The following privacy notice outlines how Duchess Lounge (‘we’ or ‘us’ or ‘our’) gathers, processes, and protects your personal data.
Personal data collected
The personal data that we collect is:
• Email Address
• Date of Birth
• Phone number (mobile and/or landline)
• Consultation forms
• Health, medical and medication information
• Appointment data & associated notes
• Marketing preferences
• CCTV images (of Duchess Lounge reception area, main nail lounge area, front and rear of the property)
Purpose and Legal Basis for Processing Your Data
Duchess Lounge takes your privacy seriously and we will never sell or rent your personal data to any third-party. Direct marketing activities are only carried out with your express consent, which you are free to withdraw at any time.
We need to obtain and process your personal data to provide you with our products and services and to fulfil our business and legal obligations. We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice.
Where we request sensitive personal data from you (i.e. health or medical data), the reason(s) for the request will be clearly given along with the purposes of the processing. Explicit consent through a signature will always be required for us to obtain and process your health information.
Your personal data is collected and processed for the following reasons:
• In the performance of a contract to sell products or services (name, address, email, contact number, DOB).
• Through legitimate interest to engage in communication with you including confirmation and reminders of appointments, and requests to cancel or change bookings.
• Health information is collected in order for us to perform the agreed services appropriately, to potentially highlight areas that products and services may cause issues to clients because of their health and provide industry standard advice.
• As part of our legal obligation for business accounting, tax and insurance purposes.
• As required by law or to respond to legal process.
• Select relevant offers, promotions and information for you.
Who is processing my data?
Duchess Lounge, 34-36 Claypotts Road, Dundee, DD5 1BS, are the data controller and processes your personal information for the purposes laid out in this privacy notice. Phorest Salon Software, 9 Anglesea Row, Dublin, D07 W5NE, Ireland, acts as data processor on behalf of Duchess Lounge and have access to personal information only in cases that customer support or troubleshooting is required by Duchess Lounge. Further, they must process the personal information in accordance with this Privacy Notice and as permitted by applicable data protection laws.
Your rights as an individual
If your personal data is held by Duchess Lounge, you hold particular rights over it.
Where you have provided consent for us to contact you as part of our marketing services, you have the right to modify or withdraw your consent at any time by using
the unsubscribe option accompanied with all of our direct marketing or by contacting us directly.
You also have the right:
• To be informed of how your personal data will be used before it is collected.
• To access your personal data and to receive information on how your
information is used after it has been gathered.
• To have personal data corrected if it is incomplete, inaccurate or out-of-date.
• To request the removal or deletion of personal data where there is no
compelling reason for its continued processing.
• To restrict processing, to ‘block’ processing of your personal data.
• To data portability, having your data moved, copied or transferred from
Duchess Lounge to another organisation in an easily readable format.
• To object to direct marketing from us.
Special categories of personal data collected
Health questions are asked in our consent form to potentially highlight treatments that may have a negative effect on your health due to medication you are taking or a condition you have. Duchess Lounge asks for consent at time of collecting this information. At any time after giving consent, you can withdraw you consent, subject to legal, insurance and contractual restrictions (see more on ‘your rights as an individual’). Your privacy is very important to us and this information is only used for determining your suitability for the treatment. Please note that due to legal and insurance restrictions some treatments may not be carried out without completion of health questions or if consent is withdrawn.
Process of collection
Your personal data is collected when you provide it to us through our website, over the phone, in salon, by email, social media, in writing or any other means by which you provide it to us. Information is stored using the Phorest software platform.
Duchess Lounge do not collect the personal data of children under the age of 16 without parental or guardian consent. If you believe that we hold any information from or about a child under age 16, please contact Duchess Lounge and if we cannot immediately obtain appropriate parental or guardian consent, will remove the personal data from storage.
Use of Data Processors
Your personal data is shared only with Phorest Salon Software representatives in cases that customer support and troubleshooting is required for the salon. Phorest do not share your personal information with any third-party without your prior consent, other than those already disclosed in this privacy notice or as part of our legal obligations under the relevant data protection laws.
Data processors are third parties who provide some elements of our business services for us. Where we use a third-party, we have strict agreements in place governing the processing of your personal data, on which no action can be taken without instruction from us. The third-parties with whom we work will never share or disclose your personal information and will hold it securely at all times.
Duchess Lounge utilise software provided by Phorest to manage our business, including but not limited to accepting bookings, organising appointments, taking payments etc.
How Long Do We Keep Your Data?
Duchess Lounge retains your personal data for as long as is necessary to provide you with our services as our client. We are required by legal and insurance purposes to retain data for 7 years. You may ask for your personal information to be removed at any time. We may, however, retain a secure anonymised record for research and analytical purposes.
Cookies (if applicable)
Our website relies on cookies to carry out certain functions and to tailor your user experience. Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended. You can control and/or delete cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Transfers of personal information
When personal data of persons located in the EU is processed through Phorest software, all of it is held within the EU. Your information is processed by the Phorest software and stored in the Amazon Web Services cloud infrastructure. During this process your data is encrypted in transit and at rest.
Consequences of not providing your personal information to Phorest
In the event that you want to purchase a product or service from Phorest, certain personal information is required to enter into a contract with you. Phorest will not be able to enter into a contract with you to fulfil an attempt to purchase a product or service if you do not provide your personal information.
As noted in this privacy statement, we are processing your personal data to comply with legal and statutory obligations and in the performance of a contract. You can always choose not to provide personal information; however, we will be unable to provide certain products, services and treatments in these instances.
Safeguarding your Personal Data
Appropriate measures are taken to protect your personal data from access from unauthorized persons or inappropriate access, internal or external. Our website and connection to the Phorest system uses a HTTP Secure communication protocol and TLS security. This means all information passed to the Phorest system is encrypted during data input and transfer to the cloud. Any paper files recording your personal data are held in a locked filing cabinet which can only be accessed by authorised personnel in the salon. Duchess Lounge employees are only assigned specific access rights and can only access the salon software with the PIN number assigned to them by the management of the salon.
Health data collection
Where we collect information about your health or medical circumstances, we have a legal obligation to collect this information for health and safety and insurance purposes and only do so with your explicit consent. The privacy and security of your data is very important to us and we will only use health related information for the purposes described on this form and in our Privacy notice.
Promotions & Offers
From time to time we like to contact you with details of our special offers and other products and services that we provide by email. We do this only with your consent. You may withdraw consent at any time by unsubscribing to these emails. An unsubscribe link is provided at the bottom of every email sent by us using Phorest Salon Software, or alternatively you can contact us directly.
In the occurrence that you want to make a complaint about how your personal data was gathered, how it is being processed by Duchess Lounge (or third party used by Duchess Lounge) or you are not satisfied about how a data complaint has been handled, you retain the right to lodge a complaint directly with the supervisory authority and Duchess Lounge. Duchess Lounge would appreciate the opportunity to assist you with your query before raising a complaint with Data Protection authorities.
Last reviewed May 2018.