PRIVACY POLICY
THE HAIR BROS- PRIVACY POLICY
We will always respect your concerns about privacy and value the relationship we have with you.
This Privacy Policy below describes the types of personal data we need to collect from you, our customers; how we use that information to create an appointment or a mailing list, and the rights you have regarding our use of this information.
We will also describe the measures we take to protect the security of the information, how long we retain it and how our customers can contact us about our privacy practices and how to exercise their rights.
This Privacy Policy may be updated periodically to reflect changes in our privacy practices. We will always put notice on our website to notify you of any significant changes to the Policy and indicate at the beginning when it was most recently updated.
Date of Last Update: 28th November 2021
WHO WE ARE:
The Hair Bros LTD is the Data Controller for the purposes of The Data Protection Act 2018.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Our Company address and Registered office is:
2 Waverley Street,
The Groves
York
North Yorkshire
Our company number is: 13169259
E-mail: Thehairbros@outlook.com
Our site is Hosted On Square Space (www.squarespace.com). This includes the scheduling software incorporated by Square Space on to the website. Because we do not own this, we ask for the bare minimum in personal data from you, to mitigate as many risks as we possibly can beyond our control.
A link to Square Spaces Privacy Policy is here.
https://www.squarespace.com/privacy
We will always respect your privacy; therefore, we will only ever use the information we collect from yourself to provide our services. We do not share or sell the information we collect for any other purpose than providing the services listed.
At any time, you may request a copy of information we have recorded about you. You may also request we remove all identifiable information with respect to yourself. We will do this always within 72 hours of your writing to us. As a matter of course, we will delete your identifiable information if you have not undertaken business with us after three years.
For transparency, we have decided to list the business services we provide and how each service uses the information we collect from you.
The Haircut.
We request the minimum level of personally identifying information to book you in for a haircut with either of us. This is data you provide us directly will only have to consist of;
Your full name.
Contact details. This will be an email and a contact phone number.
What really good hair means to you. This is of course optional, but everyone see’s their hair differently- that what makes a good haircut so special. You can describe what you like in as little or as many words.
There will also be an option to write if you have any requirements such as needing special seating arrangements, Disabilities we may need to be aware of, allergies to products or wheelchair access. This will always be private and accessible to you, whether you would like us to simply update or delete the note. We want to make the haircut feel as relaxing as possible whoever you are; We believe being made aware beforehand of any special requirements is necessary to make sure we can do our very best for you.
Financial and Transaction details. This will include bank account and payment card details, a billing address as well as details about payments to and from you and other details of services you have purchased from us.
We will never obtain information about you indirectly from sources outside our business without your permission first. This may be a message from you via Instagram asking to book in for a haircut, or an email enquiry. In both those cases we will ask for your consent first before adding your details to make an appointment.
We may occasionally store a quick note with respect to the haircut once finished to ensure that for future haircuts we can make you feel as confident not only in leaving your hair to our hands, but also so it can feel as familiar as possible to you- we want you to switch off once you sit in the chair. An example of this would be, if you have a preference out of Nick or Myself, if you need a seating arrangement to to be comfortable and relaxed during the haircut or if you cannot have a certain hair product on your skin in case of an allergic reaction.
We will always make it clear that when you book in online or over the phone, that we need your consent for us to store your personally identifying information both regarding your details needed for the appointment and for us if we need to make any occasional notes post service.
We will contact you via phone, email or occasionally SMS to confirm the appointment has been booked and to remind you of upcoming appointments; we appreciate there is a lot going on these days!
You will of course have an opt in box to tick if you are happy for us to contact you in these three ways. You can opt out of this at any time.
Text Messages are distributed via third party mobile network providers and, therefore, we cannot control certain factors relating to message delivery or guarantee availability or performance of this service, including liability for transmission delays or message failures.
We do not charge a fee for you to receive Text Messages from us, however, your mobile service provider may charge you for sending and/or receiving text messages and air-time, as well as any other standard applicable rates charged by your mobile service provider.
If you have trouble using the website for any reason, please feel free to contact us at any time on email; thehairbros@outlook.com. We will happily amend, unsubscribe or delete you from our system. You will always have the right to do so under the Data Protection Act.
Marketing
The only form of marketing we have is an email newsletter- To be honest it’s the only one we have time to do and any other forms really cringes us out. We believe a good brand should never have to chase the client.
We will never send you the mailer unless you first provide us consent by either inputting your email to the subscribe to the newsletter, or when booking an appointment.
You can at any time opt out of the mailer by clicking unsubscribe or emailing us if you would like.
Disclosures of your Personal Data:
We may share your personal data with the parties set out below in order to provide the services.
Service providers (acting as processors) such as providers of website and ecommerce services (including Squarespace and Stripe).
Professional advisers (acting as controllers) including bankers, lawyers, auditors, accountants and insurers who provide banking, consultancy, legal, insurance and accounting services.
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes where they act for us as processors of data, and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International Transfers
Many of our external third party providers are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Security:
All personal details including;
(i). Your Name
(ii) Your Contact Details
(iii) Your Financial and Transaction Details
Are saved securely on Square Spaces Acuity Scheduling Software.
How does Acuity help us comply with GDPR?
(i) Acuity allows us to display terms and conditions in our scheduling instructions. We use intake forms to get explicit consent from you to our terms, before you make an appointment or apply for a mailer subscription..
(ii) If we need to delete a client’s information, we can do so in the Client List. We can delete clients in bulk and delete inactive clients, as well. Any client who has not undertaken business with us after 3 years will automatically be deleted.
(iii) If we need to export data to comply with a client’s data portability request, we can do so in the Import/Export section.
(iv) Any exported data is stored in an encrypted form on a hard drive completely separate from the internet. This is kept locked in a fireproof box away from any commercial premises accessible to the public. As on the website; any client who has not made a business transactions with us for three years will be deleted from this too every quarterly period annually.
How do we remove personal data from Acuity?
We can access, update, or delete some personal data in our account, including:
• The email addresses and phone numbers tied to our calendars
• Your Appointments
• Client profiles
If you would like to remove your data but you feel a bit awkward about asking us, you can also contact privacy@squarespace.com and they will delete you data also. But don’t be embarrassed, it is your rights at the end of the day!
Further links for your perusal;
https://www.squarespace.com/privacy
STRIPE:
We use Stripe in conjunction with Acuity as a processor and service provider to safely hold customers card details required for booking.
The Following Security measures are implemented to keep your personal and financial information safe during booking:
Encryption: Your transaction is encrypted and secured. All information, including your credit card, is transferred only over HTTPS with up to 256-bit encryption.
Compliance: Servers are verified PCI compliant. Additionally, your credit card information is not stored on our servers.
A Link to Stripe’s Privacy Policy is here
Cookies, Web Statistics and third party monitoring:
Because we do not let customers create an account on our website, we do not need cookies to help logging in, remembering passwords, cart and card details thankfully.
We use Square Space analytics instead of Google Analytics. The reason for this is because we would not have control of the cookies you agree too by implementing Google Analytics, which would violate your rights.
Squarespace however do use some necessary cookies because they allow visitors to navigate and use key features on our site and to help the site work in the best possible manner.
Under Article 6 of the GDPR act, you have to give us consent to the use of cookies. We ask for this via a pop up as soon as you land on our website. This will show you an opt in or opt out box of the cookies Square Space uses to track your data.
We restrict analytics cookies until you have clicked the confirmation message on your cookie banner.
You can of course refuse to accept cookies on this website and disable them by adjusting your browser settings. Please note, however, that without these cookies, your user experience may be impacted.
A link to Square Spaces cookie policy is here.
How Cookies Work:
Through the use of cookies, Square Spaces servers log details such as your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone in which your device is located. The web server logs also may record information such as the address of the web page that linked you to our site and the IP address of the device you use to connect to the Internet.
Examples of How Square Space uses Cookies on this Site.
(i) Authentication, Customization, Security and Other Functional Cookies. Cookies help us verify your Account and device and determine when you’re logged in, so we can make it easier for you to access the Services and provide the appropriate experiences and features. We also use cookies to help prevent fraudulent use of login credentials and to remember choices you’ve made on the Services, such as your language preference.
(ii) Performance And Analytics. Cookies help us analyze how the Services are being accessed and used, and enable us to track performance of the Services. For example, we use cookies to determine if you viewed a page or opened an email. This helps us provide you with information that you find interesting.
(iii) Third Parties. Third Party Services may use cookies to help you sign into their services from our Services. Any such third party cookie usage is governed by the policy of the third party placing the cookie.
(iv) Squarespace Ads. We partner with third party publishers, advertising networks and service providers to manage our ads on other sites. Our third party partners may set cookies on your device or browser to gather information about your activities on the Services and other sites you visit, in order to provide you with Squarespace ads. For example, if you visit Squarespace and also use a social media platform, you may see a Squarespace ad in your social media newsfeed or timeline.
(V) Opting Out. You can set your browser to not accept cookies, but this may limit your ability to use the Services. We currently don’t respond to DNT:1 signals from browsers visiting our Services. You can also opt out of receiving interest-based ads from certain ad networks here (or if located in the European Union, here).
Third Party Cookies Intended to Improve the Interactivity of the Site
This site may also support certain third party services, including social sharing buttons for Facebook, Twitter, Pinterest and Instagram, tweet lists (Twitter) and videos posted on the site (Youtube or Vimeo). These features use third party cookies that are directly set on your device by these services. When you first visit our site, a cookie banner will inform you of the use of these cookies. They will only be used if you accept them or if you continue using this site. You may change your cookie settings at any time to accept or refuse these cookies by clicking on the cookie control tool below.
How we store your personal information
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site as transmission via the internet is never completely secure; any transmission is at your own risk. All the information you provide during the booking or post haircut is stored on secure servers and an off site, offline safe, fireproof location.
As a matter of course, we will delete your identifiable information if you have not undertaken business with us after three years
Simply Book Me and House Haircuts:
For anyone who previously made a house haircut appointment, the website used was fantastic. It was also fully GDPR compliant, and we have added a link here for your perusal;
https://simplybook.me/en/policy
https://simplybook.me/en/gdpr-compliance
Any Mailing List Made Prior to This Website, where you indicated you were okay with us writing down your details, is saved on an encrypted Hard Drive; Disconnected to the Internet and in a locked, fireproof box away from public premises. If you would like us to delete your details from these spreadsheets, please let us know as soon as possible by emailing thehairbros@outlook.com
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at thehairbros@outlook.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office,
Wycliffe House,
Water Lane, Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Summary
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have 72 hours to respond to you
Please contact us at thehairbros@outlook.com if you wish to make a request.
INFORMATION WE MAY COLLECT FROM YOU
• In order to book an appointment, you will have to provide details including your name, telephone number, email address and an option to let us know if you have any special requirements and what beautiful hair means to you.
• If you contact us we may keep a record of that correspondence.
• Details of your visits to our site (including traffic data, location data) and the resources you access.
USE OF YOUR PERSONAL DATA
We use your personal data to:
• Enable us to give you the best service either of us can provide.
• To email you with an newsletter
We also collect information about your computer, including where available your IP address, operating system and browser type.
DATA SECURITY
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site as transmission via the internet is never completely secure; any transmission is at your own risk. All the information you provide during the booking or post haircut is stored on secure servers and an off site, offline safe location.
As a matter of course, we will delete your identifiable information if you have not undertaken business with us after three years
MARKETING
This is our Newsletter you can opt in to receive. I can’t see us writing it more than 8 times a year to be honest with you.
You of course have the right to ask us to stop processing your personal data for marketing purposes at any time by contacting us at thehairbros@outlook.com
COOKIES
We may collect data about you by using a cookie file which is stored on the hard drive of your computer. You will be prompted to opt in or out via a cookie banner upon landing on the website home page. You can also disable cookies to your preference in your Browser settings.
ACCESS TO YOUR PERSONAL DATA
The Data Protection Act gives you the right to access information held about you. Your right of access can be exercised by contacting us at thehairbros@outlook.com