This privacy notice explains how SunburyX Hair & Beauty, looks after personal information you give us or that we learn by having you as a client and the choices you make about marketing communications you agree we may send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
1.0 DEFINITIONS AND INTERPRETATION
In this Policy, the following terms shall have the following meanings:
“Personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us when making an appointment. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).
“We/Us/Our” means SunburyX Hair & Beauty, whose registered address is 29, Staines Road West, Sunbury on Thames, TW16 7AB.
2.0 INFORMATION ABOUT US
2.1 Our Business name SunburyX Hair & Beauty, registered address is 29, Staines Road West, Sunbury on Thames, TW16 7AB.
2.2 Our VAT number is 284 0195 02
2.3 Our Data Protection Officer is Ramith Manatunga and can be contacted by email at firstname.lastname@example.org.
3.0 WHAT DOES THIS POLICY COVER?
For the purpose of the Data Protection Act 1998 (the Act), the Data Controller is SunburyX Hair & Beauty, 29 Staines Road west, Sunbury on Thames, TW16 7AB, United Kingdom. We decide what that data is used for.
Dara Processor – A processor is responsible for processing personal data on behalf of a controller. In this regard Versum Salon Booking system is our named data processor, this is an asset that we use to help us collect and process the data.
4.0 WHEN DO WE COLLECT INFORMATION?
We collect information about you when you are booking an appointment for a service or treatment, visiting the salon for a service or treatment, buying a product or when applying for a job. This could be through i.e. walk-in (direct face to face), telephone call, by filling out a form, Email or enter information on our online booking site i.e. www.sunburyx.com provided by Versum (our salon IT system).
5.0 WHAT INFORMATION WE COLLECT ABOUT YOU?
Depending upon your service requirement, we may collect some or all of the following personal and non-personal data. The information you give us may include,
- Personal and contact information when you make a booking including your name, address, email address, telephone number(s), title, date of birth, gender
- Data concerning Health i.e. relevant history which may suggest that a service or treatment should not go ahead or certain products should not be used (e.g. patch tests, allergies, pregnancy, skin conditions)
- Details (and copies) of your communications and interactions with us via our team or otherwise, including by email, telephone (voice recordings), SMS, post and online via our social media channels. We will record the fact that you have contacted us and may retain the content of your communication, together with your contact details and our responses.
- When clients call our salon we collect & store Calling Line Identification (CLI) information through our telephone provider, Yo Telecom. We use this information to help improve customer service.
- Device Details: information about the mobile phone, tablet or laptop you are using to access our free WiFi service.
- CVs and other employee related information. The information we collect about employees, the purposes it is used for and who it will be shared with is set out in our employment contracts and employee handbook.
- Information is also collected to establish and maintain proper business records.
We operate CCTV across the premises for the safety and security of our clients and staff as well as a deterrent for the purpose of criminal activity.
For clients under the age of 16, we will only keep and use their personal information with the consent of a parent, carer or guardian or enter in the booking system as anonymous i.e. girls cut, boys cut etc.
6.0 HOW INFORMATION ABOUT YOU WILL BE USED?
In general terms, we use Personal Information to provide you with the services and products you request, process payment, provide customer services, for customer feedback/satisfaction/reviews, to send you marketing and promotional emails which we think may be of interest to you.
- All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times.
- Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests.
Specifically, we may use your data for the following purposes:
To fulfil a contract with you (to provide the service or treatment you have requested) this includes;
- Communicate with you about your appointments (such as appointment reminders) by email, SMS and phone
- Facilitating your bookings and taking payments
- To allow us to provide better service to you by responding to your customer service requests, to your questions and concerns
To conduct our business and pursue our legitimate interests required by us. in particular;
- To keep our IT system secure and to prevent fraud, security incidents and other crime
- To verify compliance with our terms and conditions and for the establishment, exercise or defence of legal claims
- To notify you about our new services and special offers we think you will find valuable, for example via email and displaying advertising on third party websites such as Facebook (where consent is not required)
- To investigate and respond to any questions or complaints received from you or from others, about our system or our products or services
- To conduct internal research and analysis so that we can see how our IT system, products and services are being used and how our business is performing
- To use customer communications for training, record-keeping and quality control purposes
- To process applications for a position at our salon which have been submitted via the Website or in person, including contacting referees. Information which you provide will be held for a period of 12 months and may be referred to in the event you make future applications to work at SunburyX Hair & Beauty
Where you give us consent:
- To notify you about new services and special offers we think you will find valuable, for example via email and displaying advertising on third party websites such as Facebook (where consent is not required)
- on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time
For purposes which are required by law:
- To respond to requests by government or law enforcement authorities conducting an investigation
- To meet legal, regulatory and compliance requirements
- We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
- Third parties whose content appears on Our Site may use third party Cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
7.0 HOW AND WHERE DO WE STORE YOUR DATA?
- We only keep your personal data for as long as We need to in order to use it as described above in section 6, and/or for as long as We have your permission to keep it
- Your information is stored within the European Economic Area on secure servers provided by Versum Salon Software. By using Versum the security of your data is increased because it is stored in the cloud – on a secure, virtual drive, to which access is granted exclusively to an authorized person in the business (through our account in the system) and also through employees authorised by us. Consequently, it is not necessary to print or copy data onto an external data storage medium, as we have continuous remote access to this data using any device with access to the Internet. This solution almost completely excludes the risk of data loss as a result of damage or theft of physical data carriers (e.g. notebooks, disks, pen drives).
- Any payment transactions are encrypted. Sending information via the internet is not completely secure, although we will do our best to protect your information and prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
- CCTV images are held securely on site.
8.0 HOW LONG YOU’RE INFORMATION WILL BE KEPT FOR?
Unless you request otherwise, we will keep your information to contact you no more than for a maximum of 2 year from your last visit to the salon. After two years we will archive/Delete all your personal information, except for your name, relevant client history (e.g. allergy test records which we keep for 4 years) and financial transactions (which we are obliged to keep for 6 years).
Information about unsuccessful job applicants will be deleted after four months.
CCTV images are automatically deleted after 30 days.
9.0 DO WE SHARE YOUR DATA?
We treat the security and method of processing your Personal Information very seriously, and we will never sell your Personal Information under any circumstances.
All personal information collected by SunburyX Hair & Beauty is only made available to those authorised individuals who need to handle that information for the purposes outlined in this policy.
Some of the people working in our salon are self-employed. Where software systems and reception facilities are shared, our self-employed colleagues will have access to your information but this is only during our normal salon opening hours and no one other than authorized person namely, our salon manager (Prasandika -Prasa) & Administrator/Owner (Ramith) can access after working hours.
However, we may disclose your Personal Information to selected third parties, including in the following situations:
- If we buy, sell or transfer any business or assets or if go into insolvency, bankruptcy or receivership. If this should happen, we may need to disclose your Personal Information to the seller or buyer of such business or assets, as appropriate
- If we are under a duty to disclose or share your Personal Data to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements or protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction
- To government authorities, and to other third parties as required or permitted by law, including but not limited to in response to court orders. We also may disclose user information when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of our Platform, or anyone else that could be harmed by such activities
- We may compile statistics about the use of our services, including number of service/ treatments/retails products used usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you.
Please note: by posting any Personal Information in any publicly accessible area of our social media sites i.e. Facebook, Instagram, google etc. (for review sections etc.), such information may be collected by third parties over which we have no control. We are not responsible for the use of such information by such third parties.
Please therefore exercise all due care and consideration before disclosing any Personal Information that will be disclosed on public areas. You should also avoid disclosing on public areas any Personal Information that may be used to identify you (such as your name, age, home or work address or name of your employer).
10.0 WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?
- In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
11.0 YOUR RIGHT TO WITHHOLD INFORMATION
- Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests.
- You have an absolute right to opt-out of direct marketing at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
12.0 HOW CAN YOU ACCESS YOUR DATA?
You have the right to request a copy of the personal information that we hold about you. Under the GDPR, no fee is payable, and we will provide any and all information in response to your request free of charge.
If you would like a copy of some or all of your personal information, please contact Salon Manager – Prasandika Manatunga (Prasa) or the Data Protection Officer by emailing email@example.com
13.0 CORRECTION OF YOUR INFORMATION
We want to make sure that your personal information is accurate and up-to-date. You may ask us to correct or remove information you think is inaccurate.
If you believe that any information we are holding on you is incorrect or incomplete, please write to, or email us as soon as possible. We will promptly correct any information found to be incorrect.
You have the right to ask us to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it.
For further information visit;www.aboutcookies.org
- By using Our Site, you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.
- All Cookies used by and on Our Site are used in accordance with current Cookie Law.
- Before Cookies are placed on your computer or device, you will be shown a pop-up message requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended.
The transmission of information via the internet, email or text message is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted through the Services or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational measures to safeguard your personal information against loss, theft and unauthorized use, access or modification.
16.0 YOUR RIGHTS
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you. You can read more about these rights here,
- As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
- The right to be informed about Our collection and use of personal data;
- The right of access to the personal data We hold about you (see section 12);
- The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact us using the details in section 18);
- The right to be forgotten – i.e. the right to ask us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 8 but if you would like Us to delete it sooner, please contact Us using the details in section 18);
- The right to restrict (i.e. prevent) the processing of your personal data;
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
- The right to object to Us using your personal data for particular purposes; and
- If you have any cause for complaint about our use of your personal data, please contact us using the details provided in section 18 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
- For further information about your rights, please contact the Information
Commissioner’s Office or your local Citizens Advice Bureau.
17.0 CHANGES TO OUR PRIVACY NOTICE
This privacy notice was last updated on 24th May 2018.
18.0 HOW TO CONTACT US
Please contact us if you have any questions about our privacy notice or information we hold about you by:
- Email: firstname.lastname@example.org
- Phone: 01932 770 230
- Post: SunburyX Hair & Beauty, 29, Staines Road West, Sunbury on Thames, TW16 7AB.
Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you (as under section 12, above).