Privacy Policy

Privacy Policy Privacy Policy Samantha Hall Hair and Makeup Last updated: 26/01/2026 1. Who we are This Privacy Policy describes how we collect, use and protect your personal information when you contact us, make a booking or use our services. Data Controller Samantha Hall, trading as Samantha Hall Hair and Makeup 10 Hann Road, Tiverton, Devon, EX16 4FT Contact email: info@samanthahallmakeup.com We process “personal data” as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 2. What personal data we collect Depending on how you interact with us, we may collect: • Identity and contact details – Name, address, email address, phone number – Wedding or event date, venue and schedule details • Booking and service information – Number of people in your party – Type of services requested (e.g. bridal hair and makeup, trials, nails, special occasion styling) – Notes about your preferred looks and styles • Health and allergy information (special category data) – Any allergies, skin conditions, sensitivities or relevant medical information that you choose to share so we can provide services safely • Payment information – Records of amounts paid, due dates, and methods of payment – We do not store your full card details; card payments are processed securely by our payment providers • Marketing preferences – Whether you wish to receive information about our services, offers or updates • Images & media – Photographs or videos of hair and makeup looks, where you have not opted out in the service agreement or have otherwise objected or withdrawn consent • Website & technical data (if accessing our website) – IP address, browser type, pages visited and similar analytics information – Cookie preferences (see Cookies section below) 3. How we collect your data We collect personal data in the following ways: • Directly from you when you: – Make an enquiry by email, phone, social media or contact form – Complete a booking form or sign our service agreement – Provide allergy/health information before your appointment – Communicate with us about changes, cancellations or feedback • Automatically when you: – Visit our website (through cookies and analytics tools, if used) 4. Why we use your data and our lawful bases Under UK GDPR we must have a lawful basis to process your data. Our main lawful bases are: contract, legitimate interests, consent and legal obligation. We may use your data for the following purposes: 1) To respond to enquiries and manage bookings – To provide quotes, confirm availability and answer questions – To send booking confirmations, invoices and appointment details Lawful basis: Performance of a contract or steps taken at your request before entering into a contract. 2) To deliver hair and makeup services safely – To understand your preferences and provide the agreed services – To consider allergies, sensitivities or relevant health conditions Lawful basis: Performance of a contract; for health-related information, explicit consent (you choose whether to disclose these details so we can provide services safely). 3) To manage our business and records – Accounting, tax records and business administration – Managing our schedule, diary and travel Lawful basis: Legal obligation (e.g. tax records), legitimate interests (efficient running of our business). 4) To use photographs for portfolio, marketing and social media – To showcase our work on our website, social media, printed materials or advertising – This is only where you have not opted out on the service agreement or have otherwise objected; you can change your mind at any time. Lawful basis: Legitimate interests (promoting and growing our business), balanced against your rights; we will stop using identifiable images of you if you object or withdraw permission. 5) To send you marketing communications (if you opt in) – Occasional updates about services, offers or news Lawful basis: Consent (you can withdraw consent at any time). 6) To comply with legal obligations and handle disputes – Handling complaints, legal claims or regulatory requirements Lawful basis: Legal obligation; legitimate interests in protecting our business. 5. Marketing We will only send you marketing emails or messages if you have asked us to, or clearly agreed to receive them. You can opt out at any time by: • Clicking “unsubscribe” (if available), or • Contacting us using the details in the “Who we are” section. Opting out of marketing does not affect service-related emails (e.g. booking confirmation, invoices). 6. Sharing your data We do not sell your personal data. We may share it with: • Service providers and processors, such as: – Website hosting and email providers – Online booking or scheduling systems (if used) – Payment processors and banks – Accountants or professional advisers • Other third parties where required by law, for example: – HM Revenue & Customs or other authorities – To respond to legal claims or comply with court orders Where we use third-party providers to process your data, we require them to keep it secure and only use it in accordance with our instructions and the law. 7. International transfers Some of our service providers (for example, email or cloud storage providers) may be located outside the UK or the European Economic Area (EEA). Where this is the case, we will ensure that appropriate safeguards are in place – such as adequacy regulations, standard contractual clauses or equivalent protections – so that your personal data remains protected to UK GDPR standards. 8. How long we keep your data We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting or reporting requirements. In general: • Booking and financial records: up to 7 years after the end of the tax year in which the service was provided (to comply with tax and accounting obligations). • General enquiries (where no booking is made): up to 24 months after our last communication. • Allergy/health information: kept only as long as needed to provide services and safeguard against any complaints or claims, typically aligned with our general booking retention. • Photographs and portfolio images: kept until you ask us to delete identifiable images of you or until we no longer use them for marketing. We may keep anonymised or aggregated information (which does not identify you) for longer. 9. Your rights You have several rights under UK data protection law, including the right to: • Access your personal data • Correct inaccurate or incomplete data • Request deletion of your data (in certain circumstances) • Restrict how we use your data (in certain circumstances) • Object to certain types of processing, including where we rely on legitimate interests or for direct marketing • Withdraw consent where we are relying on consent (for example, for marketing or some uses of photos) • Data portability (in certain circumstances) To exercise any of these rights, contact us using the details in the “Who we are” section. If you are unhappy with how we use your data, please contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection: Website: ico.org.uk Phone: 0303 123 1113 10. Cookies and website tracking If our website uses cookies or analytics tools, they may collect information such as: • IP address • Device and browser type • Pages visited and time spent on the site We will display a cookie notice where required and, where necessary, ask for your consent before placing non-essential cookies (such as analytics or marketing cookies). More detailed information will be set out in our Cookies Policy (if applicable). 11. Children Our services and website are not intended for children, and we do not knowingly collect personal data relating to children. 12. Changes to this Privacy Policy We may update this Privacy Policy from time to time. The “last updated” date at the top of the page will show when it was last revised. We recommend that you review it periodically.