Data Protection Agreement
General Terms & Conditions
This Data Protection Agreement (“DPA”) is an addendum to our Terms & Conditions between Hair at the House LTD (“Hair at the House”) and you (“Customer”). The DPA will be effective and replace any previously applicable data protection and security terms as from 25th May 2018 and will continue for as long as Hair at the House provides the services as set out in the Hair at the House Terms & Conditions.

Definitions

“Customer Data” means data provided by or on behalf of Customer or Customer End Users via the Services under the Terms & Conditions.

“Data Controller” means the entity that determines the purpose and means of the processing of Personal Data.

“Data Processor” means the entity that processes Personal Data on behalf of the Data Controller.

“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including GDPR.

“EEA” means the European Economic Area

“GDPR” means EU General Data Protection Regulation 2016/679.

“Health Information” means information relating to your current physical health in order to provide services and treatments.

“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under GDPR.

“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

“Sub-Processor” means any third party authorised under the DPS to have logical access to and process Customer Data to provide parts of the Services.

“Services” means any product or service provided to Customer and as described in Hair at the House Terms & Conditions.

“Site” means the website “www.hairatthehouse.co.uk”, “www.hairatthehouse.uk” and “www.hairatthehouse.com” and any sub-domain level addresses of these.

“The Instruction” means information issued by you as an instruction to be carried out.

The Company

Hair at the House is a trading name of Hair at the House LTD, a registered company in England & Wales, No.: 09918507. Our registered address is 13a Oving Road, Chichester, West Sussex, England, PO19 7EG and phone number is 01243 527 610. For general enquiries please contact hello@hairatthehouse.co.uk.

Hair at the House is a salon that provides a range of services in their respective industry of Hairdressing and Hairstyling. Hair at the House are committed to protecting and respecting your personal data in compliance with applicable data protection laws, in particular the General Data Protection Regulation (Legislation EU/UK:2016/679).

Data Processing

Hair at the House will collect information about you when you book an appointment for a service or treatment, visit the salon, buy a product or make an application for employment, whether contact is online, on paper, by email or over the phone. Hair at the House need to obtain and process your personal data to provide you with our products, services and treatments and to fulfil our business and legal obligations. Hair at the House will never collection any personal information from you that Hair at the House do not need or retain any data that is no longer necessary for the purposes specified in this notice.

The information you give us may include your name, address, email address, phone number, relevant history which may suggest that a service or treatment should not go ahead or certain products should not be used (e.g. allergies, pregnancy, skin conditions), payment and transaction information, IP address and CVs.

For clients under the age of 16, Hair at the House will only keep and use their personal information with the consent of a parent, carer or guardian.

Customer Data is processed to:
  1. Collect specific personal data (name, address, email, contact number, date of birth) that is required to enter into a contract to sell a product or service;
  2. Engage in communication with you including confirmation and remainders of appointments, and request to cancel or change bookings;
  3. Collect Health Information to perform the agree services appropriately, and potentially highlight areas that products and services may cause issues to clients because of their health;
  4. Ensure a safe service and provide industry standard advice;
  5. Select relevant offers, promotions and information for you;
  6. Estimate the number of customers we have;
  7. Hold personal data that is required by law or to respond to legal process;
  8. Hold for insurance purposes;
  9. Store customer records.
In relation to job applications, once these have been reviewed the individual is either contacted for an interview or the application is kept for a period of 6 months in case a position becomes available and is then securely destroyed after this date.

Confidentiality

Hair at the House shall treat all Customer Data as strictly confidential information. Customer Data may not be copied, transferred or otherwise processed in conflict with the instruction from Customer unless required by law.

Hair at the House employees shall be subject to an obligation of confidentiality that ensures that the employees shall treat all Customer Data under this DPA with strict confidentiality and only process Customer Data in accordance with the Instruction.

Data is processed by Hair at the House LTD of 13a Oving Road, Chichester, West Sussex, England, PO19 7EG. Hair at the House LTD are the data controller and processes your personal information for the purposes laid out in this notice. The PixalPoint Company acts as a data processor on behalf of Hair at the House LTD and have access to personal information only in cases that customer support or troubleshooting is required by Hair at the House. Further, they must process the personal information in accordance with this notice and as permitted by applicable data protection laws.

Sub-Processing

Customer authorises Hair at the House to engage third-parties to process Customer Data (“Sub-Processors”) without obtaining any further written, specific authorisation. Hair at the House will restrict Sub-Processor access to Customer Data to what is necessary to provide the Services.

Hair at the House shall complete a written agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable under this DPA. It remains accountable for any Sub-Processor in the same way as for its own actions and omissions.

Security

Hair at the House will take appropriate measures to protect Customer Data against accidental or unlawful destruction, loss, alteration or unauthorised disclosure, in accordance with GDPR, article 32. Your connection to the Hair at the House Site uses a Hyper Text Transfer Protocol Secure with Transport Layer Security. This means all information passed to the Hair at the House Site is encrypted during data input and transfer to the cloud. Any paper files recording your personal data are held in a securely locked storage which can only be accessed by authorised personnel in the salon.

Data Subject Rights

If your Personal Data is held by Hair at the House you hold particular rights over it.
Where you have provided consent for us to contact them as part of Hair at the House marketing services, Customer have the right to modify or withdraw your consent at any time by contacting Hair at the House at hello@hairatthehouse.co.uk or by telephoning 01243 527 610.

You also have the right:
  1. To be informed of how your personal data will be used before it is collected.
  2. To access your personal data and to information on how your information is used after is has been gathered.
  3. To have personal data corrected if it is incomplete, inaccurate or out-of-date.
  4. To request the removal or deletion of personal data where there is no compelling reason for its continued processing.
  5. To restrict processing, to ‘block’ processing of your personal data.
  6. To data portability, having your data moved, copied or transferred from Hair at the House to another organisation in an easily readable format.
  7. To object to direct marketing from us.
Special Data

Some information we ask for is required for us to provide you with the best service possible. We also ask for some information so we can communicate our news, events and offers with you.

We make a record of any allergies and skin test results as we are legally required to by both our professional federation and our contractual agreements with our product manufacturers, so this is carried out on a lawful basis of our contractual obligations. We also ask for your explicit consent to store this information for 12 months, as it is sensitive information.

We ask for your date of birth to send birthday well wishes as well as there being some services which we can’t offer to under 16’s, so we process this data on the basis of our legal obligations. For clients that are under 16, we will collect minimal data and always ask for parental consent to store it.

Communication

Occasionally we may need to contact you about an upcoming appointment. For example, to make you aware of your Stylist being unwell or an issue beyond our control that requires the appointment to be rescheduled. We will always ask for your preferred of contact on these occasions, and you are free to change this at any time, but it is our legitimate business interest to process your data so we are able to contact you.

We collect your mobile number so that we can send you appointment reminders via text message and do this on the basis of legitimate interest as they dramatically reduce ‘no-show’ appointments as well as a reminder for clients who may have misplaced their appointment time. You are able to request us to stop sending these text reminders at any time.

We like to keep you up to date with our blog, news, offers and events via email and/or post. We will ask for your consent to do this and are able to withdraw your consent at any time.

Limitation of Liability

The total liability of each part under this addendum shall be subject to the limitation of liability as set out in PixalPoint Terms & Conditions. For the avoidance of doubt, in no instance will PixalPoint be liable for any losses or damages suffered by Customer where Customer is using Services in violation of its Terms & Conditions, regardless of whether it terminates or suspend an account due to such violation.

Accessing Data

You are able to view the data we hold on you at any time by contacting Hair at the House on 01243 527 610 or hello@hairatthehouse.co.uk.

We are committed to ensuring the accuracy of your information and regularly check the details we have are correct. If you change any of the details that we hold, please notify us either in salon, by phone on 01243 527 610 or by email at hello@hairatthehouse.co.uk.