Free Cookie Policy Generator for Salon / Spa — DPDPA Compliant

🇮🇳 Key DPDPA Requirements

India's Digital Personal Data Protection Act (DPDPA) 2023 is India's first comprehensive data protection law. It applies to processing of digital personal data within India and to processing outside India if it involves offering goods or services to individuals in India. Significant Data Fiduciaries face enhanced obligations, and the Data Protection Board can impose fines up to ₹250 crore.

• Obtain free, specific, informed, and unconditional consent before processing personal data
• Provide a clear and plain-language privacy notice before collecting data
• Process personal data only for specified lawful purposes
• Implement security safeguards and notify the Data Protection Board of breaches
• Honor data principal rights: access, correction, erasure, and grievance redressal
• Significant Data Fiduciaries must appoint a Data Protection Officer and conduct audits
• Parental consent required for processing data of children under 18

Salon / Spa — Specific Considerations

Salons and spas collect client contact information, service preferences, health and allergy information relevant to treatments, and payment details. Some treatments require detailed health intake forms — allergy history, medications, skin conditions — which constitute sensitive health data. Appointment booking systems typically involve third-party platforms with their own data practices.

Data typically collected by Salon / Spa businesses: client name and contact info, appointment history, treatment preferences, health and allergy information, before/after photos (with consent), payment information

• Health and allergy intake data as sensitive personal data
• Before/after photo consent and usage rights
• Third-party booking platform data sharing
• Loyalty and referral program data
• Staff access to client health records