t. 01273 270709


Book Appointment


Our Legal Policy for Protecting Your Online Privacy

The following legal privacy policy outlines how Sarah Hurst Skin & Beauty Ltd (henceforth referred to as “we/”us”) collects, uses, protects and transfers your personal data. The data protection officer/data owner for the organisation is Sarah Hurst. You can contact the data protection officer/data owner by sending an email. Please send it to sarah@sarahhurst.co.uk or write to 364 Carden Avenue, Brighton, United Kingdom BN1 8LJ.

Personal data collected

The personal data that we collect will include your name, home address, email address, date of birth, phone number and health information.

Purpose and legal basis for processing your data

We take your privacy seriously. Consequently, we never sell or rent your personal data to any third-party. Sharing your data and direct marketing activities are only carried out with your express consent.  Accordingly, you are free to withdraw your consent at any time.

We need to obtain and process your personal data to provide you with our products, services and treatments as well as fulfilling our business and legal obligations. Collection of any personal information from you that we do not need does not take place. Likewise, we will not retain any data that is no longer necessary for the purposes specified in this notice.

Where we request sensitive personal data from you (i.e. health or medical data), the reason for the request will be clearly given.  Additionally, we will explain the purposes of the processing. We will require explicit consent through your signature for us to obtain and process your health information.

Who is processing my data?

We are the data controller and processors of your personal information. This information is collected for the purposes laid out in this privacy notice.

Phorest acts as data processor on behalf of the salon. Hence, they also have access to personal information. This being said, they only access this data in cases where customer support or troubleshooting is required. Furthermore, they process the information in accordance with this Privacy Notice.  Specifically, this action is permitted by applicable data protection laws.

Your personal data is processed to:

• collect specific personal data that is required to enter into a contract to sell a product or service.
• engage in communication with you including confirmation and reminders of appointments, and requests to cancel or change bookings.
• allow us to perform the agreed services appropriately. With this information, we could potentially highlight areas where products and services may cause issues to you because of your health.
• ensure a safe service and provide industry standard advice.
• make sure you benefit from us selecting relevant offers, promotions and information for you.
• allow us to estimate the number of customers we have.
• permits us to hold personal data that is required by law or to respond to legal process.
• fulfill legal requirements for insurance purposes.
• likewise, so that we comply with relevant law.

Your rights as the individual

If your personal data is held by us, you hold particular rights over it.  You have the right to modify or withdraw your consent at any time by using the unsubscribe option accompanied with all of our direct marketing. Alternatively, you can contact our Data Officer.

You also have the right to:

• be informed of how your personal data will be used before it is collected.
• access your personal data and to have information on how it is used after it has been gathered.
• have personal data corrected if it is incomplete, inaccurate or out-of-date.
• request the removal or deletion of personal data where there is no compelling reason for its continued processing.
• restrict or block processing of your personal data.
• have your data moved, copied or transferred from us to another organisation in an easily readable format.
• object to direct marketing from us.

Special categories of personal data collected

Health questions are asked in many of our consent forms. This is to highlight treatments that may have a negative effect on your health due to medication or a condition you have. We will ask for consent prior to gathering and processing this information. At any time after giving consent, you can withdraw you consent.  However, this is subject to legal, insurance and contractual restrictions. See more on ‘your rights as an individual’. To emphasise, your privacy is very important to us.  We only use this information for determining your suitability for the treatment.

Process of collection

Your personal data is collected when you provide it to us through various means.  These include Phorest software, our website, over the phone, in the clinic, by email, social media, in writing or any other method not mentioned here. Information is stored using the Phorest software platform as well as some paper record keeping. We will give you access to information about your account and bookings through Phorest software.  This would be for the limited purpose of viewing and updating that information.

Children’s Privacy

We do not collect the personal data of children under the age of 13 without parental or guardian consent. Please contact us if you believe that we hold any information from or about a child under age 13. With this in mind, if we cannot immediately obtain appropriate parental or guardian consent, we will remove the personal data from storage.

Data Sharing

Personal data is only shared with Phorest representatives in cases that customer support or troubleshooting is required for the salon. We will not share your personal information with any third-party without your prior consent. It must be remembered however, that this is with the exception of those already disclosed in this privacy notice or as part of our legal obligations under the relevant data protection laws.

Use of Data Processors

Data processors are third parties who provide an element of our business services for us. When we use a third-party, we have strict agreements in place governing the processing of your personal data. These agreements state that no action can be taken without instruction from us. These third-parties will never share or disclose your personal information and, most importantly, will hold it securely at all times. We use software provided by Phorest to manage the salon for appointment scheduling, CRM and marketing.

How long do we keep your data?

We will retain your personal data for as long as necessary to provide you with our services as our client. We are required under tax laws to keep your personal data for a minimum of 7 years. Health and safety records will be retained for 10 years.  If we have your consent for marketing purposes, we will retain the minimum required data until you notify us that you no longer wish to receive such information. We would continue to process your personal information where there is a legal basis, obligation or legitimate interest in it’s continuation.
Likewise, where processing is necessary for the establishment, exercise or defence of legal claims, we retain similar rights.

Transfers of personal information

The personal data we process through Phorest software is held within the EU. Then it is stored in the Amazon Web Services cloud https://aws.amazon.com/. During this process your data is encrypted in transit and at rest.

Consequences of not providing your personal information

When you  purchase a product or service from us, certain personal information is required to enter into a contract with you. We will not enter into a contract with you to  purchase a product or service if you do not provide your personal information. As noted in this privacy statement, we process your personal data to comply with legal and statutory obligations and in the performance of a contract. If you choose not to provide personal information, we will be unable to provide certain products, services and treatments.

Safeguarding your personal data

Appropriate measures are taken to protect your personal data from access from unauthorised persons or inappropriate access, internal or external. Your connection to the Phorest system uses a HTTP Secure communication protocol and TLS security. To clarify, this means all information passed to the Phorest system is encrypted during data input and transfer to the cloud. Any paper files recording your personal data are held in a locked filing cabinet or safe which can only be accessed by authorised personnel in the salon. Employees are only assigned specific access rights and can only access the salon software with the PIN number assigned to them.


You retain the right to lodge a complaint about how your personal data was gathered, is being processed or if you are not satisfied with how a prior complaint was handled. This should be made directly to us via the Data Protection Officer/ GDPR Owner and the supervisory authority. This procedure also applies to complaints regarding third parties used by us.

Data Protection Commissioner
Information Commissioner’s Office
Wycliffe House
Water Lane
+44 (0) 303 123 1113


Sarah Hurst Skin & Beauty Ltd Data Protection Officer / GDPR Owner
Sarah Hurst
364 Carden Avenue, Brighton, United Kingdom(Mainland), BN1 8LJ