Data Protection Policy – Hair by Kissa

This policy outlines how Hair by Kissa protects personal data and details the principles, rules, and guidelines adhered to, ensuring ongoing compliance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR). This policy works in conjunction with our Privacy Statement and Cookie Policy to provide a complete overview of our data protection practices.

1. Our Commitment

Hair by Kissa is committed to protecting the privacy and security of personal data collected from our clients, learners, website visitors, and staff. We recognise the importance of handling personal information responsibly and transparently, adhering strictly to data protection legislation.

2. Scope of Policy

This policy applies to all personal data processed by Hair by Kissa, regardless of how it is collected, stored, or used. It applies to all staff, contractors, volunteers, and any third parties who process personal data on our behalf.

3. Data Protection Principles

Hair by Kissa adheres to the fundamental principles of data protection as outlined in the UK GDPR:

  • Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner in relation to individuals. We clearly state the purposes for which we process personal data in our Privacy Statement.
  • Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Our Privacy Statement details the specific purposes for data collection, such as contact, payments, newsletters, and course support.
  • Data Minimisation: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We aim to limit our collection of personal data to only what is required for legitimate purposes.
  • Accuracy: Personal data is accurate and, where necessary, kept up to date. Every reasonable step is taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
  • Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. We state retention periods for data in our Privacy Statement.
  • Integrity and Confidentiality (Security): Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures. We are committed to the security of personal data and take appropriate security measures to limit abuse and unauthorised access.
  • Accountability: Hair by Kissa, as the Data Controller, is responsible for, and must be able to demonstrate compliance with, the above principles. We document our data processing activities and ensure appropriate measures are in place.

4. Roles and Responsibilities

Kissa, the business owner of Hair by Kissa, acts as the Data Controller and is responsible for overall compliance with data protection legislation. All staff, contractors, and individuals who handle personal data on behalf of Hair by Kissa are required to understand and adhere to this policy and related procedures.

5. Types of Data Processed and Purposes

Hair by Kissa processes various categories of personal data, including but not limited to, contact details, payment information, and Browse behaviour. The specific types of data collected, the purposes for their collection, and the legal bases for processing are detailed in our Privacy Statement. Our Cookie Policy provides specific information on data collected via cookies for website functionality, statistics, and advertising.

6. Data Subject Rights

Hair by Kissa respects the rights of individuals concerning their personal data. As detailed in our Privacy Statement and Cookie Policy, you have the following rights:

  • The right to be informed about how your data is used, why it’s needed, and its retention period.
  • The right of access to your personal data that we hold.
  • The right to rectification, allowing you to supplement, correct, delete, or block your personal data.
  • The right to withdraw consent for data processing where consent was given.
  • The right to data portability, allowing you to request your personal data and transfer it to another controller.
  • The right to object to the processing of your data, unless there are justified grounds for processing.

To exercise these rights, please refer to the contact details provided in our Privacy Statement and Cookie Policy. We also offer a data request form for frequently submitted requests.

7. Data Security Measures

We are committed to the security of personal data. We implement appropriate technical and organisational measures to limit abuse of and unauthorised access to personal data. This ensures that only necessary persons have access to your data, that access is protected, and that our security measures are regularly reviewed.

8. Data Sharing

Personal data is only shared or disclosed to processors for specified purposes, as detailed in our Privacy Statement. We ensure that parties processing data on our behalf also meet appropriate security requirements. Our Cookie Policy lists the various third-party vendors and partners we share data with for purposes like statistics and marketing.

9. International Data Transfers

Hair by Kissa participates in the IAB Europe Transparency & Consent Framework and uses services that may involve data transfers to countries outside the UK, including the United States, particularly through social media platforms and various advertising vendors. We ensure that such transfers comply with relevant data protection regulations by relying on appropriate safeguards.

10. Data Breaches

In the event of a personal data breach, Hair by Kissa is committed to assessing the risk to individuals, and where necessary, notifying the Information Commissioner’s Office (ICO) and affected individuals in accordance with legal requirements.

11. Policy Review

This Data Protection Policy will be reviewed and updated annually to ensure it remains effective, relevant, and compliant with current data protection legislation and best practices.

12. Contact and Complaints

If you have any questions or comments about our Data Protection Policy, or if you are not satisfied with how we handle your personal data, please contact us using the details below. You also have the right to submit a complaint to the Information Commissioner’s Office (ICO).

Contact Details: HBK Nursery St, Sheffield S3 8GG UK Website: https://hairbykissa.co.uk Email: support@hairbykissa.co.uk Phone number: 07710438254