ISSUE 1 | MARCH 2019
Who we are
We are London’s leading pop-up nail bar, specialising in providing nail and wellbeing treatments at our client’s offices and events. Our discreet and stylish branding and compact set up is easily accommodated into any space. Our people are highly trained and friendly professionals who have mastered how to deliver our luxury treatments efficiently, without cutting any corners. We pride ourselves on using the best products in the business.
The information we collect
Collection of personal information
We will use your personal and non-personal information only for the purposes for which it was collected or agreed with you, for example:
· To carry out our obligations arising from any agreement entered into between you and us;
· To notify you about changes to our service and forthcoming pop-ups;
· For the detection and prevention of fraud, crime, or other malpractice;
· To conduct market or customer satisfaction research or for statistical analysis;
· For audit and record keeping purposes;
· We will also use your personal information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law;
· Collect information about the device you are using to view the Pamper Puff website, such as your IP address or the type of internet browser or operating system you are using;
· To respond to your queries or comments.
Depending upon the nature of our relationship with you, we may collect different information and these differences are outlined below.
We collect and process your personal information mainly to provide you with access to our services, to help us improve our offerings to you and for certain other purposes explained below. We do not knowingly set out to collect personal data, it is only provided to us by you or by organisations working on your behalf by contacting us via our website, www.pamperpuff.com, by phone or by email. Once collected, this data is used to deliver the service and to respond to you, answer any questions you have. We do not collect sensitive data – financial, health or information about children. This does however include name, phone number, email, etc. We collect and process the following information relating to our customers:
· Information collected includes information provided at the time of making bookings for our services or for any other reason if you need to make a complaint or report a problem with our site or our app. Examples of information we collect from you are names, email address and telephone number and this is done at the point of contracting with Pamper Puff;
· If you contact us, we may keep a record of that correspondence;
· We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
· Additionally, we may collect non-personal information such as geographical location. This is collected as part of the services we provide and are not held for any other purpose. You cannot be identified from this information and it is only used to assist us in providing an effective service.
We will collect information relevant to our legal obligations as an employer and as part of our contractual obligations and may include your name, phone number, address and email, in addition to NI number, UTR and bank details.
We will collect information relevant to our status as a customer of yours and may include your name, phone number and email, in addition to address, bank account details and information relating to the services and products you provide us.
Why we need it
We need to know your personal data in order to reply to you and provide you with services. We will not collect any personal data from you which we do not need to provide and oversee this service to you. The lawful basis for processing data identified by Pamper Puff includes:
· Legal obligations (for example, as an employer or as part of obligations with regards to HMRC);
· Performance of a contract (especially with regards to our customers and our suppliers);
· Legitimate interest (such as when we ask for your feedback or advice on how to continually improve).
What we do with it
The personal data we process is processed and hosted in the UK, EEA and on some occasions, in the US and abroad. The necessary arrangements for all non-EEA transfers have been reviewed and found to be adequate. Third parties will have access to your personal data only when they are under contract with the relevant data processing agreements and arrangements in place and any processing is only in line with the services these third parties are contracted to do so in order for Pamper Puff to function as a business. Where a third party organisation may process the data we provide to them outside of the UK or EEA, we have made sure that this is done either with processors working under registration with the EU-US PrivacyShield or using binding corporate rules or standard contractual clauses. These third parties include:
· Data will be disclosed to personnel within Pamper Puff as required to complete the service requested;
· Auditors, consultants and specialist service providers for the purposes of ensuring Pamper Puff operates legally and safely. These include system hosting and IT services providers, critical to the infrastructure of our organisation;
· Pamper Puff personnel so as they can assist with the delivery of the service requested or to respond to any contact from customers;
· Our suppliers whereby we use their online platforms to manage bookings and payments.
· Data will be disclosed to other personnel within Pamper Puff as they can be assisted in the completion of the service purchased by the customer;
· Auditors, consultants and specialist service providers for the purposes of ensuring Pamper Puff operate legally and safely. These include system hosting and IT services providers, critical to the infrastructure of our organisation;
· Our suppliers whereby we use their online platforms to manage bookings and payments.
· Auditors, consultants and specialist service providers for the purposes of ensuring Pamper Puff operate legally and safely. These include system hosting and IT services providers, critical to the infrastructure of our website;
· Pamper Puff personnel so as they can assist with the delivery of the service requested or to respond to any contact from customers.
If there is a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce or apply our terms and conditions of supply and/or any other agreements; or to protect the rights, property, or safety of Pamper Puff, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
How long we keep it
Customer personal data will be retained for no more than three years following the completion of each contract, unless you exercise your rights highlighted below. Personnel related and financial data will be retained for six years from the end of their contract with Pamper Puff. Of course we will look to retain records for no longer than is necessary.
What we would also like to do with it
We do not collect personal data for marketing purposes. We use most of the personal data we gather to coordinate bookings, process payments and to keep you informed of any forthcoming opportunities to visit a Pamper Puff pop-up nail bar. We will not record any personal data that may be used by cookies in order for this website to interact with you.
What are your Data Subject Access Rights?
You have the right for the following:
1. The right to be informed – data subjects must be aware of what personal data we have about them and what we are doing with it;
2. The right of access – data subjects can request we provide them the personal data we have about them;
3. The right to rectification – Data subjects can have their personal data rectified if it is inaccurate or incomplete;
4. The right to erasure (or the ‘right to be forgotten’) – Data subjects have the right for their data to be erased where the personal data is no longer necessary in relation to the purpose for which it was collected/processed, if consent is withdrawn or there are no overriding legitimate interest to continue processing;
5. The right to restrict processing – Data subjects have the right to restrict the processing of personal data where they have contested its accuracy, where they have objected to the processing and we are considering whether we have a legitimate ground which overrides this and where processing is unlawful;
6. The right to data portability – The right to data portability allows data subjects to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability;
7. The right to object – Data subjects have the right to object to processing based on legitimate interests including profiling and direct marketing;
8. Rights relating to automated decision making and profiling – Data subjects have the right not to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on the individual.
If at any point you believe the information we process on you is incorrect, you may request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Lead who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can bring your complaint to the Information Commissioner’s Office by calling 0303 123 1113 or in writing by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, United Kingdom, SK9 5AF.
Our Data Protection Lead is Rosie McCaughey and you can contact her at firstname.lastname@example.org, 07856055535 or in writing at 38 Bevin Court Cruikshank Street, London, WC1X 9HA, United Kingdom.