In To Change Hair Salon - Privacy Policy (GDPR)
In To Change Hair Salon - Company Message
Privacy Policy (GDPR)


We are committed to protecting your privacy and personal information and will never abuse your trust.   

This Privacy Policy explains
  • what information is collected 
  • how information is stored 
  • how information is used

What is personal data?
This is the definition provided to us by the Information Commission:
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

What information do we collect?
When you book an appointment in-salon or over the phone:
  • To book an appointment (reserve Stylist time), you must provide your name and at least one contact phone number along with information about the services you would like to receive. All other personal information you provide is optional.
  • To receive email correspondence about your appointments (paperless receipts/appointment reminders/loyalty club point balance, salon information/updates etc), you must provide your email address and confirm that you are happy to receive emails from us.
  • You may provide additional personal information such as your postal address, age, gender etc if you choose to, but this information is not needed to book an appointment and is not used for correspondence.
  • You may disclose information about your business – however this is not personal information which for the purposes of the GDPR only relates to the personal data of individuals
 
When you book an appointment online:
·       To book an appointment (reserve Stylist time), you must provide your name, email address and at least one contact phone number along with information about the services you would like to receive.
·       You may provide additional personal information such as your postal address, age, gender etc if you choose to, but this information is not needed to book an appointment and is not used for correspondence.
 
When a third-party contacts me on your behalf:
  • Personal data provided by a third party such as your name, contact details and specific circumstances.
 
When you visit this website, or interact with this site or the salon via social media:
  • Your IP address and browsing preferences and choices;
  • Your name and username and any comments that you make.
  • You may choose to provide us with additional personal information (for specific appointment booking information, asking questions etc) if you contact us directly.
 
When you fill in a contact form on this website:
  • Your name, email address and phone number (if you request a call back).
  • Any additional information you choose to provide as part of your comments or questions.

When you receive a Hairdressing service or purchase a retail product:
  • To carry out Hairdressing services and purchase salon retail products, you must provide us with certain information, such as your name, phone number, payment information and details of the service you would like or products you would like to purchase. You may also choose to provide us with additional personal information (specific service or product information, asking questions, custom adjustments etc).
  • During your professional consultation, we may ask you to provide additional information such as medical/illness/medication/previous allergic reaction history on the grounds of health and safety and offering you the best service. What you disclose is your choice.
  • You may choose to provide additional personal information during your professional consultation such as lifestyle, health or work-related information to help identify suitable services or prescribe treatments. What you disclose is your choice.
 
How do we collect information?
Your personal information may be collected from a number of sources. These include:
  • From you when you book an appointment.
  • From you when you contact or interact with this site by email or when you communicate through social media.
  • From contact forms you may complete.
  • From public sources of data (e.g. the contact details you have chosen to make public on your website or social media).
  • From organisations/bodies you are connected to or are affiliated with when they provide your information to us.
 
Why do we collect it?
We rely on a number of legal bases to collect, use, and share your information.
  • As needed to provide our services, such as when we use your information to book an appointment, work with you to discuss services or products during the consultation, carry out hairdressing services, provide you with paperless receipts/appointment reminders, to settle disputes, or to provide customer support.
  • In relation to salon updates and paperless receipts/appointment reminders/loyalty point balance reminders/review questionnaires, the information we hold is based on you having given your consent, which you may revoke at any time. For example, in relation to salon updates, you have provided the email and then verified that it should be stored and used as a basis for sending you an email for keeping you updated with salon news.
  • We also collect information because of a legitimate interest, if those legitimate interests are not overridden by your rights or interests, such as providing and improving our services or ensuring we have correct details in relation to any public published information about you. We use your information to provide the services you requested and in our legitimate interest to improve our services.
  • Data relating to any business transaction arises out of a contractual necessity e.g. so both you and the salon are fulfilling the obligations set out in supplier terms and conditions or any contract that may be in place, or if necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law
 
How do we use your information?
We process your data very carefully in order to:
  • Book appointments with accurate allocated service times.
  • Provide personalised service and aftercare plans.
  • Record the Hairdressing services carried out, products used and the cost of services to maintain a detailed client service history as per our industry requirements.
  • Record test results, contraindications, and incompatibilities as per our industry requirements.
  • Record any correspondence and respond accordingly.
  • Send out important information relating to salon news and updates.
  • Send out client service receipts, appointment reminders, loyalty club point balance and salon review questionnaires.
  • Analyse client demographics to offer the most relevant services and products.
  • Maintain relationships with individuals and organisations and send messages from time to time in relation to the salon business.
 
How is it stored?
Your personal data will always be treated with respect and is stored in a number of ways:
  • In paper files stored securely in the salon premises.
  • In software systems which are managed on our Windows hardware or on WebWare provided by a third-party supplier (Shortcuts, MailChimp & Vistaprint).
 
Who do we share your information with?
Information about our customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, we may share your data with and/or obtain information from some third parties:
  • Our website service provider in relation to the use of forms and comments on this website and for the management of cookies on this website;
  • Statistical services with respect to understanding the traffic to the website (such as Google Analytics)
  • Social media providers e.g. Facebook, Twitter, Instagram – to highlight public news
  • Service providers. we engage certain trusted third parties to perform functions and provide services for the salon, such as salon software company, Shortcuts or Email automation platform, Mailchimp. We will share your personal information with these third parties, but only to the extent necessary to perform these services (such as booking your appointment, maintaining client visit records, or sending important salon information).
  • Compliance with laws: We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce our agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
  • Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.

We are committed to protecting your privacy. Under no circumstances do we rent, trade or share your e-mail address without your consent.  

Very occasionally, clients ask to be put in contact with another client. Rather than give their email address to you, we inform you that we will forward your request (using email) ​to them and leave them to decide how to respond.
 
Transfers of Personal Information Outside the EU
We may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If we are deemed to transfer information about you outside of the EU, I rely on Privacy Shield as the legal basis for the transfer, as Google Cloud is Privacy Shield certified.
 
How do we protect your data?
We take the security of your data very seriously. Your data cannot be accessed by third parties other than those providing services as identified in this policy.

We engage reputable service providers to process your data on our behalf for the purposes of email correspondence, service booking and record keeping, website and social media provision. They are all under a duty of confidentiality and are legally obliged to implement appropriate technical and organisational measures to ensure the security of data in line with the relevant legislation.
 
How long do We keep your personal data?
We retain your personal information only for as long as necessary to provide you with our services and as described in this Privacy Policy. However, we may also be required to retain this information to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. Nothing is kept indefinitely. Your personal data is kept under review.
  • Correspondence: we periodically delete contacts and associated emails. 
  • Blog comments and forms: If the blog comment is not published or the form submitted is nonsensical, they are deleted.
  • Spam comments are kept for a period of time prior to reports to Google re. worst offenders.
  • Personal data and business correspondence in relation to all business contracts involving payment is retained for a minimum of six years after the end of the tax year in line with the requirements of HMRC.
 
Cookies
If you live in the EU you will always be notified via a cookie ‘banner’ notice that cookies are used by this site as soon as you alight on the site.

Very many websites, including this one, send you cookies when you visit the site in order to collect data to track traffic flows.  A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or other device browser from a website’s computer and is stored on your device’s hard drive. 

Cookies record information about the location of your IP provider, technical data about your computer and data about which pages you look at on this website and how these were accessed.  They do NOT tell Vistaprint or us who the person is or anything else about the person viewing the site.   If you have a website or blog yourself then you are probably collecting statistical data relating to traffic flows in a very similar way.  
  • First party cookies: Used to provide basic functionality of our Service, including for authentication and security purposes, configuration, and support.
  • Third party cookies: Used to enable certain analytics and tracking tools, as well as interest-based advertising and chat functionality.
  • Session cookies: Used to enable certain analytics and tracking tools, interest-based advertising, as well as for app configuration, monitoring tools, to pin user session to a specific server, and to prevent cross site request forgery.
  • Persistent cookies: Provides functionality of first party cookies and third-party cookies across sessions.
Why we use software which uses cookies: 
Cookie data helps us understand which pages are the most popular and how somebody has arrived at the site e.g. from a hairdressing forum or via a search on Google.  It also enables us to know what format most people are now using to view pages which in turn helps us with prioritising design and accessibility issues on this website

If you are concerned about Cookies you can find out more about how to manage cookies on the AboutCookies website
 
Privacy of Email addresses
Our Privacy Policy in relation to email addresses is simple.
We rely on your consent for us to know and use the personal data you supply – such as name and email address. Your data is always kept safe and secure. 
 
Statistical Data
You are also assured of privacy relating to data collected for statistical purposes – however we are dependent on the privacy policies of third parties in this respect.

All statistical data collected via this site is initially collected, stored and analysed by third parties. 

We are able to download some data to our own computer. All data collected is anonymous and is collected solely for statistical purposes, to improve the service offered and is not used to identify individuals.  
 
Your Rights
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. We describe these rights below:
  • Access. You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
  • Change, restrict, delete. You may also have rights to change, restrict our use of, or delete your personal information. Absent exceptional circumstances (like where we are required to store data for legal reasons) we will generally delete your personal information upon request.
  • Object. You can object to (i) our processing of some of your information based on our legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
  • Complain. If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
 
Contact information and further advice
For purposes of EU data protection law, I, Laura Jayne Lundy (salon owner – the author if this website) am the data controller of your personal information and responsible for ensuring compliance with data protection legislation. If you have a query please contact me in the first instance by email itc_hairsalon@hotmail.co.uk

If you have concerns about the use of your personal data, the Information Commissioners Office is an independent body set up to uphold information rights in the UK. They can be contacted through
  • their website: www.ico.org.uk or
  • their helpline on 0303 123 1113, or
  • in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 


Website Builder provided by  Vistaprint