Privacy Policy

Information We Collect

We collect personal information in two ways, depending on how you use our services:

For Non-Registered Users (Appointment Bookings)

Even without creating an account, we collect and store:

• Basic personal details (name, email address, phone number) necessary for appointment management
• Appointment details (service, date, time, any special requirements)
• Payment identifiers if applicable (transaction IDs, but NOT your full payment card details)

For Registered Users (With Accounts)

In addition to the above, when you create an account we also collect:

• Account credentials (email and password - securely hashed)
• Booking preferences and complete appointment history
• Communication preferences
• Any additional information you provide in your profile

For All Website Visitors

• Information you provide in communications with us
• Technical information (IP address, browser type, device information) when you use our website

Legal Basis for Processing

We process your personal data based on the following legal grounds:

For Non-Registered Users (Appointment Bookings)

• Contract fulfillment: Processing your name, contact details, and appointment information is necessary to provide our booking service and fulfill your appointment
• Legitimate interests: Sending appointment reminders and essential service communications

For Registered Users (With Accounts)

• Contract fulfillment: Processing necessary to maintain your account and provide our services
• Legitimate interests: Improving our services, ensuring security, and business operations
• Consent: For marketing communications and optional features (which you can opt out of anytime)

For All Users

• Legal obligation: Compliance with tax, business, and other regulations
• Legitimate interests: Maintaining business records, ensuring website security, and preventing fraud

You can withdraw your consent for consent-based processing at any time by contacting us or using the opt-out features in your account settings or our communications.

How We Use Your Information

• To create and manage your account
• To process and confirm your bookings
• To send appointment reminders and booking confirmations
• To process payments and refunds
• To respond to your inquiries and provide customer support
• To improve our services based on your feedback and preferences
• To send you information about our services (with your consent)
• To comply with legal obligations
• To protect our rights, properties, and safety

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

For Non-Registered Users (Appointment Bookings)

Even without an account, we retain your basic contact information and appointment details for:

• 2 years from your last appointment for customer service purposes
• 6 years for financial records as required by tax regulations (for paid services)

For Registered Users (With Accounts)

We retain your account information and history:

• For as long as your account remains active
• For 2 years after your last activity if your account becomes dormant
• Financial records will be retained for 6 years as required by tax regulations

For All Users

The criteria used to determine our retention periods include:

• How long is the personal data needed to provide our services?
• Do we have a legal or contractual obligation to keep the data?
• Is retention necessary to comply with our legal obligations?

You can request deletion of your data at any time by contacting us. For registered users, you can delete your account through your account settings. In all cases, we will retain data required by law, such as appointment records needed for tax purposes.

Third-Party Services

We may use trusted third-party service providers to help us operate our business and deliver services to you. These providers have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your information. Our third-party service providers include:

• Payment processors (Stripe, PayPal)
• Email service providers
• Hosting and cloud storage providers
• Analytics services

We do not sell, rent, or share your personal information with third parties for their marketing purposes without your explicit consent.

Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data. These rights apply to all users, whether you have registered for an account or simply booked an appointment:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of any inaccurate information we hold.
• Right to Erasure: You can request deletion of your personal data in certain circumstances. Note that we may need to retain certain information for legal or administrative purposes, such as appointment records for tax requirements.
• Right to Restrict Processing: You can request we limit the way we use your personal data.
• Right to Data Portability: You can request a copy of your data in a machine-readable format.
• Right to Object: You can object to our processing of your personal data in certain circumstances, particularly for direct marketing.
• Right to Not Be Subject to Automated Decision-making: You can request human intervention where automated decisions are made about you.

How to Exercise Your Rights

You can exercise these rights in different ways depending on your relationship with us:

• For Registered Users: Many of these rights can be exercised directly through your account settings where you can view, update, and in some cases delete your personal information.
• For All Users: You can contact us using the details provided below to exercise any of these rights. We will respond to your request within one month.

To verify your identity when you make a request, we may ask for additional information to confirm you are the person the data relates to.

Cookies and Tracking

Our website uses cookies and similar technologies to enhance your experience, analyze usage, and assist in our marketing efforts. These apply to all visitors to our website, whether or not you book appointments or create an account.

• Essential cookies: Required for the website to function, including our booking system and account features
• Preference cookies: Store your preferences and settings, such as previously selected services or locations
• Analytics cookies: Help us understand how visitors interact with our website to improve our services
• Marketing cookies: Track visitors across websites to display relevant advertisements (only used with your consent)

Cookie Control

When you first visit our website, you'll be asked to consent to non-essential cookies. You can change your preferences at any time through our cookie settings link in the footer.

You can also adjust your cookie settings through your browser settings. However, restricting essential cookies may affect the functionality of our website, particularly the booking system.

Account-Related Data Storage

If you create an account, we store certain information in your browser's local storage to enhance your experience when returning to our site. This data is stored on your device, not on our servers, and can be cleared through your browser settings.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of sensitive information
• Secure storage and processing systems
• Regular security assessments
• Access controls and authentication requirements
• Staff training on data protection and security

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure.

Data Breach Procedures

In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and will inform affected individuals without undue delay, as required by GDPR.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected information from your child, please contact us so we can promptly remove the information.

Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page and updating the "effective date" at the top
• For registered users: Sending a notification email about the changes
• For all users: Displaying a notice on our website for 30 days following significant changes

We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Data Subject Requests

To submit a request regarding your personal data (access, deletion, correction, etc.), please:

• Email us at info@oakshawhairandbeauty.com with the subject line "Data Subject Request"
• Include your full name and the email associated with your bookings or account
• Specify what request you're making (access, deletion, etc.)

Complaints

You have the right to lodge a complaint with a supervisory authority if you believe your data has been processed unlawfully. In the UK, the supervisory authority is the Information Commissioner's Office (ICO), which can be contacted at https://ico.org.uk/make-a-complaint/.