The following privacy notice outlines how doodas collects, uses, protects and transfers your personal data. Doodas is a salon that provides services including Hair cutting. Colouring. Hair-extensions and various beauty services in Maidstone salon .
The data protection officer/data owner for the organisation is Jeremy Hawkins/David Worthy. You can contact the data protection officer/data owner by sending an email to firstname.lastname@example.org or writing to GDPR, attn. Jeremy Hawkins/David Worthy 72, Bank St, Maidstone , Kent ME14 1SN.
Personal data collected
The personal data that we collect is:
- Home address
- Email Address
- Date of Birth
- Phone numbers
- Health information
Purpose and Legal Basis for Processing Your Data
Doodas takes your privacy seriously and we will never sell or rent your personal data to any third-party. Sharing of your data and direct marketing activities are only carried out with your express consent, which you are free to withdraw at any time.
We need to obtain and process your personal data to provide you with our products, services and treatments and to fulfil our business and legal obligations. We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice.
Where we request sensitive personal data from you (i.e. health or medical data), the reason(s) for the request will be clearly given along with the purposes of the processing. Explicit consent through a signature will always be required for us to obtain and process your health information.
Who is processing my data?
Doodas, 37 St Peters st Canterbury, 4 Boughton Parade Loose and 72 Bank st Maidstone are the data controllers and processes your personal information for the purposes laid out in this privacy notice. Phorest, Anglesea Mills, 9 Anglesea Row, Smithfield, Dublin 7, D07 W5NE, Ireland, acts as data processor on behalf of Doodas and have access to personal information only in cases that customer support or troubleshooting is required by Doodas. Further, they must process the personal information in accordance with this Privacy Notice and as permitted by applicable data protection laws.
Your personal data is processed to:
- Collect specific personal data (name, address, email, contact number, DOB) that is required to enter into a contract to sell a product or service.
- Engage in communication with you including confirmation and reminders of appointments, purchased online vouchers, and requests to cancel or change bookings.
- Collect Health information to perform the agreed services appropriately, and potentially highlight areas that products and services may cause issues to clients because of their health.
- Ensure a safe service and provide industry standard advice.
- Select relevant offers, promotions and information for you.
- Estimate the number of customers we have.
- Hold personal data that is required by law or to respond to legal process.
- Hold for insurance purposes.
- Store customer records.
Your rights as the individual
If your personal data is held by Doodas you hold particular rights over it.
Where you have provided consent for us to contact you as part of our marketing services, you have the right to modify or withdraw your consent at any time by using the unsubscribe option accompanied with all of our direct marketing or by contacting the Doodas Data Officer.
You also have the right:
- To be informed of how your personal data will be used before it is collected.
- To access your personal data and to have information on how your information is used after it has been gathered.
- To have personal data corrected if it is incomplete, inaccurate or out-of-date.
- To request the removal or deletion of personal data where there is no compelling reason for its continued processing.
- To restrict processing, to ‘block’ processing of your personal data.
- To restrict data portability, having your data moved, copied or transferred from Doodas to another organisation in an easily readable format.
- To object to direct marketing from us.
Special categories of personal data collected
Health questions are asked in many of our consent forms to potentially highlight treatments that may have a negative effect on your health due to medication you are taking or a condition you have. Doodas asks for consent prior to gathering and processing this information. At any time after giving consent, you can withdraw you consent, subject to legal, insurance and contractual restrictions (see more on ‘your rights as an individual’). Your privacy is very important to us and we only use this information for determining your suitability for the treatment.
Process of collection
Your personal data is collected when you provide it to us through Phorest software, our website, over the phone, in salons, by email, social media, in writing or any other means by which you provide it to us. Information is stored using the Phorest software platform as well as some level of paper record keeping.
Doodas gives you access to information about your account and bookings through Phorest software, for the limited purpose of viewing and updating that information.
Doodas does not collect the personal data of children under the age of 16 without parental or guardian consent. If you believe that we hold any information from or about a child under age 16, please contact Doodas and if we cannot immediately obtain appropriate parental or guardian consent, will remove the personal data from storage.
Your personal data is shared only with Phorest representatives in cases that customer support and troubleshooting is required for the salon. Doodas do not share your personal information with any third-party without your prior consent, other than those already disclosed in this privacy notice or as part of our legal obligations under the relevant data protection laws.
Use of Data Processors
Data processors are third parties who provide some elements of our business services for us. Where we use a third-party, we have strict agreements in place governing the processing of your personal data, on which no action can be taken without instruction from us. The third-parties with whom we work will never share or disclose your personal information and will hold it securely at all times.
Here is a link to their Privacy Notice. https://www.phorest.com/privacy-notice
How Long Do We Keep Your Data?
Doodas retains your personal data for as long as necessary to provide you with our services as our client. Doodas are required under tax laws to keep your personal data for a minimum of 7 years. Health and Safety records will be retained for 10 years and where we have your consent for marketing purposes, we will retain the minimum required data until you notify us that you no longer wish to receive such information.
The criteria for which we would continue to process your personal information includes:
- Where there is a legal basis, obligation or legitimate interest to continuing processing your personal information
- Where processing is necessary for the establishment, exercise or defence of legal claims
Transfers of personal information
When your personal data is processed through Phorest software, all of it is held within the EU. Your information is processed by the Phorest software and stored in the Amazon Web Services cloud. During this process your data is encrypted in transit and at rest.
Consequences of not providing your personal information to Doodas.
In the event that you want to purchase a product or service from Doodas, certain personal information is required to enter into a contract with you.
Doodas will not be able to enter into a contract with you to fulfil an attempt to purchase a product or service if you do not provide your personal information.
As noted in this privacy statement, we are processing your personal data to comply with legal and statutory obligations and in the performance of a contract. You can always choose not to provide personal information; however, we will be unable to provide certain products, services and treatments in these instances.
Safeguarding your Personal Data
Appropriate measures are taken to protect your personal data from access from unauthorized persons or inappropriate access, internal or external. Your connection to the Phorest system uses a HTTP Secure communication protocol and TLS security. This means all information passed to the Phorest system is encrypted during data input and transfer to the cloud. Any paper files recording your personal data are held in a locked filing cabinet or safe which can only be accessed by authorised personnel in the salon. Employees are only assigned specific access rights and can only access the salon software with the PIN number assigned to them by the management of the salon.
In the occurrence that you want to make a complaint about how your personal data was gathered, how it is being processed by Doodas (or third parties used by Doodas) or you are not satisfied about how a complaint has been handled, you retain the right to lodge a complaint directly with the supervisory authority and Doodas and also the Doodas Data Protection Officer/ GDPR Owner.
Data Protection Supervisory Authority
Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois,
Ireland R32 AP23
+353 (0) 57 8684800
Data Protection Commissioner, Information Commissioner’s Office, Wycliffe House,
Water Lane, Wilmslow, Cheshire, SK9 5AF
+44 (0) 303 123 1113
Data Protection Officer/GDPR Owner
Jeremy Hawkins/David Worthy, GDPR , 72 bank St, Maidstone Kent ME14 1SN