PrivacyPolicy
Who are we?
This website ('Site') is operated by The Chapel Hair & Spa Limited, a company registered in England and Wales under registration number 04373354 ('The Chapel', 'we', 'us' and/or 'our'). Our registered address is The Chapel, Chapel Place, Tunbridge Wells, Kent TN1 1YQ UK. You can contact us as indicated under the 'Contact' section below.
The data controller responsible for your personal data is The Chapel Hair & Spa Limited company with whom you contract as a customer / guest, ('The Chapel', 'we', 'us' and/or 'our')
-
What is this privacy policy for?
This privacy policy ('Privacy Policy') applies to personal data that we collect from you as a user of this Site or as customer / guest ('you' or 'your' being interpreted accordingly). It provides information on what personal data we collect, why we collect the personal data, how it is used and the lawful basis on which your personal data is processed, and what your rights are under the applicable data protection and privacy laws, including the General Data Protection Regulation ('GDPR') which became applicable to us, and you, as of 25 May 2018.
'Personal data' as used in this Privacy Policy means any information that relates to you from which you can be identified.
By using our Site or submitting your personal data you are taken to accept the terms of this Privacy Policy, so please read it carefully.
-
The personal data collect
We collect the following personal data about you:
Appointment booking and contact information
This includes your name, address, email address; address and phone number; gender and date of birth; country; a picture of yourself; and other information that you elect to disclose in your user profile on the Site. We also collect information about your debit/credit card and bank account information provided by you to our payment service providers. We require this information for the purpose of reserving Appointments and taking payments in line with our Cancellation Policy. For further details, please also refer to the section below headed 'Payment information'.
Payment information
We also collect information about your debit/credit card and bank account information provided by you to our payment service providers: Stripe We require this information for the purposes of completing your purchases with us. These details are managed with the highest Compliance Security Payment Card Industry Level 1. Please note: our team has no access to payment details, for more information see our cancelation policy.
Other information
Personal details you choose to give when corresponding with us by phone or email; participating in user/customer/member surveys, or otherwise visiting and interacting with this Site or any other websites we operate; and personal data that you provide to us when you visit one of our salons. We can also combine personal data that you provide to us with other information we collect about you when you make a reservation through third-party services, such as online reservation or aggregator websites necessary to process your requests.
-
Automatically collected personal data
Log data
When you visit our Site, our servers record information ('log data'), including information that your browser automatically sends whenever you visit the Site. This log data includes your Internet Protocol ('IP') address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, the date and time of your request.
Our Site uses cookies (small text files placed on your device) and similar technologies to distinguish you from other users. This is to provide you with a good user experience when you browse our Site, and allows us to improve its features. For detailed information on the cookies and similar technologies we use, please see our Cookie Policy.
-
How we use your personal data
We use your personal data in the following ways:
SMS, WhatsApp and other digital messaging providers will be referred to as “Digital Messaging Services”
To acknowledge, confirm and deal with your Appointment bookings (and where necessary put you on our waiting list). If you have opted into receiving Digital Messaging Services from us.
To send timely reminders and suggest suitable appointments, for those on the Appointment waiting list.
To contact you in connection with user/customer/guest surveys, and use any information you choose to submit in response (provided that you gave us your consent to being contacted in this way at the time you provided us with the personal data).
To personalise the content you receive and provide you with tailored content that will be of interest to you
To communicate with you about your visit to our Site and Digital Channels.
To notify you about changes to our service, provide you with user support and enforce our terms, conditions and policies.
The Chapel Hair & Spa Limited and The Chapel Salons (“The Chapel Salons” means a group company of The Chapel Group Limited) may provide you, or permit selected third-party service providers to provide you, with information about goods or services, events and other promotions we feel may interest you as a customer / guest. We (or such third-party providers) will contact you by email only with your consent, which was given at the time you provided us with the personal data.
In order to comply with our legal obligations, we use your data to help us detect abuse, fraud and illegal activity on the Site.
As necessary for certain legitimate business interests, which include the following:
- Where we are asked to deal with any enquiries or complaints you make.
- To administer our Site, to better understand how visitors interact with our websites and ensure that our Site is presented in the most effective manner for you and for your computer/device.
- To conduct analytics to inform our marketing strategy and that of our Chapel Salons, and enable us and the Chapel Salons to enhance and personalise the experience we offer to our customers / guests and our communications. This includes creating customer / guest r profiles to enable personalised direct marketing communications.
- To provide postal communications which we think will be of interest to you.
- If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing.
- To share personal data among the Chapel Salons for administrative purposes; for providing bookings; and in relation to our sales and marketing activities.
- We may anonymise, aggregate and de-identify the data that we collect and use such anonymised, aggregated and de-identified data for our own internal business purposes, including sharing it with our current and prospective members, business partners, the Chapel Salons, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyse patterns among groups of people, and conducting research on demographics, interests and behaviour.
- For internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our Site, network and information systems secure.
- To (a) comply with legal obligations, (b) respond to requests from competent authorities; (c) enforce our Cancellation Policy; (d) protect our operations or those of any of the Chapel Salons; (e) protect our rights, safety or property, and/or that of the Chapel Salons, you or others; and (f) enforcing or defending legal rights, or preventing damage.
As used in this Privacy Policy, 'legitimate interests' means the interests of the Chapel Salons in conducting and managing our organisation. When we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object at any time to processing of your personal data that is based on our legitimate interests, on grounds relating to your particular situation (for more information on your rights, please see 'Your personal data protection rights' section below).
-
Disclosure of your information
We share your personal data with third parties in the following situations:
Service providers: the Chapel Salons, like many businesses, sometimes hires selected third parties who act on its behalf to support its operations, such as (i) card processing or payment services (see the section below headed 'Payment Information'); (ii) Software booking systems (iii) IT suppliers and contractors (e.g. data hosting providers or delivery partners) as necessary to provide IT support and enable us to provide bookings and other goods/services available on this Site or to members; (iv) web analytics providers; (v) providers of digital advertising services; and (vi) providers of CRM, marketing and sales software solutions. Pursuant to our written instructions, these parties may access, process or store your personal data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
Communications Services Providers. To provide you with certain products and services, we may engage with telecom operators, aggregators, carriers, and other communications service providers for routing and connectivity purposes. In order to make sure the messages reach the intended recipient regardless of their physical location, we may use a global network of telecom providers. When it comes to the contents of electronic communications transmitted by communication providers, these operators, aggregators, and service providers are neither data controllers nor data processors because they act as mere conduits for the transmission of communication content. If communications services providers process any personal data for their own purposes (e.g. fraud prevention, billing, filtering, or legally required data retention activities) they act as data controllers.
Digital Messaging Services. The following section shall be applicable to those who have opted-in to receiving Digital Messaging Services and marketing messages: we may send messages / communications to interested members and collect mobile data on our members. Personal data related to the use of Digital Messaging Services have a default retention pursuant to all local and applicable law. The retention of personal data related to those services are necessary (a) to fulfil our legal obligations to ensure the integrity and security of our services, and actively prevent misuse of telecommunications services, (b) for the transmission of information over the services, and (c) to ensure we are able to fulfil our legal obligations to assist formal governmental authorities.
The Chapel Salons: In order to provide the services you request from us, the Chapel Salons may access and process the information that we collect from you for the purposes described above, including to offer products and services to you. The Chapel Salons will only use your data for the purposes for which we originally collected it.
Business transfers: if we sell our business or our company assets are acquired by a third party, personal data held by us about our members, membership applicants or customers may be one of the transferred assets.
Administrative and legal reasons: if we need to disclose your personal data (i) to comply with a legal obligation and/or judicial or regulatory proceedings, a court order or other legal process requirements from public health organisations, local councils and government. (ii) to enforce our Terms & Conditions, Cancellation Policy or other applicable contract terms that you are subject to or (iii) to protect us, our customers / Guests, or contractors against loss or damage. This may include (without limit) exchanging information with the police, courts or law enforcement organisations.
-
Payment information
Any credit/debit card payments and other payments you make through our Site will be processed by our third-party payment providers: Stripe. payment data you submit will be securely stored and encrypted by our payment service providers using up to date industry standards. Please note that aside from card information tokenisation we do not directly process or store the debit/credit card data that you submit ourselves.
We store card or payment data you submit during Appointment Booking or purchase at any of our operations for the purpose of reserving future appointments and taking of payment in line with our Cancelation Policy.
We will store this data in accordance with our legal obligations under applicable law, and only for so long as legally permitted.
You may choose to opt out of us holding your card or payment data, although this means that you will need to re-supply us with card/payment details to hold future reservations, or for the purpose of making any future purchases.
-
Personal data transfers
Your personal data may be transferred to, and stored in, countries other than the country in which the information was originally collected, including the United States and other destinations outside the European Economic Area ('EEA'), to our service providers and the Chapel Salons for the purposes described above.
Please note that the countries concerned may not provide the same legal standards for protection of your personal data that you have in the United Kingdom or EEA. Where we transfer your personal data to countries outside of the EEA, we will take all steps to ensure that your personal data will continue to be protected. We will implement appropriate safeguards for the transfer of personal data to our service providers in accordance with the applicable law, such as relying on our service or implementing standard contractual clauses for data transfers. We have implemented data transfer agreements pursuant to applicable data protection law in order to implement appropriate safeguards for the transfer of personal data to Chapel Salons in countries outside the EEA. If you would like to receive more information on the safeguards that we implement, including copies of relevant data transfer contracts, please contact us as indicated below.
Security
Where you have chosen a password or login that enables you to access certain restricted parts of our Site or third partys' platforms, you are responsible for doing everything you reasonably can to keep these details secret. You must not share your password or login details with anyone else.
Unfortunately, the transmission of information over the internet or public communications networks can never be completely secure. We will take appropriate technical and organisational security measures to protect the personal data that you submit to us against unauthorised/unlawful access or loss, destruction or damage, although we cannot 100 per cent guarantee the security of personal data that you provide to us online.
-
Personal data retention
We will keep your personal data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is longer. In particular, we retain customer / guest records for six years from the last transaction. We retain information submitted through the Site and the other websites we operate for two years following account closure or contact with you, as applicable. When you consent to receive marketing communications, we will keep your data until you unsubscribe.
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
-
Your personal data protection rights
Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights in relation to your personal data:
Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details such as the purpose of the data processing. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your personal data, such as where our legal basis for the processing is your consent and you withdraw consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly. We may continue processing personal data where this is necessary for a legitimate interest in doing so, as described in this Privacy Policy.
Right to restrict processing: You may ask us to restrict or 'block' the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will provide you with your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object: You may ask us at any time to stop processing your personal data, and we will do so if:
- We are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing.
- We are processing your personal data for direct marketing.
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to UK data protection authority, the Information Commissioner's Office (ICO), or, as the case may be, any other competent data protection authority of an EU member state that is authorised to hear those concerns. (You may find EU Data Protection Authorities' contact information at https://edpb.europa.eu/about-edpb/board/members_en.)