The protection of your privacy and personal information is extremely important to us and any information that you have provided to us will be collected and used in accordance with the General Data Protection Regulation, the Data Protection Act 2018 and the Privacy & Electronic communications Regulations 2003. We will not share your data with any third party except for administrative purposes relating to the services we provide and where we may be required to do so by law.
For our records we record and keep only the essential information relating to each guest and the service they receive or products they receive. This includes full name, phone number,(landline and or mobile), and email addresses which are kept within our secure online booking app Timely.
We only ever use this information to enable us to have contact regarding any appointments made with us on our premises, over the phone or online and to personalise your repeat visits to our salon. This will be name, date of patch test and result as well as information regarding medical suitability for the treatment recorded in consultation forms. For the services we supply in our salon, this is the only information we require, and we will endeavour to keep the information only for an appropriate timeframe. All information is kept following data protection and privacy laws, which all staff have been trained on.
If requested we will provide our employees or guests with the information we hold about them free of charge, and they will have the right to correct any information that is wrong. We will endeavour to provide this information as soon as possible and well within the legal one-month time period of receiving the request. Information will never be passed on to third parties without clear written permission from all parties involved.
We will oblige to the right for anyone who asks, to delete the data that we collect ofnthem unless there is a good reason not to.
We will utilise the email addresses to notify guests of any appointment change/cancellation. As well as provide appointment confirmations at the time of booking and a reminder 48 hours before. We will also send out a “how was our service?” email 24 hours after the appointment to provide the opportunity to give us feedback on your experiences with us. None of these require a response. We will also never pass information to any outside third party for marketing purposes. Contact will be kept to an absolute necessity level only.
A data breach is the loss, or unauthorised alteration or sharing of any personal data we hold about individuals. This can be deliberate or accidental. We shall keep a record of any data breaches and report serious breaches to the ICO within 72 hours of becoming aware of any breaches and without undue delay.
A sub-processor is an external service or provider that is enlisted by Timely to deliver our service to you. As part of that service delivery, we may be required to share personal information we have collected about you with these providers.
Timely take the privacy and security of your personal data very seriously and have strict processes in place to ensure this information is shared securely and only when necessary.
Personal information: Timely employ Secure Sockets Layer (SSL) technology on the collection, storage and processing of all data. All accounts are accessed via secure login with one-way hashing of all passwords. Timely do not access or share any data unless required to by law or, with your permission to help resolve system problems.
Payments: All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into the payment gateway providers database only to be accessible by those authorised with special access rights to such systems. They are required to keep the information confidential. Timely do not store this information themselves, instead keeping this data with their payment providers, who have the highest level of PCI compliance.
Timely also requires that any third-party services or sub-processors that they use as part of delivering this service to you, meet the requirements and obligations under GDPR, as well as those requirements of the local authority (NZ).
Timely have established Data Processing Agreements (DPA's) with all of their providers, to ensure your personal information is collected, stored and processed in a legal/lawful manner.
We use the iZettle payment engine to process all due payments for our salon.
iZettle are responsible for protecting the security of personal information in their possession. They have implemented administrative, technical and organizational procedures to protect personal information that is stored in their servers from unauthorized access and accidental loss, modification or disclosure. However, they cannot guarantee that unauthorized third parties will never be able to defeat those measures or use such information for improper purposes. We acknowledge that you provide your personal information at your own risk.
We confirm and agree that we will protect and, save where required by law, not disclose, register or otherwise process any information that we may receive about our customers or other third parties while using the Services of iZettle. We must notify iZettle through the website or by contacting their customer services team at firstname.lastname@example.org without undue delay if we become aware of or suspect any unauthorized access to or disclosure of such information.
We may not disclose or distribute any information about our customers or other third parties or use such information for marketing or other purposes unless we receive the express consent of such customer or third party. We are solely responsible for compliance with any applicable privacy laws and regulations of our specific jurisdiction.
Last updated: 4th February 2019