Fruittii London GDPR Policy

Effective date: December 2025
Business: Fruittii London (“we”, “us”, “our”)
Address: Unit A, Norfolk House, Brookmill Rd, Deptford SE8 4HL, UK
Phone: +44 7538 397441
Email: info@fruittiilondon.com

This GDPR Policy explains how Fruittii London complies with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 when we collect, use, store, and share personal data.

1. Scope

This policy applies to personal data processed by Fruittii London in connection with:

  • Our website and online services
  • Appointment bookings and consultations
  • In-salon services and client communications
  • Marketing (where opted-in)
  • Complaints, enquiries, and business administration

2. Key UK GDPR Principles We Follow

We process personal data in line with UK GDPR principles:

  • Lawfulness, fairness, transparency
  • Purpose limitation (used only for clear, legitimate purposes)
  • Data minimisation (only what we need)
  • Accuracy (kept up to date where possible)
  • Storage limitation (kept only as long as necessary)
  • Integrity and confidentiality (secure handling)
  • Accountability (we can demonstrate compliance)

3. Roles and Responsibilities

  • Fruittii London is the Data Controller for the personal data we collect and use.
  • Where we use booking, marketing, analytics, and advertising providers, they may act as Data Processors (or in some cases independent controllers) depending on their role in processing.

We do not appoint a Data Protection Officer (DPO) unless legally required. For privacy queries, contact: info@fruittiilondon.com.

4. What Personal Data We Process

A) Client and booking data

  • Name, email, phone number
  • Appointment details and preferences
  • Service history and notes you choose to share

B) Payment and transaction data

  • Deposit/payment status and receipts
  • We do not store full card details (handled by payment providers)

C) Health and safety data (special category data)

Only where relevant and shared/required for safe service delivery, such as:

  • Allergy/sensitivity information
  • Patch test status and related safety records

D) Website and technical data

  • IP address, browser/device type
  • Cookies and site usage data (where applicable)
  • Marketing/advertising identifiers (where cookies or tracking are enabled)

5. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

  • Contract: to provide services you book (appointments, communications, service delivery)
  • Legitimate interests: to run our salon efficiently, prevent misuse, improve services, and respond to enquiries
  • Legal obligation: where required for accounting/tax and other legal requirements
  • Consent: for marketing communications and certain cookies/tracking (where required)
  • Vital interests / health & safety: where necessary to protect wellbeing

Special category data (health/allergy)

Where we process allergy or sensitivity information, we do so only when necessary for service safety, we minimise what we collect, and we restrict access.

6. Systems and Tools We Use (Third Parties)

We use the following platforms in our operations:

Booking and appointment management

  • Fresha (appointment booking, client management, automated booking messages)

Marketing and email communications

  • Mailchimp (email marketing, newsletters and marketing lists where you have opted in)

Analytics and website performance

  • Google Analytics (website traffic and usage analytics)
  • Ubersuggest (SEO analysis and website performance insights)

Advertising and conversion tracking

  • Meta Pixel (advertising measurement and retargeting on Meta platforms, where enabled)
  • Google Ads conversion tracking / Google Ads tags (“pixels”) (advertising measurement, conversion tracking, and campaign optimisation)

We only share the minimum data required for these tools to function. Where required by law, tracking tools are only activated after consent via cookie controls.

7. Transparency and Consent (Cookies and Tracking)

Where required, we request consent for cookies and tracking technologies used for analytics and advertising.

You can control cookies by:

  • Using our cookie controls (if available), and/or
  • Adjusting your browser settings to block or delete cookies

Please note that blocking cookies may affect website functionality.

8. Data Sharing

We share personal data only where necessary and proportionate, including with:

  • Fresha (to manage bookings and communications)
  • Mailchimp (to send marketing emails to subscribers who have opted in)
  • Google and Meta tools (for analytics and advertising, where enabled and permitted)
  • Website providers (hosting, security, performance)

We do not sell personal data.

9. International Data Transfers

Some of our service providers may process data outside the UK. Where this happens, we ensure appropriate safeguards are used in line with UK GDPR requirements (for example, recognised transfer mechanisms and contractual protections).

10. Data Security Measures

We take reasonable technical and organisational measures to protect personal data, including:

  • Limiting access to authorised staff only
  • Using reputable third-party platforms with security controls
  • Password protection and account security practices
  • Restricting access to special category data (where applicable)

11. Data Retention

We keep personal data only as long as necessary for:

  • Delivering and managing appointments and services
  • Health and safety record-keeping where relevant (e.g., patch tests/allergy forms)
  • Legal/accounting obligations

When no longer needed, data is securely deleted or anonymised.

12. Data Subject Rights (Your Rights)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure where applicable
  • Restrict processing in certain circumstances
  • Data portability (where legally applicable)
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where consent is the basis)

To exercise your rights, email info@fruittiilondon.com. We may request identification to protect your data. We aim to respond within one month, or inform you if a lawful extension applies.

13. Data Breach Management

If a personal data breach occurs, we will:

  • Assess risks to individuals’ rights and freedoms
  • Take steps to contain and remedy the breach
  • Notify the ICO where required
  • Notify affected individuals where required

14. Children’s Data

We welcome clients aged 4 and above, and clients under 16 require parental consent to receive services. We do not knowingly collect children’s personal data online without appropriate consent.

15. Complaints

If you have concerns about our handling of personal data, contact us at info@fruittiilondon.com.

You also have the right to complain to the UK supervisory authority: the Information Commissioner’s Office (ICO).

16. Policy Updates

We may update this GDPR Policy to reflect changes to our services, processes, or legal requirements. The latest version will be published on our website with the updated effective date.