Instructions for Salons: How to Use and Deploy Changes
This guidance and clause are indicative only and do not constitute formal legal advice. You should seek independent legal advice to ensure compliance with your own specific circumstances and obligations under UK GDPR.
To ensure your salon remains fully compliant with UK GDPR when using the Salon IQ and Colourstart Passport integration with auto-invites, please follow these steps to deploy the data sharing clause:
1. Update Your Privacy Policy and T&Cs
Copy the clause below and paste it directly into your salon’s official Privacy Notice and your Terms & Conditions. It should sit under a section related to “How we share your data” or “Third-party software providers”.
2. Customise the Placeholders
Make sure to replace the bracketed text [salon email/address] at the bottom of the clause with your salon’s actual contact details (ideally the email address of the person responsible for data protection at your salon).
3. Inform Clients at the Point of Booking
Under UK GDPR’s “Right to be Informed,” clients must be aware of this data sharing before or at the time it happens.
4. No “Opt-in” Tick Box Required
Because this data sharing relies on Legitimate Interests (operational compliance) rather than Consent, you do not need a separate tick-box asking clients for permission to share this data. However, transparency is legally required, which is why Step 3 is essential.
5. Train Your Staff
Ensure your front-of-house team and stylists understand this process. If a client asks, staff should confidently explain: “We only share your name, contact details, and a simple Yes/No on whether we can proceed with your colour. We never share your medical or allergy details, and it’s never used for marketing.”
Sharing of Client Data with Colourstart Passport
As part of our commitment to providing compliant colour services, we use Salon IQ (our salon management software) which integrates with Colourstart Passport, a specialist hair colour allergy alert and skin sensitivity screening service.
All our colour services are carried out in accordance with industry best practice. To facilitate this, your relevant personal data—strictly limited to your name, contact details, and a colour compliance status (indicating solely whether we can or cannot proceed with your colour service), will be shared between Salon IQ and Colourstart Passport via a secure integration. We do not process or share specific health, allergy, or medical information.
Legal basis for processing: This data sharing is carried out by us on the basis of legitimate interests (Article 6(1)(f) UK GDPR). Ensuring you have a valid compliance status is an essential operational requirement for us to deliver our colour services in line with industry standards. This data is purely used by the salon for service compliance and never for marketing purposes.
How your data is used: Your data is shared with Colourstart Passport to facilitate the colour compliance screening process, link your compliance status with your salon profile, and allow them to instruct you on how to participate. Once transferred, Colourstart Passport processes your information in accordance with their own Privacy Policy, which includes using data for service administration, internal analytics, and system improvements. They will only use your data for third-party direct marketing if you grant them your separate, explicit consent.
Data retention: Data shared with Colourstart Passport is retained in accordance with their privacy policy, a copy of which is available at https://colourstart.com/privacy-policy. You may request details of how your data is stored at any time.
Your rights: You have the right to access, rectify, or request erasure of your personal data, subject to any overriding legal obligations. To exercise your rights regarding the data held by our salon, please contact us at [insert salon email/address].