1. Holding information. For our records we record and keep only the essential information relating to each guest and the service they receive. This includes full name, phone number,(landline and or mobile), and email addresses which is kept within our secure online booking app gettimely. We only ever use this information to enable us to have contact regarding any appointments made with us on our premises, over the phone or online. We also, on paper format, hold information regarding skin tests for colour services. This will be name, date of skin test and result as well as any colour notes and formulations used during colour or hair services. For the services we supply in our salon, this is the only information we require, and we will endeavour to keep the information only for an appropriate timeframe. All information is kept following data protection and privacy laws which all staff have been trained on.
2. Providing information. If requested we will provide our employees or guests with the information we hold about them free of charge, and they will have the right to correct any information that is wrong. We will endeavour to provide this information as soon as possible and well within the legal one month time period of receiving the request. Information will never be passed on to third parties without clear written permission from all parties involved.
3. Right to be forgotten. We will oblige in the right for anyone who asks us to delete the data that we collect of them unless there is a good reason not to.
4. Marketing. We will utilise the email addresses to notify guests of any appointment change/cancellation. As well as provide appointment confirmations at the time of booking and a reminder 48 hours before. We will also send out a “how was our service?” email 24 hours after the appointment to provide the opportunity to give us feedback on your experiences with us. None of these require a response. We will also never pass information to any outside third party for marketing purposes. Contact will be kept to an absolute necessity level only.
5. Data breaches. A data breach is the loss, or unauthorised alteration or sharing of any personal data we hold about individuals. This can be deliberate or accidental. We shall keep a record of any data breaches and report serious breaches to the ICO within 72 hours of becoming aware of any breaches and without undue delay.
6. GetTimely Sub Processors. What is a Subprocessor?
A subprocessor is an external service or provider that is enlisted by Timely to deliver our service to you. As part of that service delivery, we may be required to share personal information we have collected about you with these providers.
How do we protect your information?
Timely take the privacy and security of your personal data very seriously and have strict processes in place to ensure this information is shared securely and only when necessary. Personal information: Timely employ Secure Socket Layer (SSL) technology on the collection, storage and processing of all data. All accounts are accessed via secure login with one-way hashing of all passwords. Timely do not access or share any data unless required to by law or with your permission to help resolve system problems.
Payments: All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. Timely do not store this information themselves, instead keeping this with our payment providers who have the highest level of PCI compliance.
Timely also requires that any third-party services or subprocessors, that they use as part of delivering this service to you, meet the requirements and obligations under GDPR, as well as those requirements of the local authority (NZ).
Timely have established Data Processing Agreements (DPA's) with all of our providers, to ensure your personal information is collected, stored and processed in a legal/lawful manner.
7. Izettle payment engine. We use the izettle payment engine to process all due payments for our salon.
Izettle are responsible for protecting the security of personal information in their possession. They have implemented administrative, technical and organizational procedures to protect personal information that is stored in their servers from unauthorized access and accidental loss, modification or disclosure. However, they cannot guarantee that unauthorized third parties will never be able to defeat those measures or use such information for improper purposes. We acknowledge that you provide your personal information at your own risk.We confirm and agree that we will protect and, save where required by law, not disclose, register or otherwise process any information that we may receive about our customers or other third parties while using the Services of izettle. We must notify izettle through Website or by contacting their customer services team at email@example.com without undue delay if we become aware of or suspect any unauthorized access to or disclosure of such information. We may not disclose or distribute any information about our customers or other third parties or use such information for marketing or other purposes unless we receive the express consent of such customer or third party. We are solely responsible for compliance with any applicable privacy laws and regulations of our specific jurisdiction.
8. Cookies. We may use information obtained from cookies or similar technology. Cookies are text files containing small amounts of information which we download onto your computer or device when you visit our website. Therefore, when we refer to “you” in this section we mean your computer. We can recognise these cookies on subsequent visits and they allow us to remember you.