Privacy Policy

Last updated: 13 October 2025

Butler & Lawler (“we”, “us”, “our”) respects your privacy. This policy explains what personal data we collect, how we use it, the choices you have, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

1) Who we are and how to contact us

Data Controller: Butler & Lawler
Postal address: 57 Dalling Road, Hammersmith, London, W6 0JD UK
Email: hello@butlerandlawler.co.uk
Phone: 0208 7480 306
Website: https://butlerandlawler.co.uk

If you have questions about this policy or your data, contact us using the details above.

2) The data we collect

We only collect information needed to run our salon services, manage your bookings, and keep you informed. This may include:

  • Identity & contact data: name, email, phone number, postal address.
  • Booking & profile data: appointment history, services received, colour notes or preferences you choose to share with us, patch test dates, stylist preferences.
  • Payment data: card and transaction details processed securely by our payment provider (we do not store full card numbers).
  • Marketing preferences: your choices for receiving updates.
  • Technical & usage data: IP address, device type, browser, pages viewed, and interactions gathered via cookies and similar technologies.
  • Communications: emails, contact forms, social messages, and call notes where relevant.

We do not collect special category data unless you choose to share information that affects your treatment (for example, allergies). If shared, we keep it confidential and only use it to deliver your service safely.

3) How we collect your data

  • Directly from you: when you book, call, email, message us on social platforms, or visit the salon.
  • Automatically: via our website and cookies.
  • From third parties: booking, payment, and analytics providers that help us operate our services.

4) Why we use your data (lawful bases)

We use your data for:

  • Providing services and managing bookings (to perform a contract with you).
  • Customer care and salon operations, such as reminders, patch test logs, and stylist notes (our legitimate interests to run an efficient salon and keep accurate records).
  • Marketing by email or SMS about news and offers (with your consent; you can opt out at any time).
  • Safety and legal compliance, including record keeping and responding to lawful requests (legal obligation).
  • Website performance, security, and analytics (our legitimate interests to maintain and improve our services).

5) Marketing preferences

We’ll only send marketing where permitted. You can opt out at any time by clicking “unsubscribe” in our emails or contacting us. Service messages (e.g., booking confirmations or reminders) are not marketing and will still be sent when relevant.

6) Cookies and analytics

Our website uses cookies to make things work smoothly, remember your preferences, and help us understand site usage.

  • Types: essential (required for the site), functional, and analytics/performance.
  • Control: you can manage non-essential cookies via our cookie banner and your browser settings.
  • Analytics: we may use privacy-minded analytics to see which pages are visited and improve content. These tools collect aggregated usage data and do not identify you directly.

See our [Cookie Policy] (or cookie banner) for details and choices.

7) Sharing your data

We only share personal data with trusted providers who help us run the salon, under contracts that protect your information:

  • Booking and salon software provider: to manage appointments and client records.
  • Payment processor: to take payments securely.
  • Email/SMS service: to send confirmations, reminders, and opted-in marketing.
  • Website host and IT support: for secure hosting and maintenance.
  • Professional advisers and insurers: where required.
  • Law enforcement or regulators: where we must by law.

We do not sell your data.

8) International transfers

Some service providers may process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses, plus additional measures where needed.

9) Data retention

We keep personal data only as long as needed:

  • Client and booking records: typically up to 3 years after your last appointment (longer where needed for continuity of care or legal claims).
  • Colour/patch test records: as recommended for safety and legal purposes.
  • Marketing records: until you unsubscribe or we determine inactivity (commonly 24 months), then we remove or anonymise.
  • Financial records: at least 6–7 years to meet accounting and tax rules.

When data is no longer required, we securely delete or anonymise it.

10) Keeping your data secure

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, secure passwords, staff training, and regular reviews of our providers and policies.

11) Your rights

You have rights over your personal data, including:

  • Access to your data
  • Rectification of inaccurate or incomplete data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Data portability
  • Objection to certain processing (including direct marketing)
  • Withdraw consent where we rely on consent

To exercise your rights, contact us using the details in Section 1. We aim to respond within one month.

12) Children’s data

We serve clients of all ages. For online services that rely on consent, we obtain parental/guardian consent where required by UK law. We do not knowingly market to children.

13) Automated decision-making

We do not carry out decisions based solely on automated processing that have legal or similarly significant effects.

14) Third-party links

Our website may link to other sites we don’t control. Please check their privacy notices before sharing personal data.

15) Complaints

If you’re unhappy with how we handle your data, please contact us first so we can help. You also have the right to complain to the UK Information Commissioner’s Office.

16) Changes to this policy

We may update this policy to reflect changes in our practices or the law. We’ll post the latest version on this page and change the “Last updated” date.