The General Data Protection Regulation (GDPR), came into force on 25 May 2018 and amends existing data protection law and places enhanced accountability and transparency obligations on organisations when using your information. The GDPR also gives you greater control over your personal information, including a right to object to the processing of your personal information where that processing is carried out for our business purposes.
This policy explains the most important aspects of how we use your information and what rights you have in relation to your personal information.
Who we are
Throughout this document, ”we”, ”us”, ”our” and ”ours” refer to Het Haartheater
The data we collect about you
The type of data we collect will vary depending on the type of service that you require from us. Types of data we hold include:
2.1 data to identify you, including your contact information;
2.2 data relating to your appointments, and usage of our services;
2.3 information about you provided by others (if any); and
2.4 information which you have consented to us using;
2.5 information for your security, and protection of our employees and property.
When we collect your data
We collect information: (i) you give to us; and (ii) information provided to us by third parties.
How we use your data and the legal basis
We use, and share, your data where:
4.1 you have agreed or explicitly consented to the using of your data in a specific way (you may withdraw your consent at any time);
4.2 use is necessary in relation to providing you with a service (e.g. to contact you in relation to your upcoming appointment);
4.3 use is necessary because we have to comply with a legal obligation (e.g. reporting to regulatory authorities or law enforcement); and
4.4 use is necessary to protect your “vital interests” in exceptional circumstances;
4.5 we legitimately need it to protect our employees and property.
Who we share your data with
When providing our services to you, we may share your information with:
5.1 third parties with whom: (i) we need to share your information to allow us to act on your behalf and (ii) you ask us to share your information;
5.2 third parties with whom we are legally obliged to share your data or third parties from whom we get advice;
5.3 where you have specifically consented, our direct marketing processors.
How long we hold your data for
We hold your personal data to comply with all legal requirements after which it is deleted.
Implications of not providing your data
If you do not provide information we may not be able to act on your behalf in an efficient and diligent manner.
We will tell you when we ask for information which is not a contractual requirement or is not needed to comply with our legal obligations.
Using companies to process your data outside the European Economic Area (EEA)
In some cases, we may transfer information about you and your products and services with us to our service providers and other organisations outside the EEA. We will always take steps to ensure that any transfer of information outside the EEA is carefully managed to protect your privacy rights
In some locations we use CCTV cameras to protect you, our employees and our property. Window signage identifies the use of CCTV cameras. There is no access to it at local level. CCTV footage shall be retained for a maximum period of 30 days. This may be reduced depending on equipment storage capabilities. Footage to be used for defense of legal claims shall be held longer. If you wish to exercise your data rights in relation to CCTV please see how to make your request in section 10 (below).
How to exercise your data rights
In accordance with the GDPR which came into force on 25 May 2018, you have a number of rights in relation to how we process your information including the right to:
10.1 object to a particular use of your personal data for our legitimate business interests;
10.2 find out if we use your information, access your information and receive copies of your information;
10.3 in certain circumstances, to have your information deleted or our use of your data restricted;
10.4 have inaccurate/incomplete information corrected and updated;
10.5 exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider); and
10.6 withdraw consent at any time where processing is based on consent.
If you wish to exercise any of your data rights, your request must be made in writing or mail us at [email protected] . You should also furnish a copy of your photo identification and confirmation of the telephone number which you provided to the salon. This is to ensure confidentiality and that we give you the right information. We do not use this information for any other purpose and we will delete it shortly after your request has been actioned.
If we are unable to deal with your request fully within a calendar month we may extend this period by a further two calendar months and shall clearly communicate the reason why to you.