We keep our privacy notice under regular review and may be updated periodically and without prior notice to you to reflect changes in our information practices and we will place any updates on this webpage. This privacy notice was last updated on 28th February 2023.
PRIVACY POLICY
This privacy notice explains how Nico Hairdressing looks after personal information you give me or that we learn by having you as a client and the choices you make about marketing and appointments communications you agree I may send you. This notice explains how I do this and tells you about your privacy rights and how the law protects you.
TOPICS:
The information you give me may include your name, address, email address, phone number, relevant history which may suggest that a service or treatment should not go ahead or certain products should not be used (eg allergies, pregnancy, skin conditions), payment and transaction information, IP address and CVs. For clients under the age of 16, I will only keep and use their personal information with the consent of a parent, carer or guardian.
I may also receive personal data about you from my security service partners and any payment providers I may engage. I currently use Zettle to manage payments.
HOW INFORMATION ABOUT YOU WILL BE USED
I will not share your information with any other third party without your consent except to help prevent fraud, or if required to do so by law.
MARKETING
I would like to send you information about products and services which may be of interest to you. I will ask for your consent to receive marketing information.
If you have consented to receiving marketing, you may opt out at a later date.
You have the right at any time to stop me from contacting you for marketing purposes. I currently use photo and video content captured in any location for marketing purposes across my social media profiles and websites. If you do not wish to have your photo or video taken, please notify me by email. If you want any content of you removed from my platforms after your appointment, please contact me [email protected] and I will remove it. If you no longer wish to be contacted for marketing purposes, please contact Nico email [email protected]
DATA RETENTION POLICY
This policy sets out what information Nico Hairdressing holds, how long I hold it for and when it will be deleted.
It also covers the procedure to follow regarding data requests.
Client general records 12 months
Client health records 4 years
Financial transactions, invoices and supplier details 6 years
Employee records, contracts of employment, changes to terms and conditions, annual leave, training records
While employment continues and up to 6 years after employment ends
Payroll and wage records including 6 years from the financial year-end in which
PAYE, income tax, national insurance, sick pay, redundancy payments payments were made
Maternity records 3 years after the end of the tax year in which the maternity pay period ends
Job applications (unsuccessful) 4 months after notifying unsuccessful candidates
Emails One year from the end of the month in which they were received or sent unless a longer period is relevant as above. Emails to and from ex-employees or contractors will be deleted within 2 weeks of them leaving unless these form part of the employment record – see above.
HOW IS PERSONAL DATA DELETED?
Personal data is permanently deleted in accordance with the retention periods listed above from:
– Emails
– Paper records, which are securely shredded.
ACCESS TO PERSONAL INFORMATION, CORRECTION AND DELETION
All requests for access to personal information will be handled by Nico. Responses to requests will be made within 30 days.
All information relating to the individual will be compiled into a report and collected from:
Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third party where I have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).
Any payment transactions are encrypted. Sending information via the internet is not completely secure, although I will do my best to protect your information and prevent unauthorised access.
ACCESS TO YOUR INFORMATION AND CORRECTION
You have the right to request a copy of the personal information that I hold about you. This will normally be free, unless I consider the request to be unfounded or excessive, in which case I may charge a fee to cover my administration costs.
If you would like a copy of some or all of your personal information, please email [email protected]
I want to make sure that your personal information is accurate and up-to-date. You may ask me to correct or remove information you think is inaccurate.
You have the right to ask me to object to my use of your personal information, or to ask me to delete, remove or stop using your personal information if there is no need for me to keep it.
I email e-newsletters to inform you about products, services and treatments provided by me. You have the opportunity to unsubscribe from e-newsletters at any time.
E-newsletters may contain subscriber tracking facilities within the actual email, for example, whether emails were opened or forwarded, which links were clicked on within the email content, the times, dates and frequency of activity. I use this information to refine future email campaigns and provide you with more relevant content based around your activity.
GENERAL
My platform may contain links to third party websites. I am not responsible for the content of those website, and if you provide any information to that website, then this privacy policy does not apply. You should check the third party website to find the applicable privacy policy.
If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.
CONTACT ME
If you have any questions about this Privacy Policy, please contact me:
www.ico.org.uk/concerns/handling
PRIVACY POLICY
This privacy notice explains how Nico Hairdressing looks after personal information you give me or that we learn by having you as a client and the choices you make about marketing and appointments communications you agree I may send you. This notice explains how I do this and tells you about your privacy rights and how the law protects you.
TOPICS:
- What information I collect about you
- How information about you will be used
- Marketing
- Employment
- How long your information will be kept for
- Where your information is kept
- Access to your information and correction
- Cookies
- Other websites
- Changes to my privacy notice
- How to contact me
- WHAT INFORMATION I COLLECT ABOUT YOU
The information you give me may include your name, address, email address, phone number, relevant history which may suggest that a service or treatment should not go ahead or certain products should not be used (eg allergies, pregnancy, skin conditions), payment and transaction information, IP address and CVs. For clients under the age of 16, I will only keep and use their personal information with the consent of a parent, carer or guardian.
- PERSONAL DATA I RECEIVE FROM OTHERS
I may also receive personal data about you from my security service partners and any payment providers I may engage. I currently use Zettle to manage payments.
HOW INFORMATION ABOUT YOU WILL BE USED
- In law, I am allowed to use personal information, including sharing it outside the salon, only if I have a proper reason to do so, for example:
- To fulfil a contract with you ie to provide the service or treatment you have requested and to communicate with you about your appointments
- When it is in my legitimate interest ie there is a business or commercial reason to do so, unless this is outweighed by your rights or interest
- When you consent to it: I will always ask for your consent to hold and use health and medical information.
- Supplier of our website, Weebly.com - Square.com
- I currently use fresha.com/for-business Partner Account Online Booking
- Privy marketing email subscription
- Zotabox.com
- I currently use manage.cookiebot.com/en/manage for the cookies policy
I will not share your information with any other third party without your consent except to help prevent fraud, or if required to do so by law.
MARKETING
I would like to send you information about products and services which may be of interest to you. I will ask for your consent to receive marketing information.
If you have consented to receiving marketing, you may opt out at a later date.
You have the right at any time to stop me from contacting you for marketing purposes. I currently use photo and video content captured in any location for marketing purposes across my social media profiles and websites. If you do not wish to have your photo or video taken, please notify me by email. If you want any content of you removed from my platforms after your appointment, please contact me [email protected] and I will remove it. If you no longer wish to be contacted for marketing purposes, please contact Nico email [email protected]
DATA RETENTION POLICY
This policy sets out what information Nico Hairdressing holds, how long I hold it for and when it will be deleted.
It also covers the procedure to follow regarding data requests.
- Information held by me
- How long is personal data held for?
- Where is personal data held?
- How is personal data deleted?
- Access to personal information, correction and deletion
- INFORMATION HELD BY ME
- I hold personal information about:
- Clients
- Former clients and prospective clients
- I also hold information about financial transactions relating to these eg services or treatments provided, products bought, payroll information.
- HOW LONG IS PERSONAL DATA HELD FOR?
- I aim not to hold personal data longer than necessary.
- Unless requested by an individual, the following types of data will be held for the periods shown below, after which it will be securely deleted or destroyed:
Client general records 12 months
Client health records 4 years
Financial transactions, invoices and supplier details 6 years
Employee records, contracts of employment, changes to terms and conditions, annual leave, training records
While employment continues and up to 6 years after employment ends
Payroll and wage records including 6 years from the financial year-end in which
PAYE, income tax, national insurance, sick pay, redundancy payments payments were made
Maternity records 3 years after the end of the tax year in which the maternity pay period ends
Job applications (unsuccessful) 4 months after notifying unsuccessful candidates
Emails One year from the end of the month in which they were received or sent unless a longer period is relevant as above. Emails to and from ex-employees or contractors will be deleted within 2 weeks of them leaving unless these form part of the employment record – see above.
HOW IS PERSONAL DATA DELETED?
Personal data is permanently deleted in accordance with the retention periods listed above from:
– Emails
– Paper records, which are securely shredded.
ACCESS TO PERSONAL INFORMATION, CORRECTION AND DELETION
All requests for access to personal information will be handled by Nico. Responses to requests will be made within 30 days.
All information relating to the individual will be compiled into a report and collected from:
- Financial transactions
- Emails
- Paper records
- WHERE YOUR INFORMATION IS KEPT
Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third party where I have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).
Any payment transactions are encrypted. Sending information via the internet is not completely secure, although I will do my best to protect your information and prevent unauthorised access.
ACCESS TO YOUR INFORMATION AND CORRECTION
You have the right to request a copy of the personal information that I hold about you. This will normally be free, unless I consider the request to be unfounded or excessive, in which case I may charge a fee to cover my administration costs.
If you would like a copy of some or all of your personal information, please email [email protected]
I want to make sure that your personal information is accurate and up-to-date. You may ask me to correct or remove information you think is inaccurate.
You have the right to ask me to object to my use of your personal information, or to ask me to delete, remove or stop using your personal information if there is no need for me to keep it.
I email e-newsletters to inform you about products, services and treatments provided by me. You have the opportunity to unsubscribe from e-newsletters at any time.
E-newsletters may contain subscriber tracking facilities within the actual email, for example, whether emails were opened or forwarded, which links were clicked on within the email content, the times, dates and frequency of activity. I use this information to refine future email campaigns and provide you with more relevant content based around your activity.
GENERAL
My platform may contain links to third party websites. I am not responsible for the content of those website, and if you provide any information to that website, then this privacy policy does not apply. You should check the third party website to find the applicable privacy policy.
If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
This Privacy Policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Courts.
CONTACT ME
If you have any questions about this Privacy Policy, please contact me:
- By email: [email protected]
www.ico.org.uk/concerns/handling