PRIVACY POLICY

 

Nailtan Privacy Policy

 

The following privacy policy outlines how Nailtan collects, uses, protects and transfers your personal data. Nailtan is a mobile nail, tan & brow service provider.

 

This privacy policy applies to all users of Nailtan services. By using any of Nailtan’ services, you consent to the terms of the privacy policy.

 

We may update or change this policy from time to time. Any changes we make to this privacy policy in the future will be posted on this page and, where appropriate, we will notify you through an appropriate method (for example, via a pop-up notice or email). Please review this privacy policy whenever you access the services to stay informed of our practices.

 

The data protection officer/data owner for the organisation is Gabi Brown. You can contact the data protection officer/data owner by sending an email to hello@nailtan.co.uk

 

Personal data collected & processed

 

The personal data that we collect via our online contact form, found at www.nailtan.co.uk  includes:

 

• Name

• Email Address

 

This information is collected so we can engage in communication with you including enquiry follow-up, confirmation and reminders of appointments, and requests to cancel or change bookings.

 

If you go on to book an appointment with Nailtan, we collect the following mandatory personal health data via our client consultation form, including but not limited to:

 

• Allergies

• Medical conditions you may suffer from

 

This information is collected to ensure we perform the agreed services appropriately, and potentially highlight areas that products and services may cause issues to clients because of their health. It is also to ensure a safe service and to ensure we comply with our health and safety guidelines and industry standards and requirements.

 

We also collect personal data relating to your service preferences, including:

 

• Nail shape, nail length, nail style

• Nail service

• Expectations from our services

 

This information is collected to enable us to provide you with a personalised service. By using this information, we are in a better position to provide you with the exact service required. We can tailor our product and service recommendations based on your preferences. This data is optional but allows us to provide the highest level of customer service.

 

We also process data for the following reasons:

 

• Hold personal data that is required by law or to respond to legal process

• Hold for insurance purposes

• Store customer records

• Select relevant offers, promotions and information for you (you can choose to opt-in to these, and opt-out at any time)

 

COVID-19 Screening Questionnaire & NHS Test and Trace

 

From the 13th July 2020, we will be asking all clients to complete a mandatory COVID-19 Screening Questionnaire. This is for the safety of our clients and Nailtan. This information, along with the date of your appointment will be kept for 21 days, to assist with NHS Test and Trace,

 

Purpose and Legal Basis for Processing Your Data

 

Nailtan takes your privacy seriously and we will never sell or rent your personal data to any third-party. Sharing of your data and direct marketing activities are only carried out with your express consent, which you are free to withdraw at any time.

 

We need to obtain and process your personal data to provide you with our products, services and treatments and to fulfil our business and legal obligations.

 

We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice.

 

Where we request sensitive personal data from you (i.e. health or medical data), the reason(s) for the request will be clearly given along with the purposes of the processing. Explicit consent will always be required for us to obtain and process your health information.

 

Your rights as the individual

 

Where you have provided consent for us to contact you as part of our marketing services, you have the right to modify or withdraw your consent at any time by using the unsubscribe option accompanied with all of our direct marketing or by contacting the Nailtan Data Officer.

 

You also have the right:

 

• To be informed of how your personal data will be used before it is collected

• To access your personal data after it has been gathered

• To have personal data corrected if it is incomplete, inaccurate or out-of-date

• To request the removal or deletion of personal data where there is no compelling reason for its continued processing

• To restrict processing, to ‘block’ processing of your personal data

• To restrict data portability, having your data moved, copied or transferred from Nailtan to another organisation in an easily readable format

• To object to direct marketing from us

 

Special categories of personal data collected

 

Health questions are asked in our consultation forms to potentially highlight treatments that may have a negative effect on your health due to medication you are taking or a condition you have. Nailtan asks for consent prior to gathering and processing this information. Your signature (ink or digital) at the end of the consultation form highlights your consent. At any time after giving consent, you can withdraw your consent, subject to legal, insurance and contractual restrictions (see more on ‘your rights as an individual’). Your privacy is very important to us and we only use this information for determining your suitability for the treatment.

 

Process of collection

 

Your personal data is collected when you provide it to us through our website, over the phone, by email, social media, in writing or any other means by which you provide it to us. Information is stored securely using online methods as well as via paper record keeping.


 

Data Sharing

Nailtan does not share your personal information with any third-party without your prior consent, other than those as part of our legal obligations under the relevant data protection laws.

 

How Long Do We Keep Your Data?

 

Nailtan retains your personal data for as long as necessary to provide you with our services as our client. Nailtan are required under tax laws to keep your personal data for a minimum of 7 years. Health and Safety records will be retained for 7 years and where we have your consent for marketing purposes, we will retain the minimum required data until you notify us that you no longer wish to receive such information.

 

The criteria for which we would continue to process your personal information includes:

• Where there is a legal basis, obligation or legitimate interest to continuing

• Processing your personal information

• Where processing is necessary for the establishment, exercise or defence of legal claims

 

Consequences of not providing your personal information to Nailtan

 

In the event that you want to purchase a product or service from Nailtan, certain personal information is required to enter into a contract with you. Nailtan will not be able to enter into a contract with you to fulfil an attempt to purchase a product or service if you do not provide your personal information.

 

As noted in this privacy statement, we are processing your personal data to comply with legal and statutory obligations and in the performance of a contract. You can always choose not to provide personal information; however, we will be unable to provide certain products, services and treatments in these instances.

 

Safeguarding your Personal Data

 

Appropriate measures are taken to protect your personal data from access from unauthorized persons or inappropriate access, internal or external.

 

Complaints

 

In the occurrence that you want to make a complaint about how your personal data was gathered, how it is being processed by Nailtan or you are not satisfied about how a complaint has been handled, you retain the right to lodge a complaint directly with the supervisory authority and Nailtan and also the Nailtan Data Protection Officer/ GDPR Owner. We do hope that you would contact the Nailtan Data Protection Officer in the first instance so we can rectify any issues.

 

Data Protection Supervisory Authority

Data Protection Commissioner, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

+44 (0) 303 123 1113