Privacy policy

Who we are

FabPro Hair Supplies Ltd ("FabPro Hair", "we", "us", "our") operates the website at fabprohair.com and associated trade portal. We are registered in England and Wales. We are the data controller for personal data collected through this website.

If you have any questions about this privacy policy or how we handle your data, please contact us at privacy@fabprohair.com.

What data we collect

When you place an order or create an account

• Name and contact details (email address, phone number, billing and delivery address)
• Order history and transaction data
• Payment information (processed securely by our payment provider — we do not store card details)
• Account credentials (username and encrypted password)

When you apply for a trade account

• Business name, type and address
• Approximate monthly product spend
• How you heard about us
• Any correspondence relating to your application

When you browse our website

• IP address and browser type
• Pages visited and time spent on site
• Referring website
• Cookie identifiers (see Cookies section below)

When you contact us

• Your name, email address and the content of your message

How we use your data

Purpose	Data used
Processing and fulfilling your order	Name, address, order details, payment confirmation
Managing your customer account	Name, email, order history, preferences
Processing trade account applications	Business details, contact information
Customer support	Name, email, order details, correspondence
Email marketing (with consent)	Email address, purchase history
Improving our website	Anonymised analytics data
Fraud prevention and security	IP address, order and payment data
Compliance with legal obligations	Transaction records, identity data

Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

• Contract performance — processing necessary to fulfil your order or manage your account
• Legitimate interests — fraud prevention, security, improving our services, and direct marketing to existing customers (where you have not opted out)
• Consent — email marketing to new subscribers, non-essential cookies
• Legal obligation — retaining transaction records for tax and accounting purposes

Cookies

We use cookies to make our website work and to improve your experience. Cookies are small text files stored on your device.

Cookie type	Purpose	Can be declined?
Essential	Shopping basket, login session, security tokens	No — required for the site to function
Functional	Remembering your currency and language preferences	Yes
Analytics	Understanding how visitors use our site (anonymised)	Yes
Marketing	Tailoring adverts on other platforms	Yes

You can manage or withdraw your consent to non-essential cookies at any time via our cookie banner. Most browsers also allow you to block or delete cookies through browser settings.

Third parties we share data with

We do not sell your personal data. We share data only as necessary with the following categories of third party:

• Payment processors — to handle card transactions securely (e.g. Stripe, PayPal)
• Delivery partners — Royal Mail, DPD (name, address, phone number for delivery notifications)
• Email service providers — to send transactional and marketing emails
• Analytics providers — anonymised usage data (e.g. Google Analytics)
• Cloud hosting providers — who store website data on our behalf under data processing agreements
• Legal and regulatory authorities — where required by law

All third parties we use are required to handle your data securely and in accordance with applicable data protection law.

Your rights

Under UK GDPR you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your data in certain circumstances
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests, including direct marketing
• Rights related to automated decision-making — we do not use automated decision-making that produces legal or similarly significant effects

To exercise any of these rights, contact us at privacy@fabprohair.com. We will respond within one month.

Data retention

We retain personal data for as long as necessary for the purposes set out in this policy, or as required by law. Specific retention periods include:

• Order and transaction records — 7 years (HMRC requirement)
• Customer account data — for the lifetime of the account, plus 2 years after last activity
• Marketing consent records — until consent is withdrawn, plus 3 years
• Support correspondence — 3 years from resolution
• Website analytics — 26 months (anonymised)

Security

We take the security of your personal data seriously. Measures we have in place include SSL/TLS encryption for all data in transit, encrypted password storage, restricted access to personal data on a need-to-know basis, and regular security reviews of our systems and third-party providers.

If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals where required.

Contact and complaints

For any questions about this policy or to exercise your rights, contact our Data Protection Lead at privacy@fabprohair.com.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):