Privacy Policy

The One Hair System Ltd
44B George Street, London, W1U 7ES, United Kingdom

The One Hair System Ltd (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. We comply with UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Private Policy explains how we collect, use, share, and protect your personal information when you visit our website, purchase products, or interact with us. Where we process your data jointly with Giella Green Ltd, each entity acts as an independent data controller. This means that each company determines how and why it processes your personal data for its own purposes. We may share limited information (such as booking or client management data) strictly to facilitate service delivery.

We may collect the following categories of personal data:

- Identity and contact information such as your name, address, email address and telephone number.

- Account and order details.

- Payment information processed security via third party providers.

- Marketing and communications preferences.

We may also collect special category data (“Special Category Data”) such as information relating to the scalp or hair conditions, only with your explicit consent, where necessary to provide certain services.

We automatically collect certain technical data when you visit our website, including:
- IP Address, browser type and device identifiers.
- Usage data and analytics through cookies and similar technologies as well as information from our third-party providers.

We use your data to:
- Provide and manage our products and services.

- Process payments and fulfil orders. 

- Communicate with you about your account or appointments. 

- Improve our website and customer experience. 

- Send marketing communications (where permission has been given). 

- Comply with legal or regulatory obligations.

- Handling customer enquiries and complaints.

- Ensuring network and regulatory obligations. 

We process the personal data under one of more of the following bases:

- Contractual necessity: to perform our contract with you.

- Consent: such as for marketing or Special Category Data.

- Legitimate interests: for improving the services we provide.

- Legal obligations: such as for accounting and tax purposes.

We use essential, performance, functionality, and marketing cookies. Manage your preference via browser settings or our Cookie Policy.

We may share your data with: 

Service providers, IT, website hosts, website analytics providers or logistics. 

- Payment processors and couriers. 

- Professional advisers or regulators where we are legally required. 

- Our and your external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations.

- Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymized, but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

All third parties are required to handle your personal data securely and in accordance with applicable data protection law. We do not sell or rent your personal information. 

If we transfer your personal data outside the UK or EEA, we will ensure appropriate safeguards such as UK International Data Transfer Agreements (“IDTAs”) or Standard Contractual Clauses (“SCCs”) are in place.

Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available) legally approved standard data protection clauses recognized or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.

We implement technical and organisational measures to protect your personal information, including, encryption, access controls and secure storage.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from, Get Safe Online on how to protect your personal data and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

We retain your personal data only as long as necessary for the purposes for which it was collected, including to meet legal or accounting requirements. Typically, up to 6 years for financial and transaction records and up to 2 years or until withdrawn, for marketing consent and communications. We will not keep your personal data for longer than we need it for the purpose for which it is used. 

You have the right to: 

- Access, correct or delete your personal data. 

- Restrict or object to processing. 

- Request data portability. 

- Withdraw consent (where applicable). 

- Lodge a complaint with the Information Commissioner’s Office (“ICO”) at www.ico.org.uk

Requests may be made in writing to [email protected]. we have required verification of identity before responding. 

We will only send marketing materials/communications where you have consented to receive marketing materials/communication. You may unsubscribe at any time by following the link in our emails or contacting us directly. 

Our services are not intended for individuals under the age of 16, and we do not knowingly collect data from minors. 

We do not use automated decision-making or profiling that produces legal or significant effects.

We may update this Privacy Policy from time to time. Any updates will be published on our website with the revision date. Continued use of our services indicates acceptance of any changes. 

Our website may contain links to external sites not operated by us. We are not responsible for their content or privacy practices.

If you have questions or concerns about this Privacy Policy, please contact: 

Email: [email protected] 

Address: 44B George Street, London, W1U 7ES, United Kingdom

You may also contact the ICO if you are dissatisfied with our response.