Legal
Privacy Policy
How we collect, use and protect your personal information.
Who We Are
Aroha Hair & Beauty ("Aroha", "we", "us", "our") is a hair and beauty salon based at 93 Newcraighall Rd, Newcraighall, Musselburgh, EH21 8RX. We operate the website arohasalon.co.uk.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Aroha Hair & Beauty is the data controller for personal data collected through this website.
If you have any questions about how we use your personal information, please contact us at hello@arohasalon.co.uk or call us on 0131 609 3202.
This policy explains what personal data we collect when you use our website, contact us, apply for a job with us, or book an appointment. We take your privacy seriously and only use your data for the purposes described below.
What Personal Data We Collect
We only collect personal data that is necessary for the purpose it is being used for. The types of data we may collect depend on how you interact with us:
Contact Enquiries
When you submit a general enquiry through our contact form, we collect:
- Your name
- Your email address
- Your phone number (if provided)
- The content of your message
Job Applications
When you apply for a position at Aroha using our careers application form, we collect:
- Your name and contact details (email, phone number)
- Your CV and covering letter
- Details of your work history, qualifications and experience
- Any additional information you choose to include in your application
Appointment Bookings via Fresha
Online appointment bookings are handled by Fresha, a third-party booking platform. When you book an appointment through Fresha, you are submitting your data directly to Fresha under their own privacy policy. We receive appointment confirmation details but do not store your payment information. You can review Fresha's privacy policy at fresha.com/privacy-policy.
Website Analytics
We use Google Analytics to help us understand how visitors use our website. This collects anonymised and aggregated data such as pages visited, time spent on the site, and approximate location (country/region level). Google Analytics uses cookies to collect this data — see our Cookie Policy for details.
Social Media
If you contact us via our Instagram (@arohahairbeauty) or Facebook (Aroha Hair & Beauty) accounts, any information you share in those messages is subject to the respective platform's privacy policy in addition to this one. We use those messages only to respond to your enquiry.
Our Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. The basis we rely on depends on the purpose:
| Purpose | Legal Basis |
|---|---|
| Responding to a contact form enquiry | Legitimate interests — it is in our mutual interest to respond to your enquiry |
| Processing a job application | Legitimate interests — assessing your suitability for employment with us |
| Managing bookings and client appointments | Contract — necessary to fulfil the appointment you have requested |
| Website analytics via Google Analytics | Consent — we ask for your consent via our cookie banner before placing analytics cookies |
How Long We Keep Your Data
We do not keep your personal data for longer than is necessary. Our general retention periods are:
- Contact enquiries: We keep email and message records for up to 12 months, after which they are deleted unless an ongoing relationship has developed.
- Job applications (successful): Retained as part of your employment record in line with employment law obligations.
- Job applications (unsuccessful): Retained for up to 6 months after the recruitment process closes, then securely deleted. We may ask your permission to hold it longer for future roles.
- Booking records: Managed by Fresha under their retention policy.
- Analytics data: Google Analytics data is retained for 14 months by default, in accordance with Google's standard settings.
Who We Share Your Data With
We do not sell, rent or trade your personal data. We may share it with the following third parties only where necessary:
Fresha (Booking Platform)
Appointment bookings are processed through Fresha. Fresha acts as a data processor on our behalf and is bound by their own data protection obligations. More at fresha.com/privacy-policy.
Google (Analytics)
We use Google Analytics 4 to analyse website traffic. This involves sending anonymised usage data to Google's servers. Google acts as a data processor. You can opt out of Google Analytics tracking by adjusting your cookie preferences or using the Google Analytics opt-out browser add-on.
Google Maps
Our contact page includes an embedded Google Maps frame to help you find our salon. When the map loads, Google may collect data in accordance with their privacy policy. We embed this map under a "no referrer" policy to limit data sharing where possible.
Legal Requirements
We may disclose your personal data if required to do so by law, or in response to a valid request from a law enforcement authority.
Your Rights Under UK GDPR
You have the following rights in relation to the personal data we hold about you:
- Right of access — you can ask us for a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure — you can ask us to delete your personal data in certain circumstances.
- Right to restriction — you can ask us to restrict how we use your data while a dispute is resolved.
- Right to data portability — where we process your data by automated means on the basis of your consent or a contract, you can ask us to provide it in a portable format.
- Right to object — you can object to processing based on legitimate interests, including direct marketing.
- Rights related to automated decision-making — we do not use your data for automated decision-making or profiling.
To exercise any of these rights, please contact us at hello@arohasalon.co.uk. We will respond within one month. There is no charge for most requests.
Cookies
Our website uses cookies, including cookies placed by Google Analytics. For full details of what cookies we use, why we use them, and how you can manage your preferences, please read our Cookie Policy.
Data Security
We take appropriate technical and organisational measures to protect your personal data against accidental loss, misuse, unauthorised access or disclosure. Where we use third-party service providers, we ensure they offer a comparable level of data protection.
While we take reasonable steps to protect your data, please be aware that no method of transmission over the internet is entirely secure. If you believe your data has been compromised, please contact us immediately.
Links to Other Websites
Our website contains links to third-party websites including Fresha, Instagram, and Facebook. These sites have their own privacy policies, and we have no responsibility or liability for their content or practices. We encourage you to read their privacy policies before submitting any personal data to them.
Children's Privacy
Our website is not directed at children under the age of 16 and we do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time, for example to reflect changes in the services we offer or our legal obligations. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.
How to Complain
If you are unhappy with how we have handled your personal data, please contact us in the first instance so we can try to resolve the issue:
- Email: hello@arohasalon.co.uk
- Phone: 0131 609 3202
- Post: Aroha Hair & Beauty, 93 Newcraighall Rd, Newcraighall, Musselburgh, EH21 8RX
You also have the right to lodge a complaint with the UK's data protection supervisory authority, the Information Commissioner's Office (ICO), at any time:
- Website: ico.org.uk
- Helpline: 0303 123 1113