Privacy Policy
Introduction
This privacy notice provides you with details of how Nails by Laura D Lee (hereafter NbLDL) collects, uses, protects and transfers your personal data. Nails by Laura D Lee is a nail business which provides services such as manicures, pedicures, and nail art. Laura Lee is the data controller and is responsible for your personal data.
My contact details are:
Name: Laura Lee, at Nails by Laura D Lee
Email address: nailsbylauradlee@hotmail.com
This privacy policy applies to all users of Nails by Laura D Lee services. By using such services you consent to the terms of the privacy policy.
I reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If I make material changes to this policy, I will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.
It is important that the information I hold about you is accurate and up to date. Please let me know at any time if your personal information changes by emailing nailsbylauradlee@hotmail.com
2. What data does NbLDL collect about you
Personal data means any information capable of identifying an individual; this does not include anonymous data.
At the time of booking your appointment, I will take your name and a contact telephone number or other means of contact.
I will then send you an electronic form which asks for your name, date of birth, address, telephone number and email address. I will also ask for your emergency contact and their telephone number, as well as relevant medical information which may impact on the treatments I provide or the products used. This information will be entered onto a Client Consultation Form which I will ask you to sign digitally to confirm that it is correct.
Also included within the Client Consultation Form is a digital Privacy Agreement which I will ask you to complete and sign. You may ask to see this Agreement again, or to amend your choices, at any time.
At the end of your appointment I will record the date, your treatment (along with the colours & effects you have selected) and price paid on your Treatment Log.
Any purchase of products from NbLDL will also be recorded, with the date, your name, the product purchased and price paid.
The above information will also be stored in an electronic format on a password-protected Nails by Laura D Lee account.
I receive, collect and store any information you enter on our website or provide me with in any other way. In addition, I collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. I may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. I may also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.
3. How does NbLDL collect your personal data
I collect data about you through a variety of methods, including:
~ Direct interaction - you may provide data by filling in the aforementioned pre-appointment forms, and by communicating with me by post, telephone, email, social media accounts, website enquiry or otherwise, including when you:
- book an appointment
- order a product or service
- request resources (e.g price list) be sent to you
- enter a competition, prize draw, giveaway, promotion, survey or poll
- leave me a review or provide other feedback
~ Third parties or publicly available sources - I may receive personal data about you from various sources such as:
- advertising networks such as Facebook based outside the EU
- analytics providers such as Google based outside the EU
4. Why does NbLDL collect your personal data
I collect and use your personal data in order to provide you with NbLDL services, treatments, products, and to fulfil NbLDL business and legal obligations. I also do so to be able to contact NbLDL clients and website users with general or personalised service-related notices and promotional messages, as well as to create statistical data in order to improve my services. Health or medical data is requested in order to ensure a safe treatment and to ensure compliance with health & safety guidelines, as well as industry standards & requirements.
5. How does NbLDL use your personal data
I do not use the personal information you provide in your pre-appointment consultation forms for anything other than to contact you regarding your appointment, for matters relating to your nails and the treatments and products I provide.
The NbLDL website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by NbLDL via the website adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
I will only use your personal data when legally permitted. The most common uses of your personal data are:
- Where I need to comply with a legal or regulatory obligation; or
- Where I need to perform the contract between us; or
- Where it is necessary for NbLDL's legitimate interests (or those of a third party); and
your interests and fundamental rights do not override those interests
Generally, I do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing me at nailsbylauradlee@hotmail.com
I may process your personal data for more than one lawful ground, depending on the specific purpose for which I am using your data. Please email me at nailsbylauradlee@hotmail.com if you need details about the specific legal ground(s) I am relying on to process your personal data.
You may receive marketing communications from me if you have provided me with your details when:
Attending an appointment; or
Enquiring about my services; or
Entering a competition, prize draw, giveaway or promotion; or
Voting in a survey or poll; or
Following a NbLDL account on social media; or
Subscribing to the NbLDL blog; or
Leaving a NbLDL review; or
Purchasing a product from NbLDL; and
in each case you have not opted out of receiving that marketing.
You may request that NbLDL stops sending you marketing communication at any time by emailing me at nailsbylauradlee@hotmail.com. If you opt out of receiving marketing communication, this will not apply to personal data provided to me as a result of treatments received.
I will not share your personal data with any third party for marketing purposes unless I have obtained your express opt-in consent.
I will only use your personal data for the purposes for which it was collected, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email me at nailsbylauradlee@hotmail.com. I may process your personal data without your knowledge or consent where this is required or permitted by law.
6. Disclosure of your personal data
I may have to share your personal data with the parties set out below for the purposes set out above:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
NHS Test & Trace (or Public Health England) – in order to help limit the spread of COVID-19
I require all third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law. I will only allow such third parties to process your personal data for specified purposes and in accordance with my instructions.
7. Data security
I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I will limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on my instructions and they are subject to a duty of confidentiality.
I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.
8. Data retention
I am required to keep such information for legal and insurance purposes. I will only retain your personal data for as long as necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements. All records are kept for a period of 7 years from the most recent appointment, after which the record will be securely destroyed.
In some circumstances I may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case I may use this information indefinitely without further notice to you.
9. Your legal rights
You have a right to view the information I keep which relates to you, and you may also request that this information is changed, corrected or securely destroyed.
You may request that once I have your details recorded on a Client Consultation Form that I delete any previous message(s) sent to my mobile, nailsbylauradlee@hotmail.com or NbLDL social media accounts which contain your personal information.
Please note that if you request that I erase or destroy your personal data entirely I will no longer be able to carry out treatments for you.
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email me at nailsbylauradlee@hotmail.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.
I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request, in order to speed up my response.
I will try to respond to all legitimate requests within 28 days. Occasionally it may take me longer than this time if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.