This document explains how we might collect your data and what happens to it. Your privacy is fundamentally important to us and we would not collect or use data which was not important for the functioning of our business and to our relationship with you. We are passionate about the services we provide for you and the relationship we can develop with you. We need to use some personal data from you in order to, for example, run our appointments system as well as to share with you information about the services we can offer and to help us decide which services and products you might be interested in. There are also some legal reasons why we need to receive and store your data, such as consent forms for certain treatments.
We routinely collect your name, addresses, email addresses, telephone numbers and date of birth. We keep records of the treatments we have provided for you and on occasions we will keep other sensitive data about you, such as any medical conditions you reveal to us, when they might be relevant to any treatments we consider providing for you.
Mostly we use your data in order to manage your records within our systems and to contact you as required. For example we might send a text message to your mobile phone reminding you about an appointment for a treatment you have booked. We might also assess the information we keep about you in order to decide to contact you (e.g. by email) about a particular service or product which we think might be of interest to you. This is always intended very much to be exclusively things which we feel could genuinely be useful or of interest to you. The decision to contact you might be made by a person considering your data, or by a computer. Sometimes the information we hold can be used to help us decide if a particular service is not appropriate for you, for instance a known or suspected medical condition where it renders some treatments inadvisable. Sometimes there are legal reasons for us to hold your information for an extended period, such as when you provide written consent for us to provide certain types of treatment for you. We will never sell your data to any other company (unless that is part of an acquisition of part or all of our company.)
Cookies are a technology which can be used to provide you with tailored information from our website. A cookie is an element of data that our website sends to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to accept it. This procedure is normal for most websites, but you can set your browser to remove cookies if you wish.
Sometimes we process your data by what is legally defined as Consent. This for example is where you willingly provide your email address on our website in order to sign up to our newsletter. On other occasions there might be a Legal reason to hold your data, such as in regulatory financial issues or medical consent. On other occasions it can be defined legally as Legitimate Interest, which covers simple things like booking an appointment for you, then recording any relevant information about that appointment afterwards.
We only share your data when it is necessary for our business. When we provide this for other companies, they are not at liberty to use the information for any other company or purpose unless that is legally required. For instance we use a company called Mail Chimp to send emails to our clients, so they need access to your data in order to do this. We use Twilio to send text messages to you. We might use a variety of Marketing Companies in order to promote our services to you, so they might need access to some of your data. Some other bodies will be given access to your data, such as software developers who work on our website, though they are not permitted to view or use such data in any way. All of our staff will have access to your data. In all cases there are contractual obligations which restrict your data from being copied or used in any way which is not required as described or implied above.
All written records of your data are stored securely on our premises in Harpenden, England. All digital records are held within a secure, UK data centre. None of your data will be moved or stored outside the European Economic Area.
Your written records are regarded as important documents which we aim to look after carefully and are retained securely within our premises. Digital records are maintained at a UK data centre where a very high level of security is maintained. When digital information is transferred between parties over the internet, we have to assume there is a risk that it could be intercepted or accessed in some way. We consider this to be similar in some ways to sending information by traditional post. Usually it arrives securely but this cannot be guaranteed. However we do not consider ourselves to be the likely target of any sort of criminal data theft as we are a very low risk enterprise. We do not use, record or store such things as card payment details and it is these which are the most valuable targets for criminals. We will review our data security measures periodically to ensure that we are taking reasonable steps to keep this safe.
We intend to keep your general data for 5 years from the date we last used it. This is because we find that some of our clients can return to the salon after a gap of some quite considerable time. It can be beneficial to know about any previous history when this occurs. After that time, we will expect to "anonymise" the data, or delete it completely. If you would prefer us not to store your data, you can ask us to delete or anonymise it sooner. There are exceptions to this. Sometimes there are legal reasons to retain records, such as for financial reasons or where medical consent is given in writing. Currently we are storing this type of information indefinitely, though this might be reviewed in future.
We respect your rights under the GDPR to access and control your personal data. These are for: