This privacy notice provides you with details of how Triple N Salon (hereafter TNS) collects and processes your personal data. Niki Nikolova is the data controller and is responsible for your personal data.
My contact details are:
Name: Niki Nikolova, at Triple N Salon
Email address: firstname.lastname@example.org
If you are not happy with any aspect of how I collect and use your data, you have the right to complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.
It is important that the information I hold about you is accurate and up to date. Please let me know at any time if your personal information changes by emailing email@example.com
2. What data does TNS collect about you
Personal data means any information capable of identifying an individual; this does not include anonymous data.
At the time of booking your appointment, I will take your name and a contact telephone number or other means of contact.
At your initial appointment, I may ask for your name, date of birth, address, telephone number and email address. I may also ask for your emergency contact and their telephone number, as well as relevant medical information which may impact on the treatments I provide, and the GP you are registered to along with their surgery contact details. This information will be entered onto a client consultation card which I may ask you to sign, to confirm that it is correct.
At the end of your appointment I may record the date, your treatment (along with the colours & effects you have selected) and price paid on your treatment record card. I may also ask you to sign this to confirm that you are happy with the treatment you have received and that you have received the relevant and appropriate aftercare advice.
For each client attending an appointment on or after 25th May 2018, I may ask you to sign a one-time privacy agreement, which will be stored with your client consultation card & treatment record(s). You may ask to see this agreement again at any time.
Any purchase of products from TNS will also be recorded, with the date, your name, the product purchased and price paid.
The above information will also be stored in an electronic format on a password-protected Triple N Salon account.
3. How does TNS collect your personal data
I collect data about you through a variety of methods, including:
~ Direct interaction
You may provide data by filling in the above forms, and by communicating with me by post, telephone, email, social media accounts or otherwise, including when you:
– book an appointment
– order a product or service
– request resources (e.g price list) be sent to you
– enter a competition, prize draw, giveaway, promotion, survey or poll
– leave me a review or provide other feedback
~ Third parties or publicly available sources
I may receive personal data about you from various sources such as:
– advertising networks such as Facebook based outside the EU
– analytics providers such as Google based outside the EU
4. How does TNS use your personal data
I do not use the personal information you provide for anything other than to contact you regarding your appointment, or for matters relating to your nails and the treatments and products I provide.
I will only use your personal data when legally permitted. The most common uses of your personal data are:
– Where I need to comply with a legal or regulatory obligation; or
– Where I need to perform the contract between us; or
– Where it is necessary for TNS’s legitimate interests (or those of a third party); and
your interests and fundamental rights do not override those interests
Generally, I do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing me at firstname.lastname@example.org
I may process your personal data for more than one lawful ground, depending on the specific purpose for which I am using your data. Please email me at email@example.com if you need details about the specific legal ground(s) I am relying on to process your personal data.
You may receive marketing communications from me if you have provided me with your details when:
Attending an appointment; or
Enquiring about my services; or
Entering a competition, prize draw, giveaway or promotion; or
Voting in a survey or poll; or
Following a TNS account on social media;
Purchasing a product from TNS; and
in each case you have not opted out of receiving that marketing.
You may request that TNS stops sending you marketing communication at any time by emailing me at firstname.lastname@example.org. If you opt out of receiving marketing communication, this will not apply to personal data provided to me as a result of treatments received.
I will not share your personal data with any third party for marketing purposes unless I have obtained your express opt-in consent.
I will only use your personal data for the purposes for which it was collected, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email me at email@example.com. I may process your personal data without your knowledge or consent where this is required or permitted by law.
5. Disclosure of your personal data
I may have to share your personal data with the parties set out below for the purposes set out above:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. I will only allow such third parties to process your personal data for specified purposes and in accordance with my instructions.
6. Data security
I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I will limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on my instructions and they are subject to a duty of confidentiality.
I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.
7. Data retention
I am required to keep such information for legal and insurance purposes. will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements. All records are kept for a period of 7 years from the most recent appointment, after which the record will be securely destroyed.
In some circumstances I may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case I may use this information indefinitely without further notice to you.
8. Your legal rights
You have a right to view the information I keep which relates to you, and you may also request that this information is changed, corrected or securely destroyed.
You may request that once I have your details written on a record card that I delete any previous message(s) sent to my mobile, firstname.lastname@example.org or TNS social media accounts which contain your personal information.
Please note that if you request that I erase or destroy your personal data entirely I will no longer be able to carry out treatments for you.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email me at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.
I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request, in order to speed up my response.
I will try to respond to all legitimate requests within 28 days. Occasionally it may take me longer than this time if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.