top of page

Privacy Policy

1. Introduction

Beyond Hair & Beauty (“we”, “us”, “our”) is based in Crawley and committed to protecting your privacy under UK GDPR. This policy explains how we collect, use, store, and share personal data when you use our website, book services, or contact us.

2. Data Controller

Beyond Hair & Beauty
196 Ifield Drive, Crawley, West Sussex, RH11 0DQ
Phone: 01293 525 027 · Email: info@beyondhairandbeauty.com

3. Personal Data Collected

  • Contact and booking forms: name, email, phone, message content

  • Communications: via phone or email regarding appointments (haircut, colouring, beauty treatments)

  • Website analytics: anonymised IP, device/browser info, pages visited, session length—collected via essential and performance cookies; no advertising or profiling cookies are used

4. How We Use Your Data

We use your data to:

  • Respond to booking enquiries and schedule services

  • Send confirmations, reminders, and follow-up communications

  • Deliver the services agreed (hair cuts, colours, facials, nail treatments, lash & brow, massage, tanning, bridal/makeup)

  • Improve our website and client experience using anonymised analytics

  • Comply with legal, financial, and appointment record-keeping obligations

5. Legal Basis for Processing

  • Contractual necessity: to provide booked services

  • Legitimate interests: to enhance our business and website experience

  • Consent: for any optional follow-up or marketing communication

  • Legal obligation: retention of appointment and financial records

6. Data Sharing

We do not sell or rent personal data. We may share it with:

  • Service providers (e.g. web hosting, email, analytics providers) acting as data processors

  • Legal or regulatory authorities, only if required by law

7. Cookies & Tracking

  • Essential cookies: support forms and site functionality

  • Performance cookies: enable anonymised analytics via tools like Google Analytics
    No advertising or profiling cookies are used

8. Data Retention

  • Appointment and enquiry records: retained for up to 7 years for compliance and business needs

  • Analytics data: session logs deleted after 24 months; aggregated data retained as required

9. Your Rights

Under UK GDPR, you can request to:

  • Access, correct, delete, restrict, or port your personal data

  • Withdraw consent or object to processing
    To exercise any rights, contact us using the details above. You may also lodge a complaint with the ICO.

10. Security

We implement SSL encryption, secure hosting, access controls, and regular staff training. While we follow best practices, no system can guarantee total security.

11. International Transfers

All personal data is processed and stored within the UK—no overseas transfers occur.

12. Policy Updates

We may update this policy from time to time. The Effective Date above will reflect the latest version. Continued use of our website implies acceptance of any changes.

bottom of page