This Privacy Notice is provided by Johnnyhair London Limited, Company No. 7199188 (the Data Controller), whose registered office is Greenwood House, Skyliner Way, Bury St Edmonds, Suffolk P32 7GY, in order to comply with the relevant Data Protection Law (the details of which are listed at the end of this notice).
Johnnyhair London Limited (referred to as JHL throughout this notice) manages a hairdressing business (referred to throughout this notice as “the Studio”) whose premises are at Unit 4, 10 Acklam Road, London, W1 5QZ.
The Studio is private hair studio, in which certain hair and beauty services are provided to clients on an appointment only basis.
This policy is intended to provide information about how JHL will use (or "process") personal data about individuals including: its staff; and its current, past and prospective clients.
This information is provided because Data Protection Law gives individuals rights to understand how their data is used. Staff and clients are all encouraged to read this Privacy Notice and understand JHL’s obligations to its entire community.
This Privacy Notice applies alongside any other information JHL may provide about a particular use of personal data, for example when collecting data via an online or paper form.
This Privacy Notice also applies in addition to JHL's other relevant terms and conditions and policies, including:
Anyone who works for, or acts on behalf of JHL (including staff, volunteers, directors, advisors and service providers) should also be aware of, and comply with, this Privacy Notice.
The Operations Director of JHL will act as JHL’s Privacy and Compliance Officer and will deal with all your requests and enquiries concerning JHL’s uses of your personal data (see section on Your Rights below) and endeavour to ensure that all personal data is processed in compliance with this policy and Data Protection Law.
In order to carry out its ordinary duties to staff and clients, JHL needs to process a range of personal data about individuals (including current, past and prospective staff and clients) as part of its daily operations.
JHL will need to carry some of this activity out in order to fulfil its legal rights, duties or obligations – including those under a contract with its staff, suppliers or service providers.
Other uses of personal data will be made in accordance with JHL’s legitimate interests, or the legitimate interests of another party, provided that these are not outweighed by the impact on individuals and provided it does not involve special or sensitive types of data.
JHL expects that the following uses will fall within that category of its (or its community’s) “legitimate interests”:
This will include by way of example:
Generally, JHL receives personal data from the individual directly. This may be via a form, or simply in the ordinary course of interaction or communication (e.g. verbally, or by email). However, in some cases personal data will be supplied by third parties (for example other professionals or authorities working with that individual); or collected from publicly available resources.
Occasionally, JHL will need to share personal information relating to its community with third parties, such as:
For the most part, personal data collected by JHL will remain within the JHL head office and the Studio and will be processed by appropriate individuals only in accordance with access protocols (i.e. on a ‘need to know’ basis). Particularly strict rules of access apply in the context of financial records.
Finally, in accordance with Data Protection Law, some of JHL’s processing activity is carried out on their behalf by third parties, e.g. information technology applications such as payroll processing, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with JHL’s specific directions.
JHL will retain personal data securely and only in line with how long it is necessary to keep it for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary staff personnel files is for a minimum of 7 years following the end of their employment with JHL.
If you have any specific queries about how our retention policy is applied, or wish to request that personal data that you no longer believe to be relevant is considered for erasure, please contact the Privacy and Compliance Officer based at JHL Head Office. However, please bear in mind that we will often have lawful and necessary reasons to retain some personal data even following such a request.
A limited and reasonable amount of information will be kept for archiving purposes, for example; and even where you have requested we no longer keep in touch with you, we will need to keep a record of that fact in order to fulfil your wishes (a "suppression record").
JHL may use the contact details of current, past and prospective clients, and other members of the Studio community, to keep them updated about the activities of the Studio, including sending updates and newsletters by email.
Should you wish to limit or object to any such use, or would like further information about them, please contact the Privacy and Compliance Officer in writing. You always have the right to withdraw consent, where given, or otherwise object to direct marketing. However, we are nonetheless likely to retain some of your details (not least to ensure that no more communications are sent to that email address).
Individuals have various rights under Data Protection Law to access and understand personal data about them held by JHL, and in some cases ask for it to be erased or amended or have it transferred to others, or for JHL to stop processing it – but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the Privacy and Compliance Officer.
We will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time limits (which is one month in the case of subject access requests). We will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, we may ask you to reconsider, or require a proportionate fee (but only where Data Protection Law allows it).
You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which identifies other individuals, which will be redacted, or information which is subject to legal privilege (for example legal advice given to or sought by JHL, or documents prepared in connection with a legal action).
JHL is also not required to share any confidential reference given by JHL itself for the purposes of the training or employment of any individual.
You may have heard of the “right to be forgotten”. However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.
Where JHL is relying on consent as a means to process personal data, any person may withdraw this consent at any time. An example of where we do rely on consent is in the use of certain images.
Please be aware however that JHL may not be relying on consent but have another lawful reason to process the personal data in question even without your consent.
That reason will usually have been asserted under this Privacy Notice or may otherwise exist under some form of contract or agreement with the individual (e.g. an employment contract, or because a purchase of goods or services has been requested).
JHL will endeavour to ensure that all personal data held in relation to an individual is as up-to-date and accurate as possible. Individuals should notify JHL of any significant changes to important information, such as contact details, held about them.
An individual has the right to request that any out-of-date, irrelevant or inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under Data Protection Law): please see above for details of why JHL may need to process your data, and below for details of who you may contact if you disagree.
JHL will take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to JHL systems. All staff, directors and advisors will be made aware of this policy and their duties under Data Protection Law and receive relevant training.
JHL will update this Privacy Notice from time to time. The latest version of the Notice is available at http://www.johnmacphersonhair.com/privacy.html
Any comments or queries on this policy should be directed to the Privacy and Compliance Officer at the JHL Head Office, email address firstname.lastname@example.org. If an individual believes that JHL has not complied with this policy or acted otherwise than in accordance with Data Protection Law, they should notify the Privacy and Compliance Officer. You can also make a referral to, or lodge a complaint with, the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter before involving the regulator.
This policy will be reviewed in May 2019 and thereafter annually.
This Privacy Notice has been prepared in accordance with the following laws: