

PRIVACY POLICY

Zulu Bonita ("we", "us", "our") is committed to protecting and respecting the privacy of our clients. This policy explains what personal data we collect from you, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.
This policy applies to data collected when you book an appointment, visit our salon, use our website, or interact with us through social media.
For the purpose of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:
Salon Name: Zulu Bonita
Address: 114 Clerkenwell Road, London, EC1M 5SA
Email: info@zulubonita.com
Phone:
We may collect, use, and store the following types of personal data about you:
Identity & Contact Data: Your full name, title, date of birth, postal address, email address, and telephone numbers.
Appointment & Service Data: Details of past and future appointments, services you have received, and products you have purchased.
Client Notes & Preferences: Notes on your service preferences, stylist/therapist preferences, and professional notes related to your treatments.
Financial & Transaction Data: Details about payments to and from you. Please note that we do not store your full card details; these are processed securely by our third-party payment processors.
Special Category (Sensitive) Data: Information related to your health, such as allergy information, patch test results, and any medical conditions or contraindications that are relevant to the safe provision of our services. We will always ask for your explicit consent to process this data.
Marketing & Communications Data: Your preferences in receiving marketing from us and your communication preferences.
Technical Data: Your IP address, browser type, and version, time zone setting, and location, collected when you use our website or online booking system.
CCTV Data: We operate CCTV cameras on the exterior and in the public areas of our salon for the purpose of crime prevention and public safety.
We collect data in the following ways:
Directly from you: When you create an account, book an appointment online, over the phone or in person, fill in a consultation form, or provide feedback.
Through our booking system: We use Fresha as our online booking and client management system. When you book an appointment online, you provide your data directly to Fresha, which then provides it to us. You can view Fresha's own privacy policy here: Fresha Privacy Policy
Automatically: When you visit our website https://zulubonita.com, we may automatically collect Technical Data about your equipment and Browse actions through the use of cookies.
We will only use your personal data when the law allows us to. Most commonly, we will use your data in the following circumstances:
Purpose/Activity
Type of Data
Lawful Basis for Processing
To register you as a new client and manage your account.
Identity, Contact
Performance of a contract with you.
To book, confirm, remind, and manage your appointments.
Identity, Contact, Appointment
Performance of a contract with you.
To provide our services to you safely and professionally.
Identity, Contact, Appointment, Special Category (Health)
Performance of a contract; Explicit Consent for health data.
To process payments for services and products.
Identity, Contact, Financial, Transaction
Performance of a contract with you.
To manage our relationship with you, including asking for reviews.
Identity, Contact, Marketing & Communications
Legitimate interests (to improve our services).
To send you marketing communications (e.g., special offers, news) via email or SMS, where you have opted-in.
Identity, Contact, Marketing & Communications
Consent.
For health and safety, and insurance purposes (e.g., patch test records).
Identity, Contact, Special Category (Health)
Legal obligation; Legitimate interests (to protect our business).
To operate CCTV for security.
CCTV Images
Legitimate interests (crime prevention).
To keep records for tax and legal compliance (HMRC).
Identity, Contact, Transaction
Legal obligation.
Export to Sheets
Explicit Consent: For all Special Category (Health) data, such as allergy information or medical history relevant to a treatment, we will ask for your explicit consent on our client consultation form. You are not required to provide this information, but if you do not, we may be unable to provide you with certain treatments safely.
We will never sell your personal data. We may have to share your data with the following third parties for the purposes set out in the table above:
Fresha: Our booking and client management software provider, who acts as a "data processor" on our behalf. They store your client record, booking history, and contact details.
Payment Service Providers: Such as Stripe or other providers integrated with Fresha, who securely process your card payments.
Professional Advisers: Including our accountants, lawyers, and insurers, where required for legal and financial compliance.
HM Revenue & Customs (HMRC): And other authorities who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.
Our booking system, Fresha, may store data on servers located outside the UK. When your data is transferred outside the UK, we ensure it is protected by requiring our third-party providers to have appropriate safeguards in place, such as being covered by the UK's adequacy regulations or implementing Standard Contractual Clauses approved by the ICO.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. Access to your personal data is limited to those employees and third parties who have a business need to know. They will only process your data on our instructions and are subject to a duty of confidentiality.
Our client data is stored digitally within the secure Fresha system, which is password-protected and has robust security measures. Any physical consultation forms are stored securely in a locked cabinet.
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or insurance requirements.
By law, we are required to keep basic information about our clients (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being clients for tax purposes.
For insurance purposes, we are required to retain client records, including consultation forms and treatment notes, for seven years from the date of your last treatment.
Data provided for marketing purposes will be kept until you notify us that you no longer wish to receive this information.
Under data protection law, you have rights including:
Right of access: To request a copy of the personal data we hold about you.
Right to rectification: To request the correction of inaccurate or incomplete data.
Right to erasure (the "right to be forgotten"): To request that we delete your data, where there is no compelling reason for us to continue processing it.
Right to restrict processing: To request that we suspend the processing of your data.
Right to data portability: To request the transfer of your data to you or to a third party in a commonly used format.
Right to object: To object to our processing of your data (e.g., for direct marketing purposes).
Right to withdraw consent: You can withdraw your consent at any time where we are relying on consent to process your data.
To exercise any of these rights, please contact us at info@zulubonita.com.
We may update this policy from time to time. The latest version will always be available on our website and in the salon. We encourage you to review it periodically.
We hope to be able to resolve any query or concern you raise about our use of your information. Please contact us first at info@zulubonita.com
However, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues.
Website: https://www.ico.org.uk/concerns
Helpline: 0303 123 1113

