Privacy Policy
Effective date: 11 October 2025
This Privacy Policy explains how Hellhouse Salon collects, uses, protects, and transfers your personal data in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1) Data Controller
The data controller for Hellhouse Salon is Emilija Springe. You can contact the data controller at:
- Email: info@hellhousesalon.co.uk
- Address: 2 Sprowston Road, Norwich, NR3 4QN, England
2) Personal Data Collected
We may collect the following personal information:
- Name, home address, email address, and phone number
- Emergency contact details
- Payment information and appointment history
- Health and allergy information (for treatment safety)
3) Purpose and Legal Basis for Processing
We process your data to provide our services, fulfil contractual and legal obligations, and ensure safe, professional treatments. Sensitive data (e.g., health or allergy information) is processed only with your explicit consent and used solely for safety and service suitability.
We will never sell or rent your personal data and will only share it when required to fulfil our obligations or by law.
4) Who Processes Your Data
Hellhouse Salon acts as the data controller. We use Fresha as our data processor for booking management. Fresha only accesses your personal information when support or troubleshooting is required, and must comply with UK GDPR standards.
5) Data Processing Purposes
- Managing bookings, payments, and appointment reminders
- Ensuring safe treatments through health and allergy data
- Maintaining secure client records for legal or insurance purposes
- Complying with UK law and professional insurance requirements
6) Your Rights
Under UK GDPR, you have the right to:
- Be informed about how your data is used
- Access the data we hold about you
- Request correction or deletion of inaccurate or outdated data
- Restrict or object to processing (where applicable)
- Request data portability to another provider
- Withdraw consent for health data at any time
7) Health & Sensitive Data
Health and allergy information is collected to ensure treatment safety. We always obtain your explicit consent before collecting or processing health data. This information is never shared or used for marketing.
8) How Data is Collected
Data is collected when you book via Fresha, our website, social media, email, phone, or in person. Some information is stored in paper consultation forms, kept securely with staff-only access.
9) Children’s Privacy
We do not collect personal data from individuals under 18 without parental or guardian consent. If you believe we hold data for a child under 13 without consent, please contact us immediately.
10) Data Sharing & Processors
Your personal data is shared only with Fresha for booking and management purposes. We maintain agreements with all processors ensuring compliance with GDPR and secure handling.
11) Data Retention
We retain personal data only as long as necessary:
- Client/treatment records – 7 years
- Health and consent forms – 10 years
- CCTV footage – 30 days
12) International Data Transfers
Data processed through Fresha is stored securely in systems compliant with UK and EU data protection standards. All transfers are encrypted in transit and at rest.
13) Data Security
We use technical and physical safeguards including HTTPS/TLS encryption and secure storage for consultation forms. Access to personal data is limited to authorised staff only.
14) Complaints
If you have concerns about how your data has been handled, contact our Data Controller. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Information Commissioner’s Office
- Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Tel: +44 (0)303 123 1113
- Website: ico.org.uk
15) Contact Details
- Hellhouse Salon Data Controller / GDPR Owner
- Emilija Springe
- 2 Sprowston Road, Norwich, NR3 4QN
- Email: info@hellhousesalon.co.uk