GDPR
TERMS OF BUSINESS IN RELATION TO GENERAL DATE PROTECTION REGULATION (GDPR)
The Urban Body Bar Limited of 325 Rayners Lane, Pinner, HA5 5EH (Co. Regn. 08348906), is compliant with the General Data Protection Regulation and The Data Protection Act 2018 (hereby collectively referred to as ‘GDPR’).
What is GDPR? The GDPR includes the following rights for individuals in relation to their personal date that we hold:
-
The right to be informed
-
The right of access
-
The right of rectification
-
The right of erasure
-
The right to restrict processing
-
The right to data portability
-
The right to object
-
The right not to be subject to automated decision-making including profiling.
What is Collected and Why
Data that we collect through our web site or personally are:
-
Primary details: Name, address, telephone number, email address
-
Secondary details: date of birth and medical / allergy details
-
Other: GP details and emergency contact details
Primary details are collected as a means of contacting you for information you have requested, if we need to change your appointment, to send you appointment confirmations, appointment reminders and contact you if you are running late. We also send out monthly marketing emails to keep you informed on new treatments or offers we are running.
Secondary details are collected to access the suitability for treatment or products and also access the need to perform patch tests prior to treatments.
We are required to collect other details in case of emergencies that occur within the salon.
We do not share personal data for marketing or sale purposes outside of The Urban Body Bar. Depending on the circumstances, we may share information with debt-collecting and tracing agencies, HMRC inspectors, our insurers, our legal advisors, and potential future owners of the business.
How Data is collected and stored
-
Through our web site: We collect primary data through our website when you book an appointment online and also if you choose to contact us through the online contact form or any other email link from other web directories or social media platforms. None of the data you supply is passed through a third party, it is collated into an email and sent to us by SMTP (simple mail transfer protocol).
-
We collect primary data when you contact us to book an appointment through email, telephone or in person. Our telephone calls are not monitored or recorded. These data are collected on desktop, Mobile Phorest software and App system. All of which are pin protected and only accessed by staff members. Mobile devices do not leave the salon and are locked overnight in salon premises.
-
Secondary data is collected upon your first visit or your first specialised treatment through manual consultation forms that are stored in salon locked over night with only staff key holder access.
-
Site Visitation Tracking: Our website uses Google Analytics to track user interaction and record data such as geographical location, device used, internet browser used and operating system used. The data is used to identify traffic to our website. None of the information personally identifies you. Google in this case acts as a third party data processor. You can disable cookies on your internet browser to stop Google from tracking such data.
-
We store your data for up to 4 years as advised by our insurers for need of any potential insurance claims that may arise.
-
When making an online booking, you are asked for a nominal booking fee. Any credit card details entered are not stored in anyway. This is outsourced to Stipe and Realex to process payments.
-
When purchasing vouchers online, you will be re-directed to make payments through Paypal. No credit card details are stored or processed by us.
-
We will retain your personal data on our secured Client List for the purposes of sending promotional material and offers with regard to The Urban Body Bar.
-
In all cases, we will not hold data longer than is necessary to do so, save for regulatory and insurance requirements. In most cases this is 6 years.
Third party Data processors:
Security and Hosting of Phorest:
A vast amount of their service and data are hosted in Amazon Web Services (AWS) facilities in the USA and Europe. Phorest services have been built with disaster recovery mind. The servers are within their own virtual private cloud with network access control lists (ACL’s) that prevent unauthorised requests getting to their internal network. Customer data is stored in multi-tenant datastores. Strict privacy controls exist in their application codes to ensure data privacy. All data transferred to or from Phorest is encrypted in transit using 256 bit encryption. Phorest privacy policy found here.
Stripe privacy policy can be found here, and security policy found here.
Realex / Global Payments privacy policy can be found here.
Paypal’s privacy policy can be found here.
The ‘Right to Be Forgotten’
Under the GDPR, individuals can now request ‘the right to be forgotten’. If for any reason you’d like to have your personal data removed from our systems or to request a report of what data we hold on you, it is your legal right to request this and for us to comply within 1 month. We will provide a report to show you this has been done. Please note that for some regulatory and insurance requirements, we may be required to hold your data for up to 6 years.
Access to Personal Data – Subject Access Requests
Please note that you can at any time request access to the personal data we hold in our Client List. Furthermore, you can also request the rectification or erasure of such data. Such a requested should be made to Sapna Tankaria info@theurbanbodybar.com, or in writing to The Urban Body Bar Limited, 325 Rayners Lane, Pinner, HA5 5EH. Consideration of any request will be consistent with the GDPR.
A response is to be provided within one month from receipt of the request. For complex or numerous requests, the period may be extended for a further two months, but you will be informed of the extension and the reasons for the delay. If we decided not to take action in relation to your request concerning your personal data, then we will explain why, and you have the right to complain to the Office of the Information Commissioner.
Complaints and Queries
Please contact Sapna Tankaria who is the business’s lead officer in relation to matters concerning the GDPR. All enquiries can be directed to: info@theurbanbodybar.com.
Information Commissioner’s Office
The Urban Body Bar Limited is registered with the Information Commissioner’s Office (ICO) as a data controller for the purposes of GDPR. Our registration reference is ZA627263.
Should you wish to make a complaint, please contact us first on info@theurbanbodybar.com. If you complaint is still unresolved or you are unhappy with the way we have dealt with your complaint, you may be able to take your complaint up with the ICO here.
Last Updated 4/12/2024