Privacy Policy
Last updated: March 2026
1. Who We Are
EZ Cuttz (“we”, “us”, “our”) is a barbershop located at:
117 Harrow RoadLeicester, LE3 0JZ
United Kingdom
07710 191020
ezcuttz@gmail.com
We are the data controller responsible for the personal information collected through this website and our online booking system. This policy explains what data we collect, why we collect it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).
2. What Personal Data We Collect
When you make a booking (without an account)
- Full name
- Email address
- Phone number
- Booking details: date, time, services selected, duration, and price
- Payment reference - we store the Stripe Payment Intent ID to link your booking to a completed payment. Your card details are entered directly into Stripe’s secure form and are never seen or stored by us.
When you create an account (optional)
- First and last name
- Email address
- Phone number
- Date of birth (optional)
- Password - stored as a one-way cryptographic hash; we cannot read your password
Creating an account is optional. You can book as a guest without registering. If you do register, your bookings are linked to your account so you can view your booking history.
Automatically collected information
Like most websites, our hosting provider may log standard server access data (IP address, browser type, pages visited, timestamps). This is used solely for security monitoring and is not used to identify you personally.
3. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Process and confirm your booking | Name, email, phone, booking details, payment reference | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Send a booking confirmation email | Name, email, booking details | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Send a booking confirmation SMS | Name, phone, booking details | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Manage your member account and booking history | Name, email, phone, date of birth, past bookings | Performance of a contract (UK GDPR Art. 6(1)(b)) |
| Fraud prevention and payment dispute resolution | Name, email, Stripe payment reference | Legitimate interests (UK GDPR Art. 6(1)(f)) |
| Legal and financial record keeping | Booking records, payment amounts | Legal obligation (UK GDPR Art. 6(1)(c)) |
We do not use your data for marketing, advertising, or profiling. We do not sell your data to third parties.
4. Third Parties We Share Data With
We share your data only to the extent necessary to deliver the booking service. The following third-party processors handle your data on our behalf under data processing agreements:
Stripe (payment processing)
Stripe, Inc. processes payments on our behalf. When you pay, your card details are submitted directly to Stripe’s secure servers. We receive only a payment reference ID and confirmation of success. Stripe may store your name, email, and payment method for fraud prevention and regulatory compliance.
Stripe is certified to PCI DSS Level 1, the highest level of payment card security. Stripe operates globally, including the USA; transfers outside the UK are protected by Stripe’s use of Standard Contractual Clauses approved by the UK ICO.
Stripe’s privacy policy: stripe.com/gb/privacy
SendGrid by Twilio (email delivery)
We use SendGrid to deliver your booking confirmation email. We share your name and email address with SendGrid solely for this purpose. SendGrid operates servers in the USA; transfers are protected by Standard Contractual Clauses.
SendGrid’s privacy policy: twilio.com/en-us/legal/privacy
Twilio (SMS notifications)
We may use Twilio to send booking confirmation text messages. We share your name and phone number with Twilio solely for this purpose. Twilio operates servers in the USA; transfers are protected by Standard Contractual Clauses.
We do not share your data with any other third parties, including advertisers, analytics platforms, or data brokers.
5. How Long We Keep Your Data
| Data | Retention period | Reason |
|---|---|---|
| Booking records (anonymised) | 6 years from booking date | Financial and legal record-keeping obligations |
| Booking personal details (name, email, phone) | 2 years from booking date, or until you request erasure | Fraud prevention and dispute resolution |
| Member account data | Until you delete your account or request erasure | Providing the membership service |
| Payment records (Stripe reference only) | 6 years | Financial record-keeping obligations |
When personal data is no longer required, it is deleted or irreversibly anonymised. Our system supports GDPR erasure requests: upon deletion your personal details are removed from booking records while the anonymised financial record is retained for legal compliance.
6. Your Rights
Under UK GDPR you have the following rights in relation to your personal data:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate data.
- Right to erasure — you can ask us to delete your personal data where there is no overriding legal reason to retain it.
- Right to restriction — you can ask us to pause processing your data in certain circumstances.
- Right to data portability — you can ask for your data in a structured, machine-readable format.
- Right to object — you can object to processing based on legitimate interests.
- Rights related to automated decision-making — we do not carry out any automated profiling or decision-making that produces legal or similarly significant effects.
To exercise any of these rights, contact us at ezcuttz@gmail.com. We will respond within one calendar month. We may need to verify your identity before processing your request.
7. Cookies
Our website uses only the following cookies:
- Session / authentication cookies — used if you log in to your member account. These are strictly necessary and expire when you close your browser or log out.
- Stripe.js cookies — Stripe sets cookies to help detect and prevent fraud. These are set by Stripe’s scripts and are covered by Stripe’s privacy policy.
We do not use analytics cookies, advertising cookies, or any form of tracking cookies.
8. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- All data in transit is encrypted using HTTPS (TLS).
- Passwords are stored using industry-standard hashing algorithms (ASP.NET Core Identity); we cannot read your password.
- Card data never passes through our servers - it is submitted directly to Stripe over an encrypted connection.
- Access to booking data is restricted to authorised staff only.
Despite these measures, no system is completely secure. If you believe your data has been compromised, please contact us immediately at info@ezcuttz.com.
9. Transfers Outside the UK
Some of our third-party processors (Stripe, SendGrid, Twilio) operate servers in the United States. These transfers are made under the UK International Data Transfer Agreement (IDTA) or equivalent Standard Contractual Clauses, ensuring your data receives a level of protection equivalent to that required under UK GDPR.
10. Children’s Privacy
Our online booking service is intended for use by people aged 16 and over. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of our booking service after changes are posted constitutes acceptance of the updated policy.
12. How to Complain
If you are unhappy with how we handle your personal data, please contact us first at info@ezcuttz.com and we will do our best to resolve your concern.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
Information Commissioner’s OfficeWycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
ico.org.uk/make-a-complaint
0303 123 1113