Privacy Policy

Last updated: July 2026

We are committed to protecting and respecting your privacy. This Privacy Policy explains in detail how we collect, use, store, and protect your personal data when you use our services, visit our booking page, or communicate with us.

By booking an appointment or using our services, you acknowledge that you have read and agree to this Privacy Policy.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

We are a professional hair and beauty service provider offering wig installation, wig customisation, styling services, and 1–1 hair tutorials.

For the purposes of data protection law, we act as the data controller, meaning we determine how and why your personal data is processed.

2. What information we collect

We may collect and process the following categories of personal information:

Identity and contact information

Your full name, phone number, email address, and any social media handles you provide for communication or booking purposes.

Booking and service information

Appointment dates and times, services booked (including wig installs or 1–1 tutorials), hairstyle preferences, inspiration photos, tutorial goals, appointment history, and any notes related to your booking (such as occasion details or specific learning requests).

Hair and service preparation information

Details about your wig or hair extensions, including wig type (human or synthetic), lace condition, whether it is customised, and any preparation notes relevant to your appointment.

Health and sensitivity information

Any allergies, scalp sensitivities, skin conditions, or other relevant information you voluntarily disclose to ensure safe use of products, adhesives, and styling techniques.

This information is treated as special category data and handled with extra care.

Payment information

Deposit confirmations, payment status, and transaction references.

All payments are processed securely via third-party payment providers (such as Stripe or PayPal). We do not store full card details.

Marketing and communications data

Your preferences for receiving marketing messages such as availability updates, content, or promotions. We also track engagement with communications (e.g. email opens or responses).

You can opt out at any time.

Photos and videos

Images or videos taken before, during, or after your appointment, or during 1–1 tutorials, where you have given consent for use on social media, marketing, or portfolio content.

No content will ever be shared without your permission.

Website and technical data

If you use our booking system, we may collect limited technical data such as:

  • IP address

  • Device type and browser

  • Pages visited

  • Time spent on pages

  • Booking source

This is collected using cookies and analytics tools to improve user experience.

Communications

Records of communication between us via Instagram, WhatsApp, email, SMS, or booking forms relating to bookings, tutorials, or enquiries.

3. How we use your information

We use your personal data for the following purposes:

To provide our services (contract)

To manage bookings, deliver wig installation services and 1–1 tutorials, and complete your appointment.

To communicate with you (contract and legitimate interests)

To send confirmations, reminders, updates, and respond to your messages or enquiries.

For marketing (consent or legitimate interests)

To send updates, availability, content, or promotions where you have opted in. You can withdraw consent at any time.

To comply with legal obligations (legal obligation)

To maintain financial and tax records and comply with legal requirements.

To protect our business (legitimate interests)

To manage disputes, prevent misuse of services, and maintain proper business records.

To improve our services (legitimate interests)

To review feedback and improve both our services and 1–1 tutorial experience.

4. Special category data

When you provide health, allergy, or scalp-related information, we process it only with your explicit consent to ensure safe service delivery.

You may withdraw consent at any time, but this may affect our ability to provide certain services safely.

5. Who we share your information with

We do not sell or rent your personal data.

We may share your data with trusted third-party service providers, including:

  • Booking platforms (for appointment scheduling)

  • Payment processors (Stripe, PayPal, etc.)

  • Email or messaging platforms

  • Cloud storage providers (e.g. Google Drive, iCloud)

  • Social media platforms (only where you have consented to content sharing)

  • Professional advisors such as accountants or insurers

All third parties are required to handle your data securely and in compliance with UK GDPR.

We may also share data where required by law with HMRC, courts, regulators, or law enforcement.

6. How long we keep your information

We only keep your personal data for as long as necessary:

  • Booking and service records: up to 6 years (tax and legal purposes)

  • Payment records: up to 6 years

  • Marketing data: until consent is withdrawn or after 3 years of inactivity

  • Health and allergy information: up to 6 years or until consent is withdrawn

  • Photos and videos: until consent is withdrawn or no longer needed

  • Communication records: as needed for service history

After this period, data is securely deleted or anonymised.

7. Your rights

Under UK GDPR, you have the right to:

  • Be informed about how your data is used

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data (in certain circumstances)

  • Restrict processing

  • Object to processing

  • Withdraw consent at any time

  • Request data portability

  • Object to direct marketing

8. Cookies and tracking

Our website uses cookies and similar technologies to improve functionality and user experience and to analyse website performance.

You can manage cookies through your browser settings.

9. Children’s privacy

Our services are not intended for individuals under 16.

Where services are booked for under-16s, a parent or guardian must make the booking and provide consent.

10. Data security

We take appropriate security measures to protect your data, including:

  • Password-protected systems

  • Secure booking platforms

  • Encrypted payment systems

  • Restricted access to personal data

  • Secure cloud storage

However, no system is completely secure, and we cannot guarantee absolute security of data sent online.

11. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

Significant changes may be communicated directly via email or booking platform.

12. Contact us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: onflxxkbeauty@gmail.com
Business name: OnFlxxkBeauty