for full details of cookies used (including Wix and any analytics tools such as Wix Analytics or Google Analytics), purposes, and retention.

​

6) Sharing your data

We share personal data with trusted third parties who help us operate our website and deliver services, under contracts that require them to protect your data and act only on our instructions. These may include:

  • Website hosting & platform: Wix.com Ltd.

  • Online booking & salon management: Shortcuts Salon Software.

  • Email/SMS & CRM tools: Shortcuts Salon Software

  • Payment processors: Stripe/Global Payments.

  • Law enforcement or regulators: if required by law.

In the event of a business sale, merger, or reorganisation, your data may be transferred to the new owner under the same protections.

We do not sell your personal data.

​

7) International transfers

Some providers (e.g., Wix, cloud hosting, email/CRM) may store data outside the UK. Where this happens, we use approved safeguards (such as the UK International Data Transfer Agreement or Standard Contractual Clauses) to protect your information.

​

8) Data retention

We keep personal data only as long as necessary for the purposes described above:

  • Client & booking records: kept while you remain an active client and then for up to 1 year after your last appointment (unless a longer period is needed for legal claims).

  • Patch-test/health notes: retained only as long as needed for service safety and legal requirements, typically 1 year from last treatment or per insurer guidance.

  • Marketing data: until you unsubscribe, your consent is withdrawn, or after 1 year of inactivity.

  • Accounting/tax records: at least 6 years (plus current year) to meet legal obligations.

  • CCTV: see section 11 below.

  • Cookies/analytics: per our Cookie Policy.

We review retention periodically and securely delete/anonymise data when no longer needed.

​

9) Security

We use administrative, technical, and physical safeguards to protect personal data (access controls, encryption in transit where supported, role-based permissions, and staff awareness). However, no system can be 100% secure. If we reasonably believe there has been a personal data breach that risks your rights and freedoms, we will notify you and the ICO where required.

​

10) Your rights

Under UK GDPR you have the right to:

  • Access your data and get a copy.

  • Rectify inaccurate or incomplete data.

  • Erase your data (“right to be forgotten”) in certain cases.

  • Restrict processing in certain cases.

  • Object to processing based on legitimate interests or to direct marketing at any time.

  • Data portability for information you provided to us with consent or contract.

  • Withdraw consent where we rely on consent (e.g., marketing or special category data).

To exercise any right, email hello@thehairhouse.online. We’ll respond within one month (or tell you if we need more time for complex requests). We may ask for proof of identity.

​

11) CCTV at our Newcastle-under-Lyme salon

We operate CCTV for the safety and security of clients, visitors, and our team.

  • Lawful basis: Legitimate Interests.

  • Coverage: public-facing and communal areas only (no private areas).

  • Retention: footage is kept for 30 days unless required for an incident, investigation, or legal claim.

  • Access: strictly limited to authorised personnel and, where necessary, police/insurers.

  • Your rights: you can request footage that includes you (we may need details of date/time/location and may redact third parties).

Clear signage is displayed on-site to inform you that CCTV is in operation.

​

12) Children

Our Website and services are not intended for children under 13 to provide their own personal data online without parental involvement. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data without consent, contact hello@thehairhouse.online and we will delete it.

13) Third-party links

The Website may include links to third-party sites (e.g., booking portals, social platforms). We are not responsible for their privacy practices. Please review their policies.

14) Changes to this Policy

We may update this Policy from time to time. When we do, we will update the “Last updated” date at the top and, where appropriate, notify you by a Website notice or email.

15) Contact us

Questions, requests, or complaints: hello@thehairhouse.online
Postal: 53 High Street, Newcastle Under Lyme, Staffordshire, ST51PN
You can also complain to the ICO at ico.org.uk if you are unhappy with how we have used your data.

Cookie Policy

Last updated: 24 August 2025

​

This Cookie Policy explains how The Hair House (“we”, “us”, “our”) uses cookies and similar technologies on www.thehairhouse.online (the “Website”). It should be read alongside our Privacy Policy. We follow UK rules under PECR and the UK GDPR.

​

1) What are cookies?

Cookies are small text files placed on your device by websites you visit. They help sites work, improve security and performance, and remember choices. Similar technologies include local storage, pixels, and SDKs.

​

2) How we use cookies (lawful basis)

  • Strictly necessary cookies run because the site won’t function without them (e.g., security, load balancing).
    Lawful basis: legitimate interests (running a secure, usable site).

  • All other cookies (e.g., analytics, marketing) only run with your consent, which you can give or refuse via our cookie banner and change any time.

Note: On Wix, when a consent banner is enabled, non-essential cookies/scripts are blocked until you opt in. Some integrations (e.g., analytics/marketing pixels) won’t load unless you consent.

​

3) Managing your preferences

  • Cookie banner: Use the banner to accept, reject, or customise non-essential cookies.

  • Change your mind later: Click [Cookie Settings] in our footer (if available) to reopen the banner.

  • Browser controls: You can also block/delete cookies in your browser settings (doing so may affect site functionality). Guidance is available from your browser provider.

​

4) Cookies we use

A) Strictly necessary (always active)

These keep the Website secure, stable, and working as intended (examples from Wix):

A) Strictly necessary (always active)

  • XSRF-TOKEN — Security/anti-CSRF. Provider: Wix. Typical duration: Session.

  • hs — Security. Provider: Wix. Typical duration: Session.

  • svSession — Session identification. Provider: Wix. Typical duration: ~6 months.

  • TS* — Security/attack detection. Provider: Wix. Typical duration: Session.

  • SSR-caching — Indicates server-side rendering. Provider: Wix. Typical duration: ~24 hours.

  • bSession — System effectiveness. Provider: Wix. Typical duration: ~24 hours.

  • fedops.logger.sessionId — Reliability & error tracking. Provider: Wix. Typical duration: ~12 months.

 

B) Analytics (active only with consent)

Help us understand visits and improve the site. We use either Wix Analytics and/or [Google Analytics]:

  • Wix Analytics – aggregate usage (pages visited, time on page).

  • [Google Analytics (_ga, ga*, _gid)] – measures how visitors use the site; set to respect your consent choices. (If used, we configure it via the banner so it only fires after you opt in.) Under UK rules, analytics cookies are not strictly necessary and require consent.

​​

C) Marketing/ads (active only with consent)

Used to measure campaigns or show relevant content. Examples (only if we add them):

  • Meta/Facebook Pixel, TikTok Pixel, Google Ads.
    These tools set third-party cookies/pixels when enabled through the banner.

​​

D) Social & embedded media (active only with consent)

If we embed third-party content (e.g., YouTube, Vimeo, maps), those providers may set cookies for playback and analytics once you press play or if you consent in the banner. 

​

5) Third-party cookies

Some cookies are set by third parties (e.g., analytics, ads, social embeds). We don’t control these cookies directly; please refer to each provider’s policy for details and retention. We enable them only after you consent via the banner.

​

6) International transfers

Some providers (e.g., Wix hosting, cloud analytics/CRM) may process cookie-related data outside the UK. Where this happens, we rely on approved safeguards (such as the UK IDTA or SCCs). See our Privacy Policy for details.

​

7) How long do cookies last?

  • Session cookies expire when you close your browser.

  • Persistent cookies stay longer (from 24 hours to several months) unless you delete them or withdraw consent. See the tables above and third-party policies for specifics. Wix Support

​

8) Updates to this Policy

We may update this Policy to reflect changes in law, technology, or our services. We’ll update the “Last updated” date and, where appropriate, notify you on the Website. (UK regulators periodically update cookie guidance; we align with current ICO recommendations.)

​

9) Contact

Questions or requests about this Policy: hello@thehairhouse.online
Postal: 53 High Street, Newcastle Under Lyme, Staffordshire, ST51PN

bottom of page