Privacy Policy

This privacy policy explains how Michael Rowan Hair Ltd, looks after personal information you give us or that we learn by having you as a client and the choices you make about marketing communications you agree we may send you.  This notice explains how we do this and tells you about your privacy rights and how the law protects you.

Topics:

  • What information we collect about you
  • How information about you will be used
  • Marketing
  • Employment
  • How long your information will be kept for
  • Where your information is kept
  • Access to your information and correction
  • Cookies
  • Other websites
  • Changes to our privacy notice
  • How to contact us

What information we collect about you

We collect information about you when you book an appointment for a service or treatment, visit the salon, buy a product or apply for a job, whether contact is online, on paper, by email or over the phone.

The information you give us may include your name, address, email address, phone number, relevant history which may suggest that a service or treatment should not go ahead or certain products should not be used (e.g. allergies, pregnancy, skin conditions), payment and transaction information, IP address and CVs.

For clients under the age of 16, we will only keep and use their personal information with the consent of a parent, carer or guardian.

How information about you will be used

In law, we are allowed to use personal information, including sharing it outside the salon, only if we have a proper reason to do so, for example:

  • To fulfil a contract with you i.e. to provide the service or treatment you have requested and to communicate with you about your appointments
  • When it is in our legitimate interest i.e. there is a business or commercial reason to do so, unless this is outweighed by your rights or interests
  • When you consent to it: we will always ask for your consent to hold and use health and medical information.

We will therefore share your information with:

  • Providers of our salon IT systems: Premier Software, iZettle and Microsoft
  • Suppliers of our website: Squarespace

We will not share your information with any other third party without your consent except to help prevent fraud, or if required to do so by law.

Marketing

We would like to send you information about products and services which may be of interest to you.  We will either ask for your consent to receive marketing information or rely on our legitimate interest where you have previously purchased products and services.

You have the right at any time to stop us from contacting you for marketing purposes or giving your information to third party suppliers of products or services.  If you no longer wish to be contacted for marketing purposes, please contact us.

Employment

The information we collect about employees, the purposes it is used for and who it will be shared with is set out in our employment contracts and employee handbook.

How long your information will be kept for

Unless you request otherwise, we will keep your information for a maximum of 3 years from your last visit to the salon.

After a year we will archive all your personal information, except for your name, relevant client history (e.g. allergy test records which we keep for 4 years) and financial transactions (which we are obliged to keep for 6 years).

Information about unsuccessful job applicants will be deleted after four months.

Where your information is kept

Your information is stored within the European Economic Area on secure servers provided by Premier Software, iZettle, Squarespace and Microsoft.  Any payment transactions are encrypted.  Sending information via the internet is not completely secure, although we will do our best to protect your information and prevent unauthorised access.

Access to your information and correction

You have the right to request a copy of the personal information that we hold about you.  This will normally be free, unless we consider the request to be unfounded or excessive, in which case we may charge a fee to cover our administration costs.

If you would like a copy of some or all of your personal information, please contact Michael Rowan, the Data Protection Officer, by emailing michaelrowanhair@gmail.com.

We want to make sure that your personal information is accurate and up-to-date.  You may ask us to correct or remove information you think is inaccurate.

You have the right to ask us to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information.  This is used to track visitor use of the website and to compile statistical reports on website activity.  For further information visit www.aboutcookies.org or www.allaboutcookies.org

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.  However, in a few cases some of our website features may not function as a result.

Other websites

Our website includes links to other websites.  This privacy notice only applies to this website so when you link to other websites you should read their own privacy notices.

Changes to our Privacy Policy

We keep our privacy notice under regular review and we will place any updates on this webpage or on the printed copy.  This privacy notice was last updated on 24th May 2018.

How to contact us

Please contact us if you have any questions about our privacy notice or information we hold about you:

  • By email michaelrowanhair@gmail.com
  • Or write to us at Level 3, 36 Eastcastle Street, London W1W 8DP

You also have the right to complain to the Information Commissioner’s Office.  Find out on their website how to report a concern:

www.ico.org.uk/concerns/handling

Data Retention Policy

This policy sets out what information Michael Rowan Hair Ltd, holds, how long we hold it for and when it will be deleted.

It also covers the procedure to follow regarding data requests.

  • Information held by us
  • How long is personal data held for?
  • Where is personal data held?
  • How is personal data deleted?
  • Access to personal information, correction and deletion

 Information held by us

We hold personal information about:

  • Clients
  • Former clients and prospective clients
  • Employees
  • Job applicants

We also hold information about financial transactions relating to these e.g. services or treatments provided, products bought, payroll information.

How long is personal data held for

We aim not to hold personal data longer than necessary.

Unless requested by an individual, the following types of data will be held for the periods shown below, after which it will be securely deleted or destroyed:

Client general records - 6 years 

Client health records - 4 years

Financial transactions, invoices and supplier details - 6 years

Employee records, contracts of employment, changes to terms and conditions, annual leave, training records - While employment continues and up to 6 years after employment ends

Payroll and wage records including PAYE, income tax, national insurance, sick pay, redundancy payments - 6 years from the financial year-end in which payments were made

Maternity records - 3 years after the end of the tax year in which the maternity pay period ends

Job applications (unsuccessful) - 4 months after notifying unsuccessful candidates

 Where is personal data held

Personal data about clients, financial transactions and employees are held on our secure salon software system or held in secure electronic files electronically which can be accessed only by authorised company employees.

Paper records are held in secure storage. 

How is personal data deleted

Personal data is permanently deleted in accordance with the retention periods listed above from:

  • Salon software system
  • Electronic files
  • Emails
  • Paper records, which are securely shredded.

Access to personal information, correction and deletion

All requests for access to personal information will be handled by Michael Rowan, the Data Protection Officer.

Responses to requests will be made within 30 days.