At Fred and Ginger, we take our privacy seriously. At any time, you may request a copy of information we have recorded about you and you may also request we remove all identifiable information with respect to yourself. As a matter of course, we will delete your identifiable information if you have not undertaken business with us after 2 years.
Due to the COVID-19 pandemic we hold your name, telephone number and email address so that if we are contacted by a member of NHS track and trace team we will give these details if you have been on our premises in the last 21 days. We will not give these details out without having been assured that it is that team that is requiring the information.
Whilst the provision of data cannot be mandated, you are strongly advised that it is in the best interests of all to provide this information to us so we are able to take relevant steps to keep you and others safe.
The information will be managed in a confidential manner and all information will be held securely and processed on a ‘need to know’ basis by only a limited number of people. If there is a need to disclose outside of this, the minimal amount of personal data will be used.
Where COVID-19 related information is to be used for general reporting or statistics, steps will be taken to anonymise the data and general numbers used, wherever possible.
We will only keep your information for as long as it is necessary, taking into account Government advice and the on-going risk presented by Coronavirus.
Health information provided by you in relation to this outbreak of Coronavirus will not be used for any other purpose.
For transparency, listed are the business services we provide and how each service uses the information we collect.
Hair and beauty related services
- At Fred and Ginger, we request the minimum level of personally identifying information to run our business effectively. This is data you provide us directly, for example, your name and contact details.
- At Fred and Ginger, we store notes with respect to services we undertake to ensure we maintain and exceed our level of service. For example, your preferred hair style, colour formula codes, how you like your coffee and who your favourite stylists are.
- At Fred and Ginger, we consider you have provided consent for us to store personally identifying information and information about your services based on your receiving services from us.
- Depending on the particular service/s we are providing we may be required to ask questions related to your medical history. We will obtain your consent prior to storing information related to your medical history. Examples of medical data may be allergies, pregnancy or an injury that may impact our service.
Appointment confirmations and reminders
At Fred and Ginger, we will contact you via phone, email or SMS to confirm appointments made and remind you of upcoming appointments. We consider you having made the appointment as consent to undertake this activity but, if you choose, you may opt out at any time.
Appointment ratings and reviews
After visiting our salon Fred and Ginger, we may send you an email or SMS asking you to rate our services and provide feedback. We consider you having received services as consent to undertake this activity but, if you choose, you may opt out at any time.
In our salon Fred and Ginger, we consider becoming a member of our loyalty program as consent to send you emails related to the loyalty program but, if you choose, you may opt out at any time.
At Fred and Ginger, will not undertake phone, mail, email or SMS marketing without you first providing consent for us to do so. Our marketing campaigns are automated and use rules based on services and products purchased and information we collect from you. For example, we may send marketing campaigns related to your birthday, the fact we miss you (you have not visited for 3 months) and other special days like Valentine’s Day and Christmas. You may opt out of receiving marketing material at any time.
Data processors and data locations
At Fred and Ginger, we use numerous leading software solutions within our business to provide the services listed above. These software solutions act as data processors and store and process data in numerous locations outside our business premise. For a list of data processors and data storage locations please visit: www.shortcuts.com.au/datastoragestatement.
Contact and complaints
You may contact the salon to:
- Request information we have stored about you.
- Request we remove all identifying information about you.
Recording customer details – how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer/visitor of [insert name of business] you will be asked to provide some basic information and contact details.
The following information will be collected:
- the names of all customers or visitors, or if it is a group of people, the name of one member of the group
- a contact phone number for each customer or visitor, or for the lead member of a group of people
- date of visit and arrival time and departure time
The venue/establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).
We may/will [delete as necessary] require you to pre-book appointments for visits or to complete a form on arrival.
Under government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing, it will be destroyed by us 21 days after the date of your visit.
However, the government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name, date of birth and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not too.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.
[Venue/establishment, please add text on whether or not you transfer personal data outside the UK, the EU or to anywhere else (if known).]
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk or to Becky Ridley-Ayers data protection officer at firstname.lastname@example.org
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page on [your venue/establishment website].
This privacy notice was last updated on 16 September 2020