City 3 Copy of Picture 22logo BOOK ONLINE 020 8966 9564 OR TEXT 07917 701363

 

GENERAL DATA PROTECTION REGULATION (GDPR)

 

What is Collected and Why

 

Data that we collect through our web site or personally are:

  •  

  • Primary details: Name, address, telephone number, email address

  • Secondary details: date of birth and medical/ allergy details

  • Other: GP details and emergency contact details

 

Primary details are collected as a means of contacting you for information you have requested, if we need to change your appointment, to send you appointment confirmations, appointment reminders and contact you if you are running late. We also send out monthly marketing emails to keep you informed on new treatments or offers we are running.

 

Secondary details are collected to access the suitability for treatment or products and also access the need to perform patch tests prior to treatments.

 

We are required to collect other details in case of emergencies that occur within the salon.

 

We do not share details with any third party.

 

How Data is collected and stored

  •  

  • Through our web site: We collect primary data through our website when you book an appointment online and also if you choose to contact us through the online contact form or any other email link from other web directories or social media platforms. None of the data you supply is passed through a third party, it is collated into an email and sent to us by SMTP (simple mail transfer protocol).

 

  • We collect primary data when you contact us to book an appointment through email, telephone or in person. Our telephone calls are not monitored or recorded. These data are collected on desk top, I-pad and Mobile Phorest software and App system. All of which are pin protected and only accessed by staff members. Mobile devices do not leave the salon and are locked overnight in salon premises.

  •  

  • Secondary data is collected upon your first visit or your first specialised treatment through manual consultation forms that are stored in salon locked over night with only staff key holder access.

  •  

  • Site Visitation Tracking: Our website uses Google Analytics to track user interaction and record data such as geographical location, device used, internet browser used and operating system used. The data is used to identify traffic to our website. None of the information personally identifies you. Google in this case acts as a third party data processor. You can disable cookies on your internet browser to stop Google from tracking such data.

  •  

  • We store your data for up to 4 years as advised by our insurers for purposes of any potential insurance claims that may arise.

  •  

  • When making an online booking, you are asked for a nominal booking fee. Any credit card details entered are not stored in anyway. This is outsourced to Stipe and Realex to process payments.

  •  

  • When purchasing vouchers online, you will be re-directed to make payments through Paypal. No credit card details stored or processed by us.

 

 

Third party Data processors: 

 

        Security and Hosting of Phorest:

  • A vast amount of their service and data are hosted in Amazon Web Services (AWS) facilities in the USA and Europe. Phorest services have been built with disaster recovery mind. The servers are within their own virtual private cloud with network access control lists (ACL’s) that prevent unauthorised requests getting to their internal network. Customer data is stored in multi-tenant datastores. Strict privacy controls exist in their application codes to ensure data privacy. All data transferred to or from Phorest is encrypted in transit using 256 bit encryption. Phorest privacy policy found here

  •  

  • Stripe privacy policy can be found here, and security policy found here

  •  

  • Realex privacy policy found here and security policy found here

  •  

  • Paypal privacy policy found here and security policy found here

  •  

 

The ‘Right to Be Forgotten’:

 

Under the new GDPR, individuals can now request ‘the right to be forgotten’. If for any reason you’d like to have your personal data removed from our systems or to request a report of what data we hold on you, it is your legal right to request this and for us to comply within 1 month. We will provide a report to show you this has been done.