The Hair Company Codsall Ltd Privacy Notice


As the ‘controller’ of the information (‘personal data’) that we collect about you, our ‘data subjects’, The Hair Company is responsible for how your data is processed. The word ‘process’ covers the things that can be done with personal data, including collection, storage, use and destruction of data.

This privacy notice explains why and how we process your personal data, and explains the rights you have, including amongst others, the right to request access to your data, and to object to the way it is processed.

If you have any queries about this notice or anything related to data protection, you can contact salon director, Karen Morgan at or on 01902837306.

Personal data

‘Personal data’ is any information that relates to a living, identifiable person. This will usually include your name, address, contact details, and other information we collect as part of our relationship with you, whether you are a client or anyone else we come into contact with through our work.

Some especially sensitive information is known as ‘special categories’ of data, and includes information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The use of this type of data, and of information about criminal convictions and offences, is subject to strict legal controls.

We only process data if we need to for a specific purpose, as explained below. Most often, we collect your personal data directly from you, through our contact with you.

Your data and how and why we process it

We process your data so we can manage and support our relationship with you, comply with legal obligations, improve our services and achieve our legitimate business aims. The information below gives more details about our purposes for processing data, and the legal bases for our processing.


We process your name, contact details and other information that we collect through our interactions with you, on the basis that it is necessary for us to fulfil our contract with you, and on the basis of our business’s legitimate interests of providing and improving our services, products and offers.

If we send electronic marketing messages to you as an individual (rather than a business representative), we will do so only on the basis of your freely-given consent and you can opt-out at any time.

If we send hard copy marketing messages to you, we will do so for the purposes of our legitimate interests to increase awareness of our business, and you can opt-out at any time.

[We collect special categories of data relating to you – namely {list all that apply from: race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation} – for the purposes of client analysis and we do so on the basis on the basis of your explicit consent.

Other business contacts:

We process your name, contact details, and other information produced through our interactions, to enable us to manage our working relationship with you, on the basis of our business’s Legitimate Interests to be able to provide our services and products to those who need them, in the most effective way.

You have the right to object to any of this processing and we will assess any objection sensitively.

Why we share your data

We share the data we process with other organisations, only when we have a lawful basis to do so, or when we are engaging a supplier who will act as a ‘Data Processor’ on our behalf. ‘Processors’ are businesses who handle, or could potentially handle, personal data as part of providing a service to us, and include our IT system providers, our email providers, our website hosts, and our Associates.

Other organisations we share data with include the HMRC and banks for processing tax and payments, and we will co-operate with police and other authorities if we are asked to, in order to investigate or prevent crime, including fraud, and other unwanted behaviours such as incompetence in public roles.

How we store your data

Your personal data is held in both hard copy and electronic formats. Where we store or transfer your data outside of the UK we do so only where appropriate safeguards are in place, including the data being in a country that has been assessed as ‘adequate’ or we have entered into Standard Contractual Clauses to control the protection of your data.

How long we keep your data

Your data is only kept for as long as there is a lawful reason to retain it. Some of our retention periods are based on legal requirements, and others are based on the practical reasons we need to keep the data for a certain period of time.

Once we reach the retention period, we will securely delete the relevant data, unless we are legally required to keep it longer, or there are legal reasons why we should keep it longer.

Your rights as a data subject

As a data subject, you have the following rights in relation to your personal data:


  • To be informed about how and why your data is handled;

  • To gain access to your personal data;

  • To have errors or inaccuracies in your data changed;

  • To have your personal data erased, in limited circumstances (sometimes known as the ‘right to be forgotten’);

  • To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests;

  • To restrict the processing of your personal data, in limited circumstances;

  • To obtain a copy of some of your data in a commonly used electronic form, in limited circumstances;

  • Rights around how you are affected by any profiling or automated decisions.


If you wish to exercise any of these rights, please contact us.


For more information about these rights, please see the ICO’s website or contact us.


Withdrawing consent


If we are relying on your consent to process your data, you may withdraw your consent at any time by contacting us.


Complaints to the Information Commissioner


You have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website


Website Cookies


Our website uses essential cookies which are necessary for the proper operation of the website, as well as non-essential cookies, namely Google Analytics cookies, which can identify your IP address, but not any other personal details.


Our Cookies settings area on the website allows you to choose whether to accept the non-essential cookies.


If you prefer to turn off essential cookies as well as non-essential cookies, you can turn them off in your browser, but please be aware that the website will not operate as intended.



This Privacy Notice was last updated 1/07/21


© Clare Paterson Ltd T/A CP Data Protection 2021