“InParlour (as it will be referred to in this privacy notice)”, “we”, “us” and “our” means InParlour Ltd and we are committed to respecting your privacy. We are registered in the UK and our registered address is at Blue Dawn, Riverside Quarter Moorings, London, SW181LP and our company registration number is 8046278.
About this privacy notice
For the purposes of data protection law, we are a data controller in respect of your personal data. InParlour is responsible for ensuring that it uses your personal data in compliance with data protection law. This privacy notice applies if you provide personal data as part of the booking process to become a client of InParlour. The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice.
We know that by choosing to book an appointment with InParlour, you have placed your trust in us. We also understand that you want the personal information you give us to be kept private as well as secure. The following statement is aimed at providing you with a comprehensive explanation of how we use any personal information obtained about you.
InParlour may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th April 2018.
Personal data that we collect about you
We will collect and process the following personal data about you:
- Information that you provide to us or one of our affiliates.This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise.
- This information may include: Your name and job title, date of birth, email address, mobile number, demographic information such as postcode, specific treatment preferences ie. depth of colour of your contouring treatment, skincare and bodycare regime including any allergies you may have, records of previous appointments and if provided by you any previous appointment feedback. We will also collect credit or debit card information.
This information is necessary to process your booking and notify you of confirmation of your appointment.
- Information we collect or generate about you. We collect information as part of our Customer Relationship Management (CRM) software system which enables us to generate your booking. We may also collect information to use as part of an email service offered through the URL www.mailchimp.com which enables us to create, send and manage emails.
Uses of your personal data
We require this information to understand your needs and provide you with a better service and in particular for the following reasons:
- in order to supply your name and address and telephone number to your chosen InParlour therapist in order to fulfil the appointment
- internal record keeping
- to improve our products and services
- to process payments, credit reference checking and fraud detection
We are entitled to use your data in these ways because:
- we have legal and regulatory obligations that we have to discharge;
- we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
- the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as: enabling us to carry out your appointment with InParlour for mobile beauty services
Disclosure of your information to third parties
We may disclose your personal data to our affiliates in the circumstances described below:
- to Amanda Harrington London Ltd to enable us to offer you and provide you with additional beauty products and services
We will take steps to ensure that the personal data is accessed only by employees of such affiliates that have a need to do so for the purposes described in this notice. We may also share your personal data outside of InParlour and our affiliates:
- if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;
- if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
- to third party agents or contractors (for example, the providers of our electronic data storage services,CRM software services and electronic mail services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and
- to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.
Transfers of personal data outside the European Economic Area
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for our affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:
- the country that we send the data to might be approved by the European Commission;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.
Retention of personal data
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; and
- the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting Rhiannon Jeffreys at InParlour on +44(0)20 3713 9365 or emailing firstname.lastname@example.org
You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at https://ico.org.uk/.
Links to other websites
Our website may contain links to other websites of interest. We do not have control over the content of that other website and cannot be responsible for the protection and privacy of any information which you may provide whilst visiting such sites and such sites are not governed by this privacy statement.
Our cookies do not contain any personal information about you and are only used to determine your browser and user preferences for our site. This helps us to provide you with a service that you desire and to enhance your browsing experience. However you can choose to decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to Rhiannon Jeffreys at InParlour on +44 (0)20 3713 9365 or email@example.com as soon as possible. We will promptly correct any information found to be incorrect.