Salon Guru are committed to safeguarding the privacy of our website visitors, clients and service users. Including, without exception clients sites and services. This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. Our systems incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
In this policy:
- "we", "us" and "our" refer to Salon Guru LTD.
- "systems", "servers" refer to the physical machines containing or processing data.
- "infrastructure" refer to our system as a whole. In other words our collection of servers and related equipment and storage directly controlled by us.
- "website" and "websites" refers to the website salonguru.net and ANY website that resides within our infrastructure.
- "client" refers to Salon Guru's direct client. For example: Voodou Hairdressing is a direct client.
- "GDPR" means General Data Protection Regulation
- "DPA" means Data Protection Act
- "ICO" means Information Commissioners Office
Our Data Protection Officer is: Phil Evans (firstname.lastname@example.org)
2. Data Security
Our system are located in a secure Amazon Web Services facility in Dublin, Ireland. Data is stored in accordance with GDPR (Inc: compatible UK regulations) and direct access to the infrastructure is strictly limited. Central administration of all systems data takes place in the UK but can be accessed from various places, via the internet from countries including Spain, Italy, United Kingdom, Australia and USA. All traffic that transverses in-and-out of our systems is fully encrypted. All services are secured via HTTPS, this includes (but not limited to): Web traffic, Emails and backend server access. In short, our systems do not respond to unsecured traffic and actively attempts to upgrade any unsecured traffic to HTTPS.
Backups of our primary systems are taken daily and stored for at least 21 days.
The lead supervisory authority is the Information Commissioners Office (ICO) in the United Kingdom: https://ico.org.uk/
3. Personal Security Breach Procedure
Inline with GDPR our advanced systems include software that actively detects data breaches. In the event of a personal data breach, we will notify the ICO. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify those concerned directly in accordance with the GDPR.
If we feel further attacks are possible or ongoing we reserve the right to shutdown systems, services and websites as far as we see appropriate to contain the security threat. We may consult with third party security experts at any time who may request access to our infastructure.
4. Types of data held
Salon Guru collate and collect a wide variety of data which relates to it's primary role as a Web Host and Online Marketing Specalist. To clarify the word collect, this means with the use of a form on a website. A customer/client enters the details manually themselves for a purpose stated at the time.
Data that can be collected by our systems includes (but not limited to):
- Names, Addresses, Telephone Number, Email Addresses
- Order Information, Shipping addresses, personal messages, delivery data, payment processing data
- Data obtained using website tracking software such as Google Anlaytics, Facebook Pixels and Clicky - this data is non identifiable
- Marketing data - IE: Newsletter Signup forms
- Usernames and passwords for the purposes of Sign in - either to manage a service or access an order
Our infrastructure DOES NOT directly collect or store credit or debit card details and our websites do not directly process financial transactions. Financial processing is completed by third parties such as Paypal. We abide by their security as applicable by their terms and conditions and UK Law.
Data that we collect and store for the purposes of managing our client accounts. This data is not collected via our systems but by our staff:
- Credit or Debit Card Details
- Bank details (sort code / account numbers)
- Confidential company information
4. How your data is used
Personal data is not used for any other purpose than for what it was intended. Intention is implied at the point where the data is entered. This means that if an address was entered to process an order, it will not be used for any other purpose other than to administer that order. Data is held by Salon Guru's infrastructure on behalf of our clients. This means that data is accessible by the client of who's website and/or service it is.
Marketing data supplied via a newsletter signup form (for example) will be used for all marketing purposes for a given client until a request is received by the individual. A request can come viaany source however, opt-outs will always be provided so that individuals may remove themselves from a mailing list with immediate effect.
Data from one clients' website is never transferred to another. In other words we do not sell or use data outside of the scope it was intended. Data is held until Salon Guru receives a request from the individual or client to remove it.
5. Individuals' Rights & Third Party Access Requests
We comply fully with the GDPR at DPA regulations and therefore we will respond to all requests that cover individuals' rights.
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and the right not to be subject to automated decision-making including profiling.
Information will be provided, altered or deleted free of charge on request. However, we reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if we feel it is repetitive.
Third Party Subject Access Requests. We take individuals' privacy very seriously. Demands from a third party company or legal authority requesting data about an individual to be supplied will only be honoured if the acting authority presents a relevant court order.
None of the cookies we use collect your personal information and they can’t be used to identify you. The length of time a cookie stays on your device depends on its type. We use two types of cookies on our websites.
5.1 Types Of Cookie
- Session cookies
These are temporary cookies which only exist during the time you use the website (or more strictly, until you close the browser after using the website). Session cookies help our websites remember what you chose on the previous page, avoiding the need to re-enter information.
- Persistent cookies
These stay on your device after you’ve visited our website. For example, if you tick the 'Remember Me' box when you login to check an order, a persistent cookie will be used so that the website remembers your choice the next time you use it. We also use session persistent cookies within our online shops to determine if you have added any products to your shopping basket. Persistent cookies help us identify you as a unique visitor, determine if you are logged in but don’t contain information that could be used to identify you to another person.
- Analytics Cookies
These monitor how visitors move around the Website and how they reached it. This is used so that we can see total (not individual) figures on which types of content users enjoy most, for instance. Most commonly we use:
5.2 Control Cookies in your browser
These links explain how you can control cookies via your browser – remember that if you turn off cookies in your browser then these settings apply to all websites not just this one:
- Internet Explorer: https://support.microsoft.com/kb/278835 (this page links to further information for different versions of IE – https://support.microsoft.com/en-gb/help/17479/windows-internet-explorer-11-change-security-privacy-settings ).
- Chrome: //support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac (or https://support.apple.com/en-gb/HT201265 for mobile versions, iOS)
- Firefox: https://support.mozilla.org/en-US/kb/Enabling%20and%20disabling%20cookies
- Blackberries: https://docs.blackberry.com/en/smartphone_users/deliverables/32004/Turn_off_cookies_in_the_browser_60_1072866_11.jsp
- Android: //support.google.com/mobile/bin/answer.py?hl=en&answer=169022
- Opera: https://www.opera.com/browser/tutorials/security/privacy/