In line with the new GDPR legislation, we would like to make you aware of how we handle the personal data we collect in the course of our business.
Processor: The Lounge Hair & Beauty Salon
Data Controller: Claire David – Director
What Data is being Collected
The attached Data Audit chart lists all personal data processed by us.
Legal Basis for Data Processing
See attached Data Audit for the legal basis that applies to the different types of data that we process. An explanation of the legal basis for the processing of this data is detailed below.
- Legal Obligation
Where this applies, data is kept strictly in accordance with our requirements to comply to legislation. Eg HMRC / Auto Enrolment / Department of Immigration – right to work.
In providing our services to customers, we need to process certain data. This is necessary in order to perform our core business of carrying out hair & beauty treatments.
- Customer name and contact details are required in order to make the booking for the customer and to keep the customer informed in relation to their appointment should any issues arise such as moving appointment time or calling should they not turn up for their appointment.
- Customer record cards are kept into relation to things like what colour(s) they have had used on their hair so that we have a record for the next appointment or what size lashes they like and whether they have received a patch test prior to their appointment. Allergies are also noted in the customers record card.
- Occasionally customers may supply us with address details, however we do not use these for any form of marketing or mailing at all.
- Email addresses may be taken in order to supply marketing emails, specifically birthday vouchers, other marketing via email is minimal.
It is important to us that genuine consent should be given, giving a clear and open choice, building trust and enhancing our reputation.
Definitive customer consent will be requested for the processing of any data to be used for the purpose of marketing. Within our business this includes the following:
Customer telephone numbers – for the purpose of calling with regards to moving an appointment already booked. Email addresses – for the purpose of sending minimal marketing including a birthday voucher email.
Consent is given / not given in the following way.
- At the time of visiting for initial appointment we will ask the customer for their specific preferences in relation to reminders and direct marketing (direct marketing is not currently practised.)
- We ask people for their preference to positively opt in or not.
- We specify what the consent is for and specifically what the purpose is.
- Records of consent are held within Shortcuts software, which is saved locally.
We make it easy for customers / staff to withdraw their consent at any time and all staff are aware of how to action this. Customers may request to withdraw their consent by contacting us, either by phone on 01252 541313, email to firstname.lastname@example.org or in writing to our trading address which is 29 Fleet Road, Farnborough, Hampshire, GU14 9RB.
- Consent preferences can be changed at any time by emailing us on email@example.com or unsubscribing to any emails you might receive from us.
- We will act on withdrawals of consent as soon as we can but always within 2 weeks.
- We will not penalise individuals who wish to withdraw consent.
- In the case of staff, any preference to withdraw consent should be raised with Claire David. This will be actioned within 2 weeks.
We do not share any data with any third parties.
How Long will Data be Stored
As part of our service to all clients, it is necessary for us to occasionally store treatment history. By this we mean details of completed patch tests, hair colour record, allergies known to us, treatment history and purchase history of hair/beauty products bought. Our software also stores against each client other details such as, name, contact phone numbers, email address and sometimes date of birth to receive their birthday discount email. In order to hold a full history of the client, this data is stored indefinitely.
For information as to how long other data is stored, please refer to the Data Audit chart.
Data Access Requests
We are happy to provide details of all data held in respect of any customer. This will be provided to the customer, upon providing proof of identity (proof of name). It will be provided verbally face to face or in printed form and forwarded to the customer free of charge within five working days.
Any data access requests from staff should be directed to Claire David, who will provide printed copies free of charge and within five working days.
Any complaints should be raised in the first instance to the Data Controller or if preferred to the alternative contact shown below.
- Claire David Data Controller
- Beverly Paling
If you are not satisfied with the way in which your complaint is handled you should direct your complaint to the ICO at www.ico.org.uk/concerns/ or by telephoning them on 0303 123 1113
Alternatively, please visit the salon and we will be happy to help.
The Lounge Hair & Beauty Team