Privacy Policy – Cocking Baker Hair
Introduction
Cocking Baker Hair (“we”, “us”, or “our”) is committed to protecting your personal information and respecting your privacy. This privacy policy explains how we collect, use, and protect your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
​
Who We Are
-
Business Name: Cocking Baker Hair
-
Email: yjayhairhairldn@icloud.com
-
Website: www.cockingbakerhair.com
For any privacy-related queries, please contact us using the details above.
​
What Personal Data We Collect
We may collect the following types of personal data:
-
Names and contact details
-
Addresses
-
Information relating to loyalty programmes
​
Purposes of Processing
We collect and use personal data for the following purposes:
-
To provide hair and beauty services
-
To manage bookings and deliver goods or services
-
To send service updates or marketing communications
-
To manage loyalty programme memberships
-
To comply with legal and regulatory requirements
-
For recruitment purposes
​
Lawful Bases for Processing
We process personal data under the following lawful bases:
-
Consent: Where you have given clear permission for us to use your information (e.g. marketing or loyalty programmes).
-
Contract: Where processing is necessary for delivering services or entering into a customer agreement.
-
Legitimate Interests: For running and improving our business, including managing client bookings, loyalty schemes, and marketing – provided your rights are not overridden.
-
Legal Obligation: To comply with legal and regulatory requirements (e.g. employment, tax, and health & safety laws).
​
Legitimate Interests
Where legitimate interests are relied upon, we balance our need to use personal information against your privacy rights. For example, we may keep customer contact details to manage bookings and loyalty memberships efficiently while ensuring data is not kept longer than necessary.
​​Where We Get Your Data
We collect data directly from:
-
Customers who contact us in person, by post, telephone, email, or via our website.
​
Sub-Processors and Systems
We use trusted third-party providers to manage our services securely:
​
​
Other systems may be introduced in the future, but these will only be selected if they comply with our strict data protection requirements.
​
Data Sharing
We do not sell personal data. We may share information only with:
-
Regulatory or legal authorities where required by law.
-
Professional advisers if necessary for business or legal reasons.
​
Data Retention
Personal data will only be retained for as long as necessary to deliver our services, manage customer relationships, or to meet legal and regulatory obligations.
​
International Data Transfers
We do not routinely transfer data outside of the UK. Where systems such as Slick or email providers store data internationally, appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.
​
Data Security
We take appropriate measures to secure your personal information, including:
-
Strong passwords combined with Multi-factor authentication
-
Encryption and secure storage of customer information
-
Restricted access to authorised personnel only
-
Regular reviews of our systems and suppliers
​
Your Rights
Under UK GDPR, you have the right to:
-
Access the personal data we hold about you
-
Request correction of inaccuracies
-
Request deletion of your data (where legally possible)
-
Object to or restrict certain processing
-
Withdraw consent at any time (e.g. marketing communications)
-
Request a copy of your data in a portable format
How to Complain
If you have concerns about how your personal information is handled, please do contact us using the details above initially, we would be more than happy to do the best we can to resolve issues as quickly as possible.
​
If you remain unhappy, you have the right to complain to the Information Commissioner’s Office (ICO):
-
Website: www.ico.org.uk
-
Helpline: +44 303 123 1113