GDPR Clause for Phorest integration auto-invite feature with Colourstart Passport

Instructions for Salons: How to Use and Deploy Changes

This guidance and clause are indicative only and do not constitute formal legal advice. You should seek independent legal advice to ensure compliance with your own specific circumstances and obligations under UK GDPR.

Instructions for Salons: How to Use and Deploy This Clause (Phorest Integration)

To ensure your salon remains compliant with UK GDPR when using the Phorest and Colourstart Passport integration, please follow these steps:

1. Update Your Privacy Policy and T&Cs
   Copy the clause below and paste it directly into your salon’s official Privacy Notice and your Terms & Conditions. Place it under a section such as “How we share your data” or “Third-party software providers”.
2. Customise the Placeholders
   Replace the bracketed text [salon email/address] at the bottom of the clause with your salon’s actual contact details (ideally the email address of the person responsible for data protection at your salon).
3. Inform Clients at the Point of Booking
   Under UK GDPR’s Right to be Informed, clients must be aware of this data sharing before or at the time it happens.

• Online bookings: Ensure your Phorest online booking or app journey includes wording such as:
  “By booking a colour service, you agree to our Terms & Conditions and acknowledge our Privacy Policy, which includes sharing basic contact details with Colourstart Passport for colour compliance screening.”
• In-salon/phone bookings: If a new client books over the phone or in person, your team should briefly mention the Colourstart system and direct them to your privacy policy.

4. No Separate “Opt-in” Box Needed for the Integration
   Because this data sharing relies on Legitimate Interests (operational compliance for colour services) rather than Consent, you do not need an extra tick-box for this specific sharing. Transparency via your Privacy Policy and booking wording remains essential.
5. Train Your Team
   Ensure front-of-house staff and stylists understand this process. If a client asks, they should be able to say:
   “We only share your name, contact details, and a simple Yes/No on whether we can proceed with your colour in line with Colourstart Passport. We never share your medical or detailed allergy information, and this isn’t used for marketing.”
6. Important Legal Disclaimer
   This guidance and clause are indicative only and do not constitute formal legal advice. Each salon should seek its own independent legal advice to confirm compliance with UK GDPR for its particular circumstances.

📄 GDPR Clause for Phorest–Colourstart Integration

(To be copied into your Privacy Policy / T&Cs)

Data Sharing – Colour Compliance Services

Sharing of Client Data with Colourstart Passport via Phorest

As part of our commitment to providing compliant colour services, we use Phorest (our salon management software), which integrates with Colourstart Passport, a specialist hair colour allergy alert and skin sensitivity screening service.

All our colour services are carried out in accordance with industry best practice. To facilitate this, your relevant personal data—strictly limited to your name, contact details, and a colour compliance status (indicating solely whether we can or cannot proceed with your colour service)—will be shared between Phorest and Colourstart Passport via a secure integration. We do not process or share specific health, allergy, or medical information as part of this integration.

Legal basis for processing: This data sharing is carried out by us on the basis of legitimate interests (Article 6(1)(f) UK GDPR). Ensuring you have a valid compliance status is an essential operational requirement for us to deliver our colour services in line with industry standards. This data is used by the salon solely for service compliance and never for marketing purposes.

How your data is used: Your data is shared with Colourstart Passport to facilitate the colour compliance screening process, link your compliance status with your salon profile within Phorest, and allow Colourstart to instruct you on how to participate where required. Once transferred, Colourstart Passport processes your information in accordance with its own Privacy Policy, which includes use for service administration, internal analytics, and system improvements. Colourstart will only use your data for third-party direct marketing if you give them your separate, explicit consent.

Data retention: Data shared with Colourstart Passport is retained in accordance with its privacy policy, available at https://colourstart.com/privacy-policy. You may request details of how your data is stored at any time.

Your rights: You have the right to access, rectify, or request erasure of your personal data, subject to any overriding legal obligations. To exercise your rights regarding the data held by our salon, please contact us at [insert salon email/address].