GDPR Compliance

At ShaBarber, your privacy and data protection rights are our top priority. We strictly comply with the General Data Protection Regulation (GDPR), ensuring your personal information is collected, processed, and stored responsibly, securely, and transparently.

What Information Do We Collect?

When using ShaBarber, we may collect the following personal data:

• Full Name
• Email Address
• Phone Number
• Booking Details (service type, time, preferences)
• Billing information (processed securely through Stripe)
• Device and browser information (for security and analytics)

Why Do We Collect Your Data?

Your data is used only for purposes necessary to provide our services effectively. These include:

• Creating and managing your user account
• Booking and managing barber appointments
• Processing payments through Stripe
• Sending email confirmations and booking reminders
• Improving our services based on usage and feedback
• Ensuring system security and fraud prevention

Our Legal Basis for Processing

We process your data based on the following legal grounds:

• Consent – When you create an account or opt-in to communications.
• Contractual necessity – For managing bookings and fulfilling services.
• Legitimate interest – For security, service improvements, and communication regarding your bookings.
• Legal obligations – When required to comply with applicable laws or regulations.

How Is Your Payment Information Handled?

All payment processing is securely handled by Stripe. We do not store, process, or transmit your card data on our servers. Stripe is a certified PCI-DSS Level 1 payment processor, ensuring your payment details remain protected and encrypted.

How Long Do We Keep Your Data?

We retain your data only as long as necessary to provide our services and comply with legal obligations. You can request deletion of your personal data at any time by contacting us.

Your Rights Under GDPR

As a user, you have the following rights under GDPR:

• Right to Access – Request a copy of your personal data.
• Right to Rectification – Update any inaccurate or incomplete data.
• Right to Erasure – Ask us to delete your personal information.
• Right to Restrict Processing – Temporarily limit our use of your data.
• Right to Data Portability – Request transfer of your data to another service.
• Right to Object – Opt out of certain types of processing, such as marketing.

How to Exercise Your Rights

If you would like to exercise any of your data rights, you can contact our Data Protection Officer at shahomadhat2015@gmail.com. We respond to all requests within 30 days in accordance with GDPR.

Data Security

We take data protection seriously. All user data is transmitted over secure HTTPS connections and stored using industry-standard encryption methods. Internal access to personal data is restricted and monitored.

Third-Party Services

We work with trusted third-party providers like Stripe (for payments) and analytics tools (e.g. Google Analytics). These services adhere to GDPR and only process data under our instructions and legal basis.

Contact & Complaints

If you have questions about our GDPR policy or feel your data is not being handled properly, please contact us at shahomadhat2015@gmail.com. You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO).

ShaBarber is committed to full GDPR compliance and providing full transparency around your personal data. Your trust is everything to us.