top of page

Beautyroom Privacy Policy, Including Data Collection

 Introduction; Sarah Suter T/A Beautyroom Rothley, ensures your personal information is protected and that we are being transparent about the information we hold about you; so you are informed about how and why we collect, store, use and share your personal information. This Privacy Policy also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

When we handle certain personal data about you, we do so subject to applicable data protection laws, including the General Data Protection Regulation ((EU) 2016/679) and the Data Protection Act 2018. This Privacy Policy supplements our terms and conditions and is not intended to override them.

Our website may provide links to third party websites. We are not responsible for the conduct of third party companies linked to the website and you should refer to the privacy notices of these third parties about how they may handle your personal information.

 Who We Are: When we say “we” or “us” in this Privacy Policy, we mean: Sarah Suter T/A Beautyroom Rothley, 16 Woogate, Rothley, Leicestershire, LE7 7LJ

How Your Personal Data Is Collected; When using the term “personal data” or “personal information” in this Privacy Policy, we mean information (including opinions) that relates to you and from which you could be identified, either directly or in combination with other information which we may have in our possession.

We may collect personal data about you when:

the personal data is provided to us by you, e.g. when you contact us by email or telephone, when you enter a competition, fill in a survey, book a treatment online.

the personal data is collected in the normal course of our relationship with you (e.g. when you sign a personal record form, make a booking, make a payment online or purchase products or services);

the personal data has been made public by you, e.g. contacting usvia a social media platform.

the personal data is received from trusted suppliers (e.g. payment providers, marketing agencies);

Cookies; We use cookies on our website. Cookies are small text files that are downloaded onto your device when you visit a website. Please refer to our cookies policy for further information about our use of cookies.

Personal Data Collected; The categories of personal information about you which we may collect and use includes: Personal details: title, full name, business or home address (current and historic), telephone and mobile numbers, email address, gender, date of birth, age, signature.

Family and Friends Information: family and dependents, emergency contacts.

Public identifiers: photographs, CCTV images and recordings.

Internal Identifiers: consent forms, membership identification number, loyalty/resident card number, personal record forms.

Correspondence: details of referrals, quotes and other contact and correspondence with you.

Services Usage: service usage statistics.

permissions, or preferences that you have specified, such as whether you wish to subscribe to our mailing list or agree to our terms and conditions.

Incident History: health and safety accidents, accident information, complaints communications, reports and notes about health and medical information, treatments and care including details about hospital and doctor’s clinic visits.

Website Access Details: your computer’s unique identifier (e.g. IP Address), the date and time you accessed the Website.

The provision of some information is optional, but, in certain circumstances we will not be able to deliver the services and/or products you have requested if we are not provided with all relevant personal data.

How and Why We Use your Personal Data; Data protection and privacy laws requires us to have a “legal basis” or “lawful ground” to collect and use your personal information. Some of the grounds for processing may overlap and there may be several grounds which justify our use of your personal information.

We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may include:

we have obtained your prior consent, including for direct marketing;

we need to use your personal information in connection with the performance of treatment with you or to take steps at your request prior to having a treatment.

Below is a summary of how we use and the legal basis we rely on to use your personal data (please refer to section 7 below for details about how we handle your special category personal data):

  • Provision of services: for the administration and delivery of the requested treatments and services to you including processing your booking, communicating with you and providing customer service.

  • Safety: to ensure safe working practices and working environment. 

  • Marketing: to promote our services via by email, telephone, social media, post or in person or otherwise but ensuring that such communications are provided to you in compliance with applicable law.

  • Compliance: compliance with our legal and regulatory obligations such as Health and Safety, including maintaining an internal record of compliance.

  • Business Analysis: for business management and operational reasons, such as evaluating, developing and improving our services to you and other customers (which may include contacting you for customer surveys).

  • Record maintenance: to update and enhance customer records.

  • Research: to conduct market or customer satisfaction research, statistical analysis to help us manage our business such as analysing gym usage or engaging with you to obtain your views on our products and services.


Where we do collect and handle special category personal information; we will only handle that information in accordance with applicable law, including where:

we have your explicit consent – including where you voluntarily provide us with that information processing is necessary for the business, treatment,

We will consider that you have given us your consent to hold your special category data where you have voluntarily provided such information in your communications with us or provided information we have marked as optional but for the avoidance of doubt, we will only use the information for the purpose for which it was received unless otherwise required by applicable law.

Direct Marketing; We may use your personal information to send you updates, by email, telephone, push notifications, post or text message, about our treatments, products and services including exclusive offers, promotions or products where you as a consumer have consented for us to do so.

To protect your privacy rights and to ensure you have control over how we market to you:

At any time you can update or correct your personal profile, or change your preferences for the way in which you would like us to communicate with you, including how you receive details of latest offers or news from us;

If you have an online account with us, the easiest way to make updates to your marketing preferences and/or change your personal details is to log onto your account.

You can opt out of receiving marketing communications from us at any time by: clicking  the "unsubscribe" link that you find on any online newsletters or marketing communication you receive;

disabling push notifications within the setting screen of our mobile app.

sending us an email: Please ensure your correspondence is marked ‘Unsubscribe: Marketing Contact List’ and include your full name, email and telephone number to ensure your details are fully deleted from our direct marketing system (please specify whether you would like us to stop all forms of marketing or just a particular type of marketing),

replying STOP to any of our text messages.

calling us directly and speaking to a member of our team on Phone or in person at the front desk on your next visit.

We will not sell your information, or share with other organisations without your prior permission for marketing purposes. We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.

Security of Your Personal Information; We take precautions including administrative, technical and physical measures to safeguard your personal information against loss, theft and misuse, as well as against unauthorised access, modification, disclosure, alteration and destruction. 


We protect your personal information using a variety of security measures including: password access; data back-up; encryption, placing confidentiality requirements on employees, providing training to our employees to ensure that your personal data in handled correctly; destroying or permanently anonymising personal information if it is no longer needed for the purposes it was collected; and secure physical storage units for hard copy files with appropriate security restrictions, preventing damage, and unauthorised access to your personal information.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we have in place robust procedures and security features to try to prevent unauthorised access.

How Long Do We Keep Your Personal Information? We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy, including where we maintain an ongoing business relationship you.

Generally, we will retain your personal data in accordance with any applicable limitation period (as set out in any applicable law), plus one (1) year to allow reasonable time for review and deletion of the information held. This will usually be seven (7) years following the end of our business relationship with you.

In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements or to have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.  When no longer necessary to retain your personal information, we will delete or anonymise it.

Changes To This Privacy Policy; This Privacy Policy was last reviewed and updated in December 2019. We may amend this Privacy Policy from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check this page for the latest version of this Privacy Policy.

Cookie Policy; When someone visits this website we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.  If you do not want a cookie you can set your browser to deny it.

We use cookies from Google Analytics to understand how people find our websites, what content they view and how long they stay on the site.  This is to enable us to improve functionality, navigation and content for our users.  We also use authentication cookies when you are logged into the interactive parts of the website (online bookings etc) to personalise your experience ensure your sensitive information is only ever shown to you.

Below explains the cookies we use and why.

Google Analytics Cookies

Utmz     Tracks where the visitor came from e.g. search engine or referring page or keyword.

Utma     Tracks each users number of visits, first visit, last visit.

Utmb and Utmc                Track when a visit starts and ends.

Cookies for Interactive Features

App_LGD_Cookie - Monitors whether accessing a page via mobile device (iPhone, Android, Windows Phone, etc...).  It will remember if the user accessing via mobile device and will display the mobile optimised website.

ASP.Net_sessionID - This authentication cookie is used to understand that the user has logged in to an interactive area of the website.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or

To opt out of being tracked by Google Analytics across all websites visit

Your Legal Rights In Respect of Your Personal Information; You have legal rights in connection with personal information. Under certain circumstances, by law you have the right to:


Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information (commonly known as the "right to be forgotten"). This enables you to ask us to delete or remove personal information in limited circumstances, where: (i) it is no longer needed for the purposes for which it was collected; (ii) you have withdrawn your consent (where the data processing was based on consent); (iii) following a successful right to object (see Object to processing); (iv) it has been processed unlawfully; or (v) to comply with a legal obligation to which the Trust and/or Serco is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for a number of reasons, including: (i) for compliance with a legal obligation; or (ii) for the establishment, exercise or defence of legal claims.

Object to processing of your personal information by us or on our behalf which has our legitimate interests as its legal basis for that processing, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection,  we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. You can object at any time to your personal information being processed for direct marketing (including profiling).

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, but only where: (i) its accuracy is contested, to allow us to verify its accuracy; (ii) the processing is unlawful, but you do not want it erased; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or (iv) you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where: (i) we have your consent; (ii) to establish, exercise or defend legal claims; or (iii) to protect the rights of another natural or legal person.

Request the transfer of your personal information. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where: (i) the processing is based on your consent or on the performance of a contract with you; and (ii) the processing is carried out by automated means.

Obtain a copy, or reference to, the personal data safeguards used for transfers outside the European Union. We may redact data transfer agreements to protect commercial terms.

Withdraw consent to processing where the legal basis for processing is solely justified on the grounds of consent (please refer to relevant section for details about withdrawing consent to direct marketing).

Please note, to ensure security of personal information, we may ask you to verify your identity before proceeding with any such request.

We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

If you would like to exercise any of these rights, please submit your requests to: or call 0116 230 1903


Subject to legal and other permissible considerations, we will make every effort to honor your request promptly to inform you if we require further information in order to fulfill your request. 

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

bottom of page