Search Salons

Privacy & Cookie Policy

We are committed to protecting and respecting your privacy.

Contents

1. Introduction

salonspy is a trading name of SALONSPY LIMITED who are registered in England & Wales No. 07953308. We are committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers and users of our products and or services that communicate online or offline with us, at events, over the phone, through our mobile applications, websites, and social media platforms.

We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.

2. The Information we collect on our website

We only collect information that we know we will genuinely use and in accordance with the General Data Protection Regulation (GDPR). The types of information that we may collect on you, or that you voluntarily provide to us on this website includes:

  • Your name
  • Your email address
  • Your public profile image from Facebook (if you register using Facebook)
  • The IP address you are accessing the site from
  • The time and date of when you submit information
  • Any consent text which you agree to

You are under no statutory or contractual requirement or obligation to provide us with your personal information; however we require at least the information above in order for us to deal with you as a customer or service user in an efficient and effective manner.

The legal basis for processing your data is based on your specific consent that we will have requested at the point the information was initially provided, therefore we will not store, process or transfer your data outside the parties detailed above unless we have an appropriate lawful reason to do so.

Review Submission Form

One instance where we will ask you for personally identifiable information is our review submission form. Upon submitting a review, you will be asked to consent to our data processing policy which is outlined within this document.

Once submitted, your review information will be processed and stored in the website application’s database.

Contact Form

Another instance where our website will ask you for personally identifiable information is our contact form. Upon completing your information, you will be asked to consent to our data processing policy which is outlined within this document.

Once submitted, your information will be processed and forwarded to us within a single email sent by the website application - no information will be stored in the website application's database.

Account Sign Up

When registering a personal account on salonspy, we will collect pieces of personally identifiable information from you which are required for us to create your account. This will be stored in the website application's database.

Information received from Software Partners

salonspy partners with salon software providers to enable salons to send SMS messages to their customers to prompt them to leave a review. The salonspy website application does not send SMS messages directly, and never receives your mobile number.

When a software partner wants to send an SMS message, they send a request to salonspy with some details about the booking, and we respond with a unique salonspy review link. This unique link is sent out in an SMS to the customer by the software partner's system, and allows the salonspy system to verify the review as being for a verified appointment. The data salonspy receives includes;

  • The time and date of the booking
  • The name of the salon
  • The postcode of the salon
  • The name of the customer (if provided)

This appointment data is stored in the salonspy website application database. Any personally identifiable information is encrypted before storage.

As an additional measure, we also exclude URLs for the API (the service which software partners use to communicate with salonspy) from our server logs to ensure that data is not logged elsewhere.

If you have received an unwanted SMS message from a salon with a link to salonspy, please follow up with your salon directly as they will be able to update your records.

Hotjar

We use Hotjar in order to better understand our users' needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies (listed later in this policy) and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website).

Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar's privacy policy.

You can opt-out to the creation of a user profile, Hotjar's storing of data about your usage of our site, and Hotjar's use of tracking cookies on other websites by following this opt-out link.

3. How we use your information

  • To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
  • Make available our products and services to you;
  • Process your orders;
  • Take payment from you or give you a refund;
  • To power our security measures and services so you can safely access our website and mobile apps;
  • Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
  • Contact you about products and services from us;
  • Provide you with online advertising and promotions; and
  • Help answer your questions and solve any issues you have.

4. Who we might share your information with

We may share your personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data;
  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
  • From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.

5. How we keep you updated on our business, products and services

Email Marketing

From time to time we may send you relevant offers and news about our business, products and services in a number by email, but only if you have consented to receive these marketing communications.

When interacting with our website, you may be asked if you'd like to sign-up to receive our email marketing communications and will you be asked explicitly to opt-in to receiving these.

You can change your Email Marketing subscription anytime by editing your preferences or unsubscribing altogether via the link at the bottom of any of our email marketing communications or by contacting us via the details at the end of this policy.

6.Your rights over your information

Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

Right to Correction of Your Personal Data

If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.

Right to Stop or Limit Our Processing of Your Data

You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

For more information about your privacy rights

The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

If you would like to exercise any of these above rights, please contact us via the details listed at the very end of this policy.

7. How long we keep your information for

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary.

8. Your data and Social Networks

When using this website, you may be able to share information through social networks like Facebook and Twitter. For example, when you 'like', 'share' or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

9. Security

Data security is of great importance to salonspy and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

Physical & Managerial Security Procedures

  • Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
  • Implementing access controls to our information technology;
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, offices and stores;
  • Never asking you to disclose your own passwords;
  • Advising you never to enter your account number or password into an email or after following a link from an email

Website Application and Hosting Security Procedures

  • HTTPS - This website is secured via Hyper Text Transfer Protocol Secure (HTTPS). It means all communications between your browser and this website are securely encrypted. This means that even if somebody managed to intercept the connection, they would not be able to decrypt any of the data which passes between you and the website.
  • Secure Payments via GoCardless and Stripe - All transactions taken and processed on this website are handled separately by GoCardless (for Direct Debit) or Stripe (for Card Payments).
  • Secure Update Process - Inline with the security processes of our website development partner agency, this website application’s code-base is administered and updated via a password and FTP free process. All code-changes are deployed via a secure process that does not rely on the storage and visible access of passwords.
  • Web Application Maintenance - Our organisation, working in collaboration with our website development agency, regularly monitor the security of this website and consistently update the core platform.
  • Cloudflare - Our website’s DNS is managed through CloudFlare who provide our content delivery network (CDN), DDoS attack mitigation, Internet security and distributed domain name server services.

10. Cookies used by this website

What are Cookies?

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when a website is loaded within your chosen browser. They are widely used to 'remember' you and your preferences, either for a single visit (through a 'session cookie') or for multiple repeat visits (using a 'persistent cookie'). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as 'first party cookies'), or by other websites who serve up content on that site ('third party cookies').

What is Cookie Control?

You may notice that our website utilises a third party Cookie preference tool called 'Cookie Control'. Cookie Control is a mechanism for controlling user consent and the use of cookies on this website application.

When (as the user) you consent to one of the optional cookie categories, Cookie Control will place a cookie to remember that decision. The name of the cookie will be the name of the category specified within the Cookie Control widget itself. That cookie will be removed when you (the user) revokes consent to that category.

What are 'Strictly Necessary Cookies'?

These are the cookies that are essential for this website to perform its basic functions. These include those required to allow registered users to authenticate and perform account related functions.

Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below:

Cookies set by salonspy

Category Cookie Name Cookie Description Duration
salonspy CAKEPHP ** Used to manage session state for users of the application. Session
ssp_auth ** Used to manage login state for users of the application. Session
Cloudflare __cfduid ** The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. 1 year
Google Analytics _ga Used to distinguish users. 2 years
_gid Used to distinguish users. 24 hours
_gat_UA Used to throttle request rate. 1 minute
Hotjar _hjClosedSurveyInvites Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown. 1 year
_hjDonePolls Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in. 1 year
_hjMinimizedPolls Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. 1 year
_hjDoneTestersWidgets Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in. 1 year
_hjMinimizedTestersWidgets Hotjar cookie. This cookie is set once a visitor minimizes a Recruit User Testers widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. 1 year
_hjIncludedInSample Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels. 1 year

How to change your Cookie preferences

The most popular web browsers typically provide additional tools to users for controlling or restricting cookies on their device. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org.

Find out how to manage cookies on popular browsers:

To find information relating to other browsers, visit the browser developer's website.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

11. How to contact us

If you would like to exercise one of your rights as set out earlier in this policy, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

Assigned Data Protection Officer: Adam Thomas, Director and Founder

By email: support@salonspy.co.uk

By post: 14 RESERVOIR STREET, SALFORD, MANCHESTER, M6 5WB

Thank you for taking the time to read our Privacy Policy.

salonspy.com

This Policy was last updated on Thursday 24th May 2018