Privacy Policy
Seema’s Beauty Salon
Last updated: 08/01/2026
Seema’s Beauty Salon is committed to protecting your privacy and handling your personal data responsibly and transparently. This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with us, book treatments, or receive services.
This policy applies to all personal data collected through our website, booking systems, consultation and consent forms, communications, and in-salon records.
1. Who We Are
Business name: Seema’s Beauty Salon
Address: 1B Junction Rd, Totton, Southampton SO40 9HG
Email (privacy & data matters):
For data protection enquiries, we ask that all requests are made in writing via email.
2. What Personal Data We Collect
Depending on how you interact with us, we may collect the following information:
Personal details
Name
Email address
Contact details
Appointment and booking information
Health and treatment information (special category data)
Medical conditions
Allergies or sensitivities
Medication information
Patch test results
Consultation notes relevant to treatment safety
Under-18 data
Child’s name and relevant treatment information
Parent or legal guardian details
Signed consent and confirmation of authority
Communications
Emails
Phone call records (content only where relevant)
WhatsApp messages
SMS / text messages
Facebook and Instagram messages
3. How We Collect Data
We collect personal data when you:
Book an appointment through our website (Bookly)
Book through third-party platforms such as Treatwell, Google Business Profile, Fresha, Phorest, Pusky, or BookMe
Contact us by phone, email, WhatsApp, text, Facebook, or Instagram
Complete consultation, patch test, consent, or complaint forms
Attend an appointment in the salon
4. Why We Collect and Use Your Data
We collect and process personal data for the following purposes:
To manage bookings and appointments
To provide safe and appropriate beauty treatments
To assess treatment suitability and reduce health risks
To meet legal, regulatory, and insurance requirements
To respond to enquiries and complaints
To maintain accurate client records
To improve our services and business operations
To send marketing communications only where consent has been given
5. Lawful Basis for Processing
Under UK GDPR, we process personal data based on one or more of the following lawful grounds:
Contractual necessity – to provide booked services
Legal obligation – for health, safety, and insurance compliance
Legitimate interests – running and protecting our business
Explicit consent – for health data, under-18 data, and marketing communications
You may withdraw consent at any time by contacting us in writing.
6. Special Category Data (Health Information)
Health and medical information is treated with the highest level of confidentiality.
We only collect health data that is necessary to:
Ensure treatment safety
Comply with professional and insurance requirements
By completing consultation and consent forms, you explicitly consent to the processing of this information for these purposes.
7. Data Storage and Security
Your data may be stored securely in the following ways:
WordPress website
Bookly booking system (integrated with our website)
Company email systems
Third-party booking platforms (e.g. Treatwell, Fresha, Phorest, Pusky, BookMe)
Secure physical records stored at the salon (management access only)
We do not store client data in cloud storage services such as Google Drive or Dropbox.
Access to personal data is restricted to authorised staff only and handled in accordance with confidentiality obligations.
8. How Long We Keep Your Data
We retain personal data only for as long as necessary and in line with legal and insurance requirements:
Client treatment and consultation records: up to 6 years
Under-18 consent and health records: up to 6 years
Enquiries that do not become clients: up to 12 months
Marketing data: until consent is withdrawn or data is no longer required
Data is securely deleted or destroyed when no longer needed.
9. Payments
Payments may be processed using third-party providers such as Stripe, card machines, or cash.
We do not store full card details. Payment providers process payment information securely in accordance with their own privacy policies.
10. Marketing Communications
We may send marketing communications by email, message, or other channels only where you have given consent.
You can opt out at any time by:
Using the unsubscribe option (where provided), or
Contacting us in writing
11. Cookies, Analytics, and Advertising
Our website may use cookies and advertising or analytics tools, including services provided by Google and Meta (Facebook and Instagram), to:
Promote our services
Understand general website usage
Improve performance and user experience
Further details are provided in our Cookie Policy.
12. Sharing Your Data
We do not sell your personal data.
Your data may be shared only where necessary, for example with:
Booking and payment service providers
Website and IT service providers
Insurance providers (in the event of a claim)
Legal or regulatory authorities where required by law
All third parties are required to handle data securely and lawfully.
13. Your Rights Under UK GDPR
You have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion of data (where legally permissible)
Restrict or object to processing
Withdraw consent at any time
Lodge a complaint with the Information Commissioner’s Office (ICO)
Requests must be made in writing to the email addresses above.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, operational, or service changes.
The most current version will always be available on our website.
15. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us in writing at:
