Privacy Policy

1. This Notice

 

2812 regards the lawful and correct treatment of personal information as paramount to successful working, and to maintaining the confidence of those with whom we deal with.  This Privacy Notice explains what personal information we collect and how we use it.

 

We encourage you to explore the following sections of this Notice thoroughly:

 

  • Who we are and how to contact us (Section 2)
  • Your rights (Section 3)
  • Information we collect from you and others (Section 4)
  • What we do with your information (Section 5)
  • The legal basis for processing your information (Section 6)
  • How we keep your information secure (Section 7)
  • How long we keep your information (Section 8)
  • To note when visiting our website, or other online platforms (Section 9)
  • Capturing images (Section 10)
  • What to expect when contacting us (Section 11)
  • Changes to this Notice (Section 12)

 

2. Who we are and how to contact us

 

2.1 About 2812

2812 is a hair salon and beauty bar located in the quaint village of Honley, we offer high quality treatments within our boutique salon using only the best products.

 

2.2 Data Control

For the purposes of Privacy Law*, 2812 (Company No. X, registered at 2 Market Place, Honley, HD9 6NY) is the Data Controller and determines for what purposes personal information will be held and used.

2812 is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.

*Privacy Law means the Data Protection Act 1998 ([as amended by the Data Protection Act 2018]), the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, the General Data Protection Regulation (from 25 May 2018) and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes of practice issued by the UK Information Commissioner or such other relevant data protection authority;

 

2.3 Contacting Us

If you’d like to request further information about our Privacy Notice, or exercise any of your rights [see Section 3], you can contact us:

  • by email to enquiries@2812.co.uk
  • by post to Data Protection Officer, 2812, 2 Market Place, Honley, HD9 6NY

We take any concerns we receive very seriously. If you think our collection or use of your personal information is unfair, misleading or inappropriate, please bring it to our attention and we’ll be happy to provide any additional information or explanations needed. We also welcome suggestions for improving our procedures.

You can also contact the Information Commissioner’s Office at https://ico.org.uk/ or write to Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF or 0303 123 1113 for information, advice or to make a complaint.

 

3. Your rights

 

You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner’s Office website (https://ico.org.uk/ ).

 

3.1 You have the right to be informed about how and why we process your personal information

Any time you give us personal information you have the right to be informed about why we need it and how we’ll use it.

You can find most of the information you need in this Privacy Notice. However, if you have any questions, please contact us (See Section 1)

 

3.2 You have the right to access your personal information

You can request a copy of information we hold about you at any time.

If you do so, we will ask you to provide documented evidence of your identity before we process your request. We may also contact you to clarify your request or to ensure we have all the information we need to fully meet your request.

Privacy Law requires us to respond to your request within 1 month of verifying your identity (or within 3 months for more complex cases).  You’ll receive a full response as soon as we can reasonably provide one and we aim to resolve all subject access requests within 1 month from confirming your identity.  In more complex cases where we cannot provide a full substantive response within that time frame, we’ll write to you within 1 month to explain why an extension is needed.

We don’t charge for subject access requests unless, the requests become excessive from the same requestor.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

 

3.3 You have the right to ask us to correct inaccurate personal information we hold about you

If you believe information we hold about you to be inaccurate or incomplete, you can ask us to correct it or complete it at any time.  Wherever possible, we’ll correct inaccurate or incomplete information immediately.

In more complex cases we’ll take reasonable steps to confirm the accuracy of the information we hold.

We’ll let you know the outcome of our investigation as soon as we can.  Any information we can verify as inaccurate will be corrected within one month of receiving your request.

 

3.4 You have the right to ask us to delete your personal information

In some circumstances you have the right to ask us to delete information we hold about you.  For example, if we have asked for your consent to process the information, and you withdraw that consent.

We’ll respond to your request as soon as we can and we’ll act on any requests granted within one month of your request.

 

3.5 You have the right to ask us to restrict the use of your personal information

In some instances, you have the right to ask us to restrict the use of your personal information (for example if you’ve challenged the accuracy of the information we hold, or have objected to our processing).  We’ll restrict our use of your information whilst we investigate your objection or request to correct your information.

We’ll respond to your request as soon as we can and we’ll act on any requests within one month of your request.

If your objection is unsuccessful, we’ll only continue processing once we’ve let you know the outcome of the investigation.

When processing is restricted, we are still permitted to store your personal data, but not use it. Information related to these requests will not be automatically deleted unless you expressly ask us to.

 

3.6 You have the right to data portability

Where you provide us with personal information and we process that information either with your consent or for the performance of a contract, and our processing is automated, you have the right to move, transfer or copy that data to another system for your own purposes.  We don’t currently use any systems which automatically process information in this way. If we do in future, you can make a request and this data can be exported from our systems for you.

 

3.7 You have the right to ask us not to process your personal information

We process most of the information we collect about you under a lawful basis (See Section 6).  You have the right to object to our processing your personal information under these lawful bases.

We will respond to your objection as soon as we can, detailing any actions we can reasonably make. If we believe there is an overriding compelling reason to continue the processing, we will explain why we think this is.

We’ll action any requests to stop direct marketing as soon as we receive your objection.

You can object to us using your data at any time by contacting us using the details at Section 1

 

4. Information we collect from you and others

 

We will need to ask you for some personal information to give you the best possible experience when you engage with us (via our websites or by other means) and when you use our services.

We will also collect other information about you and the devices you use to access our website by using technologies such as cookies.

We only collect the minimum level of personal information to run our business we will never obtain information about you indirectly from outside our business.

 

The data collected by 2812 includes:

  • Names
  • Postal Addresses
  • Phone Numbers
  • Email Addresses
  • IP Addresses
  • Cookies
  • Location Information
  • Personnel Preferences

 

 

5. What we do with your information

 

5.1 General business activity

We’ll only use your information for the specific purpose(s) for which it has been provided to or collected by us.

If we intend to use your information for a different purpose, we’ll do so in ways consistent with Privacy Law or, wherever possible, by notifying you in advance.

We collect and process a variety of information from you and about you.  In most cases, the information we collect about you is provided by you directly. This is one of the ways we can ensure the information we collect is as accurate and up to date as possible. We’ll usually do this when you first contact us or come into the salon, and we may ask you to confirm your details on subsequent contacts from time to time.

 

5.3 Sharing information

There may be some circumstances where we are required to share some of your information as part of our day to day business activity, to meet our compliance obligations or where we are permitted to under Privacy Law.

We use Schedule to store personnel information such as Name, telephone number email and address to manage our customer accounts effectively. Shedul also provide us with a SMS service to confirm appointments booked and remind you of upcoming appointments. Details of their privacy policy can be found at:

https://www.shedul.com/privacy.html

 

5.5 Important to note

You will be made aware in most circumstances how and with whom your information will be shared.

 

However, there are circumstances where the law allows 2812 to disclose data without prior consent.  These are:

  1. Carrying out a legal duty or as authorised by the Secretary of State
  2. Protecting vital interests of an Individual/Service User, or other person
  3. The Individual/Service User has already made the information public
  4. Conducting any legal proceedings, obtaining legal advice or defending any legal rights
  5. Monitoring for equal opportunities purposes – i.e. race, disability or religion
  6. Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.

 

6. Legal basis for processing your information

 

Privacy Law states we must have a lawful basis for processing your information. We have identified the legal bases on which we process your information, and this varies depending on how and why we have your information. The legal bases we use are:

 

  • Consent: if you’ve given consent for us to process your personal information For example for certain marketing activities.

 

  • Legitimate interest: if the activities are for our business purposes and do not impede your rights as data subjects For example carrying out market research or customer satisfaction surveys to improve our service to you, fraud prevention and detection, ensuring network, information and public security etc

 

 

7. How we keep your information secure

 

All customer personal information stored on our corporate systems is kept on a secure computer. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access.
We use anti-virus software and fire walls to protect against cyber-attack. Unfortunately, the transmission of information via the internet isn’t completely secure. Although we’ll do our best to protect your personal information, we cannot guarantee the security of information you send to us that is outside of our security arrangements; any transmission is at your own risk.
We also operate strict physical security at our salon and employees all receive security and data protection awareness training.

 

8. How long we keep your information

 

We only keep your information for as long as we need it. We’ll retain certain information (e.g. contact information and bank details) for as long as you have a relationship with us. Generally, we’ll keep your account information for 7 years if you no longer use our services, after which time your personal information will be either deleted or anonymised.
Retention periods may be extended in certain limited cases as prescribed or permitted by law.

 

9. When visiting our website or other online platforms

 

Each time you visit to our website or mobile application we’ll automatically collect the following information:

  • Technical information – This includes the Internet Protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

 

  • Location information – When using one of our location-enabled services on our website or mobile applications, we may collect and process information about your actual location. If you wish to use the feature, you’ll be asked to consent to your data being used for this purpose. You can withdraw your consent at any time either by modifying the geo-location settings of your web browser or the location awareness permissions of your mobile device.

 

  • Session information – information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

 

We use information gathered through cookies and similar technologies to measure and analyse information on visits to our websites, to tailor the websites to make them better for visitors and to improve technical performance (see below for more information).

 

9.1 Third-party links

Our website may also contain links to and from other websites including our partner networks and affiliates. If you follow a link to any of these websites, please note that we do not have control over these websites or their content. These websites have their own privacy policies and we’ll not accept any responsibility or liability for these. We recommend that you review the website terms and conditions that are applicable to the third-party website.

 

9.2 Cookies

For the same reasons as above, we may obtain information about your general internet usage by using a cookie file which is stored on your browser, your mobile device or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our systems site and to deliver a better and more personalised service. Some of the cookies we use are essential for the services site to operate.

Cookies are widely used to make our services websites work, or work more efficiently, as well as to provide information.  If you continue to use our site services, you agree to our use of cookies.

The Cookies that we use on our website or mobile applications are listed below:

  • Visitor Statistics Cookies

 

We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using (e.g. Mac or Windows which helps to identify when our site isn’t working as it should for particular technologies), how long they spend on the site, what page they look at etc. This helps us to continuously improve our website. These so called ‘Analytics’ programs also tell us if how people reached this site (e.g. from a search engine) and whether they have been here before helping us to put more money into developing our services for you instead of marketing spend. We use: Google Analytics.

  • Session cookie

 

PHPSESSID – this cookie is set by the PHP platform we have built our website upon, to store the user’s session. The session cookie expires immediately after the internet browser is closed.

  • Cookie Control

 

These cookies are set to remember when you have acknowledged and accepted our cookie message.

 

10. Capturing Images

 

We do not currently have CCTV in operation at the salon but if this is installed in the future we will comply with the Surveillance Commissioners ‘Surveillance camera code of practice’ for all CCTV usage. If you have any privacy related concerns about our use of CCTV please contact us by email at enquiries@2812.co.uk, or by post to 2812, 2 Market Place Honley HD9 6NY

 

10.1 Visiting our Salon

Our premises are not currently monitored by CCTV but in the event, we install CCTV in the future, your image may be captured whenever you enter our site boundary. Where the CCTV is located on our premises but near a public space, it may also record these images.

If in the future we decide to install CCTV, there will be signs to show you when you are entering an area monitored by CCTV. CCTV Images will be stored in line with our data retention rules.

 

11. What to expect when contacting us

 

11.1 Contacting us by telephone

When you contact us by telephone, your telephone number may be added to our records so that we can contact you in future.

 

11.2 Contacting us by post

When we receive post, your personnel information may be added to our records for the purposes of contacting you in the future or to process you query. The hard copy versions are destroyed using a confidential paper shredding and recycling facility.

 

11.3 Emailing us

If you email us, we’ll respond to you using the email address you give us. We may add your email address to your account and use it for future communications, but only in line with the relevant legal basis (see Section 6).

Please note that email isn’t considered to be a secure communication method. If you’ve any concerns over the security of your information in transit, please raise this with a 2812 staff member who will suggest alternative methods of contact.

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with salon policy. Emails are stored for as long as we may deem it necessary to do so.

 

11.4 Contacting us via social media

We strongly advise not to post your personal contact or other sensitive information on a public social media site. If you contact us using social media to report an issue, we’ll ask you to private message us to gather suitable information. We may suggest an alternative contact method if we think this is more appropriate.

Details of Instagram’s Data policy can be found at:

https://help.instagram.com/519522125107875

 

11.5 Making a complaint

If you make a complaint to us enquiries@2812.co.uk [If it is a data request please see Section 2]. We may need to share details about your complaint internally to fully investigate.

If the complaint relates to a service provided by a third party, we’ll share information with them to resolve your complaint.  If you don’t want information identifying you to be disclosed, we’ll try not to disclose this. However, it may not be possible to handle a complaint on an anonymous basis.

We’ll only use the personal information we collect to process the complaint and to check on the level of service we provide.

 

12. Changes to this Notice

 

This Notice will be updated regularly as required to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 2018.

 

The most up to date version will be published on our website at www.2812.co.uk.

 

[This Notice is dated 19 June 2018]