Website Rules for Salons & Beauty Businesses
Before/after photos, online booking, Instagram embeds and newsletter signups. Salon websites touch more legal requirements than most owners realize.
Common issues for hair & beauty salons
Before/after photos need consent
Photos of clients require written consent under GDPR, especially if treatments could reveal health information.
Booking data is personal data
Appointment booking systems collect names, contact info, and sometimes treatment details. This is personal data under GDPR.
Instagram embeds track visitors
Embedded Instagram feeds load Meta tracking scripts. These need cookie consent before loading.
Portfolio images may be unlicensed
Stock photos mixed with your own work can trigger copyright claims if not properly licensed.
4
Key issues
4
Areas checked
10
Guides
Real-world enforcement
In 2023, the Spanish AEPD fined a beauty salon €5,000 for posting before/after photos of clients on Instagram without explicit written consent. Under GDPR Article 9, photos that reveal health information (such as skin treatments or dental work) require special category consent — a higher standard than regular GDPR consent.
Official resources
We run the same complete check on every website. The guides below highlight which issues come up most often for each type of business.
Guides for hair & beauty salons
Web Designer Copyright: Who Pays for Bad Images?
Web designer copyright liability under Dutch Auteurswet: who pays when images are unlicensed, how to claim from the designer, contract clauses to add.
Cookie Banner Requirements Under EU Law (2026 Guide)
Cookie banner requirements in the EU 2026: reject equal to accept, no dark patterns, prior consent. EDPB Guidelines 05/2020 explained.
EAA for Dutch SMBs: What ACM Now Enforces
European Accessibility Act (Richtlijn 2019/882) in force since 28 June 2025. What it requires, who is exempt and what ACM enforces in NL.
GDPR Compliance Checklist for Dutch Businesses (2026)
GDPR compliance checklist for Dutch businesses: 35 points covering privacy policy, cookie consent, data processors, retention and breach reporting.
KVK Number on Your Website: Is It Required?
Dutch businesses must display their KVK number on their website. Here is where to put it and what else is required.
AI-Generated Code and Open-Source Licences
Copilot or Cursor wrote GPL code into your site. The site operator distributes it, not the AI. What Doe v. GitHub decided and what you can actually do.
AI-Generated Images on Your Business Website (NL 2026)
Article 50(4) of the AI Act applies 2 Aug 2026. The four risk layers a Dutch SMB should check before publishing AI-generated images on a website.
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
EU AI Act for Dutch Website Owners
Article 50 of the AI Act applies 2 Aug 2026. AP and RDI enforce in the Netherlands. What Dutch SMB sites actually need to label, and what they don't.
How Much Does a Copyright Claim Actually Cost? (EU)
How much a copyright claim costs in the EU: real settlement ranges for Getty Images, Copytrack and PicRights demands plus what drives the price up or down.
Check your hair & beauty salons website now
150+ checks across GDPR, copyright, accessibility, security and more. No account needed.
I understand this is a technical scan, not legal advice, and I accept the Terms.