Privacy Policy

The following privacy notice outlines how Boss it in Beauty (BIIB) or The Health Fairy (THF) (we’ or ‘us’ or ‘our’) gathers, processes, and protects personal data, stored on behalf of Data Controllers.

This is a Beauty Business that provides Beauty treatments to clients via an online and in house booking system called Fresha.

The data protection officer for the organisation is Sarah Hunt You can contact the data protection officer by sending an email to

We process your personal information for the purposes laid out in this privacy notice. We obtain personal information of our clients only for booking purposes. This involves health information due to treatment restrictions, and booking information in order for us to communicate with our clients about their appointments. We also communicate with our clients via our Fairy letters which is sent out quarterly.

We take your privacy seriously and will never sell or rent your personal data to any third-party. We need to obtain and process your personal data to fulfil our business and legal obligations. We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice.

Your personal data is collected and processed for the following purposes:


In the performance of a booking, to manage appointments (name, address, email, contact number) Through legitimate interest to engage in communication with you to provide updates on information, business news and any offers or promotions coming up In the performance of contract to process appointments etc, we store consultation forms, appointment data and associated notes.


To receive payments via our online booking system, obtained via a third party (Fresha ) in the event that you fail to show up for your appointment.


The individual holds a number of rights in relation to the personal information that we hold on them, which includes:

  • The right to access what personal data we hold about the individual.
  • The right to be informed of how we are using the individual’s personal data.
  • The right to request the erasure of the personal data we hold on the individual.
  • The right to object to us processing the individual’s personal data or restrict us from processing some or all of the individual’s personal data.
  • The right to object to direct marketing from us.
  • The right to request the correction of incorrect information we hold governing the processing of your personal data, on which no action can be taken without instruction from us.
  • The right to request that we transfer the information we hold on the individual to another service provider.

If we receive a request from the individual to exercise any of the above rights, we may ask to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.


Personal data is provided to us through Fresha software, our website, over the phone, in our salons, by email, social media, in writing or any other means by which it is provided by salons and/or consumers.

We have access to information about your account and bookings through Phorest software, for the limited purpose of viewing and updating that information.


We disclose your personal data to third parties for the purposes of providing a service to you, running our business, and when required by law and to enforce our legal rights. Where we use a third-party, we have strict agreements in place governing the processing of your personal data, on which no action can be taken without instruction from us. The third-parties with whom we work will never share or disclose your personal information and will hold it securely at all times. Furthermore, they must process the personal information in accordance with this Privacy Notice and as permitted by applicable data protection laws. We share your personal data with the following categories of companies:

Professional services such as marketing companies to help us run our business and get in contact with you.

Accountancy and insurance companies to help us run our business and fulfil our legal obligations.


THF retains your personal data for as long as necessary to provide you with our services as our client and under the following criteria:

Where there is a legal basis, obligation or legitimate interest to continuing processing your personal information.

Where processing is necessary for the establishment, exercise or defence of legal claims


In the event that you want to purchase a product or service from THF BIIB certain personal information is required to make a booking or sale for you. You can always choose not to provide personal information. However, WE may not be able to fulfil an attempt to purchase a product or service if you do not provide your personal information.


Appropriate measures are taken to protect your personal data from access from unauthorized persons or inappropriate access, internal or external. Your connection to the Phorest system uses a HTTP Secure communication protocol and TLS security.

This means all information passed to the Phorest system is encrypted during data input and transfer to the cloud. Any paper files recording your personal data are held in a locked filing cabinet or safe which can only be accessed by authorised personnel.

All of our employees are assigned specific access rights by us and through this mechanism, can only access the salon software with the PIN number assigned to them by the management of the salon.


In the occurrence that you want to make a complaint about how your personal data was gathered, how it is being processed by THF (or third parties used by THF BIIB) or you are not satisfied about how a complaint has been handled, you retain the right to lodge a complaint directly with the supervisory authority and THF BIIBand also the THF Data Protection Officer.

THE HEALTH FAIRY would appreciate the opportunity to assist you with your query before raising a complaint with Data Protection authorities.


The data protection officer for the organisation is SARAH HUNT You can contact the data protection officer by sending an email to


We may change this notice from time to time. All changes will be posted and updated here. We will notify you directly by email (if we hold one for you) if any significant changes occur. We advise you to check back here frequently to review the most current version of this notice.