Your Website & GDPR Compliance

This fact sheet is for guidance only. It does not constitute legal advice.

GDPR comes into effect on 25th May with its new data protection laws. There are very substantial fines for non-compliance. Here are our guidelines on the steps needed to move your website towards GDPR compliance.

Take these 3 steps to help ensure that your website is GDPR compliant:

1. Have a clear GDPR-compliant Privacy Policy
2. Obtain clear consent to use cookies
3. Collect data on your website in a compliant way

Let’s dive in…

1. Have a clear GDPR-compliant Privacy Policy

A Privacy Policy is the legal contract between you (the salon owner) and the website visitor. It sets out the types of data you collect, what you use it for and how you protect it.

Most of the data you collect and use is collected in-salon and it is stored on your salon software system. Get in touch with your software supplier’s helpdesk if you’re unsure.


What you need to do

We are not lawyers so we cannot advise you about a Privacy Policy and GDPR, and recommend you either:

Don’t just copy and paste someone else’s user Privacy Policy. It is unlikely to contain the proper information for your site.

You then need to supply your final Privacy Policy to us.


What we can do

To make your life as easy as possible we’ve set out the technical website information about data collection and cookies (see below) that your lawyer needs to prepare your Privacy Policy.

We will then build a webpage for your Privacy Policy (supplied by you) and link to it from the footer on every page of your site.

2. Obtain clear consent to use cookies

What is a cookie?

When you visit a website, the website sends the cookie to your computer. Your computer stores it in a file located inside your web browser.

The purpose of the computer cookie is to help the website keep track of your visits and activity. This isn’t always a bad thing. For example, a website might use cookies to keep a record of your most recent visit or to record your login information. Many people find this useful so that they can store passwords on frequently used sites, or simply so they know what they have visited or downloaded in the past.


Changes due to GDPR

Cookies are classed as personal data under GDPR as they can be used to identify an individual. So now you must obtain clear, specific consent from website users to place cookies and track them.


What we can do

We can make two changes to your website to help you comply with GDPR:

  1. Cookie warning notice
  2. Cookie Policy


1. Cookie warning notice

We’ll build a popup which appears on a user’s first visit with the following text:

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your computer/device. Find out more. [link to either your Cookie Policy or the cookie section of your Privacy Policy]


2. Cookie Policy

We can either build a separate page with a Cookie Policy (using the text below) or you can give the suggested wording below to your lawyer to include within your Privacy Policy:

Cookie Policy

Our system may issue cookies to your computer when you log on to the site. Cookies make it easier for you to log on to and use the site during future visits. They also allow us to monitor site traffic and to personalise the content of the site for you. The use of Cookies is an industry standard and you will find them in use at most major sites.

You may set up your computer to reject cookies by changing your browser settings although, in that case, you may not be able to use certain features on our site. For more information about what cookies are and how they work, visit:

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

3. Collecting data on your website

There are 4 different ways your website currently collects personal data

  • Enquiry/contact forms on contact page
  • Job application/upload CV forms on careers page (not all our websites have this)
  • Salon email newsletter subscribe forms
  • First visit offer forms (not all our websites have this)

All of these require changes to your website technical configuration to conform to GDPR.


What we can do

We can make all the technical changes that are needed on these sections of your website if you ask us to.


DON’T FORGET: Once the website collection is compliant please remember that any data you subsequently store on your computer, for example if you keep CVs for future vacancies, is covered by GDPR but is outside the scope of your website compliance.

How much will this cost?

Website GDPR compliance isn’t a simple matter but by taking these steps your site will move substantially in the right direction. Each website is different so the covering email sets out a budget to cover this work for your salon.


Email marketing and GDPR

Finally, to keep things as clear and simple as possible this fact sheet just covers your website GDPR compliance. If we do email marketing for you then we will be in touch separately about the email opt-in broadcasts (and database management) that need to be written, built and sent for GDPR.


This fact sheet is for guidance only. It does not constitute legal advice.