Privacy Notice - For general users and clients

Introduction

Sabio Hair & Beauty Ltd takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact: privacy@sabiohairandbeauty.co.uk

1. What information do we collect?

We obtain and process personal data about you when you interact with us and our products and when you purchase goods and services from us. The personal data we process includes:

2. How do we use this information and what is the legal basis for this use?

We process the personal data listed in paragraph 1 above for the following purposes:

We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.

3. How do we ensure the security of your personal data?

We have appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents and other third parties who have a business need to use your data. They will only your personal data on our instructions and are subject to a duty of confidentially.

Our online systems have security measures in place to help protect against the loss or misuse of any data under our control.

When the websites are accessed by users, data traffic is encrypted using up-to-date secure socket layer (SSL) technology so that it can only be accessed by the end user.

All sensitive information on the website, such as passwords, are encrypted by a proprietary encryption system. All personal data can only be accessed by the relevant end users by way of unique usernames and passwords that must be entered when a user logs in to the systems.

We are PCI DSS (Payment Card Information Data Security Standard) compliant. Credit card information is never stored on our systems and is only used to authorise the specific transaction through our card payment authority (Lloyds Merchant Services) and then removed. Under no circumstances will your credit card information be passed to any other third party.

4. With whom and where will we share your personal data?

We only share your personal data with third party agents who have a business need to use your data. We do not share your personal data with any third parties for marketing purposes.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.

In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.

5. How long will you keep my personal data?

We will keep your personal information for as long as you are a customer of Sabio. Thereafter we may keep your data for up to 7 years to enable us to respond to any questions or complaints and to maintain records where we are required to do so. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

In the case of any contact you may have with our salon we will retain those details for as long as is necessary to resolve your query and for 12 months after the query is closed.

In some instances, laws may require us to hold certain information for specific periods other than those listed above.

6. Where is my data stored?

Personal data obtained from you whilst attending the salon 'physical data' shall be securely stored in a security cupboard.

All personal data held electronically is stored on a secure set of servers hosted by our hosting provider. The servers reside in the United Kingdom. Data is frequently backed up and stored in the provider's backup / disaster recovery facility, which is also in the UK.

This is in a secure server hosting facility with the necessary environmental, physical and technical controls in place to ensure unapproved access is prevented

Destruction of physical data

Our employees are trained to destroy all personal data securely. We use a local shredding company to have all paperwork containing personal data securely shredded. Certificates are provided to confirm secure shredding.

7. What are my rights in relation to my personal data?

You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the `unsubscribe? / `opt out? button on any communication we have sent to you or by contacting us.

Where you have consented to us using your personal data, you can withdraw that consent at any time.

If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.

You also have the right to ask us to provide a copy of any personal data we hold about you.

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations.

9. Where can I find more information about Sabio's handling of my data?

Should you have any queries regarding this Privacy Notice, about Sabio?s processing of your personal data or wish to exercise your rights you can contact Sabio?s Privacy Team using this email address: privacy@sabiohairandbeauty.co.uk . If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk