Company Name: Lookswell Our Website: www.lookswell.co.uk Our Data Protection Officer: Susan Marshall Address for all information requests and enquiries: Lookswell, 19 Front Street, Pelton, Chester le Street, County Durham, DH2 1DD
Our website may contain links to other websites, social media platforms, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
In this policy:
“we”, “us” and “our” refer to The Company “website” refers to our website “user,” “users,” “you” and “your” refer to anyone who visits our website “GDPR” means General Data Protection Regulation “ICO” means Information Commissioners Office “Cookies” are text files placed on your computer to collect standard website user behaviour information.
3. WHAT DATA DO WE COLLECT ABOUT YOU?
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process certain types of personal data about you as follows:
Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
Contact Data may include your billing address, delivery address, email address and telephone numbers.
Financial Data may include your bank account and payment card details.
Transaction Data may include details about payments between us and other details of purchases made by you.
Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us, any third parties and your communication preferences.
4. HOW WE COLLECT YOUR PERSONAL DATA
We collect data about you through a variety of different methods including (but not limited to):
Direct interactions: You may provide data by filling in forms on our website or by communicating with us by post, phone, email or otherwise, including when you:
order our products or services;
claim an offer, promotion or deal;
create an account on our site;
subscribe to our service, newsletter or other publications;
request resources or marketing be sent to you;
enter a competition, prize draw, promotion or survey;
connect with our salon WiFi service via our website, or
leave a review / give us feedback.
Online Booking: We may use salon software provided by a third party to enable you to book your appointments online. The salon software may collect personal information directly from you when you:
Register to use the service;
Use the service;
Post to any related community forum;
Contact the online booking support team; and
Visit the online booking company website.
The information collected may include:
- Your name; - Your contact information such as email addresses and telephone numbers; - Demographic information such as post code, preferences, and interests; - IP address; - Web browser type and version; - Operating system; - A list of URLs you have visited in connection with our website
Automated interactions: As you use our website, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies.
Third parties: We may receive personal data about you from various third parties and public sources. These may include (but are not limited to) Google Analytics and Campaign Monitor.
We will only use personal data for the purpose it was collected and will seek your consent if we need to use it for other purpose.
Financial details will only be used once and will not be stored after use. Financial processing may be completed by a third party such as PayPal. We abide by their security as applicable by their terms and conditions and UK Law.
5. How Do We Use Your Personal Data?
We use your data to provide you with information about our services and to improve the content of our website. Specifically, we may use your data for the following purposes:
To enable us to supply products, services, offers and packages that you have purchased
To reply to emails from you
To send you newsletters that you have opted in to
To personalise and tailor your experience on our website
To comply with a legal or regulatory obligation.
Purposes for Processing Your Personal Data
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are, where relevant.
The purposes for processing your personal data may include:
6. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may have to share your personal data with the following parties for the purposes set out in the table above:
Service providers who provide salon software, website services, IT and system administration, email marketing, and salon WiFi services
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance, payroll and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
Third parties to whom we may sell, transfer, or merge parts of our business or our assets.
NHS for Track and Trace purposes for Covid 19
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Please note: When accessing social media platforms such as (but not limited to) Facebook, Instagram, Twitter, Pinterest, YouTube and LinkedIn, via our website, you may pass on personal data.
7. SAFEGUARDING YOUR PERSONAL INFORMATION
We have taken suitable measures to safeguard and secure data collected. We comply with, and safeguard, your rights under the GDPR (General Data Protection Regulation) at all times.
Other than the parties mentioned under the Disclosures Of Your Personal Data section above, we will not transfer your personal information to a third party unless legally obliged to do so, where we are complying with legal obligations, involved in legal proceedings, a court order or a governmental authority.
We will advise you at the first reasonable opportunity of any security breach in the unlikely event that your personal information is compromised.
8. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
9. YOUR LEGAL RIGHTS
We take individuals’ privacy very seriously. Demands from a third party company or legal authority requesting your personal data will only be honoured if the acting authority presents a relevant court order.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer. We try to respond to all legitimate requests within a timely fashion.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
10. WITHHOLDING YOUR PERSONAL INFORMATION
You can choose not to provide your personal information and you can access our website without providing any personal data:
· Our website contains Opt In options so you can decide whether you wish your personal information to be collected. You do not have to opt in when asked to sign up to a newsletter or for a specific offer on our website.
· You can choose to disable your Cookies.
· You can ask our Data Protection Officer to delete any personal information we hold about you.
However, please be aware that our ability to provide you with the service you require may be seriously restricted if you choose some or all of these options.
11. DATA STORED OUTSIDE THE EUROPEAN ECONOMIC AREA
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Some of our third party service providers may be based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
13. YOUR CONSENT