Last Updated: 12th February 2020
Mirror Mirror cares deeply about the privacy of its clients and website users, and is fully committed to protect their personal information and use it properly in compliance with data privacy laws. This policy describes how we may collect and use personal information, and the rights and choices available to our clients and users regarding such information.
We strongly urge you to read this policy and make sure you fully understand it, before you access or use any of our services.
1. What information do we collect?
We collect various types of data which are broadly split into 3 varieties:
We collect and store names, contact numbers and email addresses via our sign up forms which are located on our website, our Facebook page, our Facebook messenger app & our Instagram channel. This information has also been, with permission, collected on paper at our Bingley salon.
We collect and store personal medical records, where necessary, which are used in accordance to the safety regulations of our various treatment protocols where access to these records is required in order for said treatments to be performed in a legal and safe manner.
We collect and store general personal contact data, treatment history data and purchase history data which is collected in salon using our booking system.
2. How do we collect this information?
There are a number of methods we use:
We collect information via our sign pages & messenger app when you voluntarily supply us with it either using our website mailing list sign up page/function, Facebook mailing list sign up tool, Facebook messenger app or our Instagram channel. The data is stored in the same database.
We collect medical record data in person when you voluntarily supply us with it so that we may commence particular treatments where such data is required.
We collect general personal contact data, treatment data and purchase data when you use our in salon services.
3. Why do we collect this information?
There are a number of reasons why we collect this information:
To provide clients with regular offers, services updates, birthday promotions and general support.
To allow us to contact clients regarding treatment bookings.
To allow us to better understand client needs and improve our services
To allow us to perform treatments to the best of our ability and to conform with manufacturer, industry and insurance regulations/standards.
To allow us to provide clients with a historical overview of their treatments with us.
To enhance our data security and fraud prevention capabilities.
To comply with any and all other applicable laws and regulations.
We will only use your Personal Information for the purposes set out in Section 3 where we are satisfied that:
our use of your Personal Information is necessary to perform a contract or take steps to enter into a contract with you.
our use of your Personal Information is necessary to comply with a relevant legal or regulatory obligation that we have, or
our use of your Personal Information is necessary to support legitimate interests that we have as a business, provided it is conducted at all times in a way that is proportionate, and that respects your privacy rig
4. Where do we store your information?
We currently store client data in 3 different secure locations:
Our client database: Mirror Mirror has one primary client database which is stored on a secure encrypted cloud database protected by SSL security and top of the range firewalls. The network security used on this database is the same as Uber & Amazon so it is as secure and stable as possible.
Our website provider ‘Wix’ stores data from sign ups in a database which is password protected and can only be accessed by Mirror Mirror staff. The data held within ‘Wix’ is subject to their strict protection rules.
Our email processing provider ‘Mailchimp’ has access to our on-site database (via an API) so that it may use clients data, where permission has been given, to send out email communications. The data held within ‘Mailchimp’ is subject to their strict protection rules.
Any data held by Mirror Mirror cannot be amended copied or deleted without the use of an administrative password. Data stored within the booking system can only be accessed by salon staff using a unique password which is known only by the data handler at Mirror Mirror. The booking system is kept under CCTV surveillance 24/7.Medical records of a paper type are not stored on an electronic database but are housed in a locked filing cabinet. These records are accessed by staff members when a client having a treatment requires the update of or use of said medical record. The filing cabinet is kept locked at all times except where access is required.
5. Third party processing
We currently use 2 third party platforms to process client data. They are ‘Wix’ and ‘Mailchimp’. These third parties are not able to see or manipulate any data that you voluntarily input or any data that is processed using their online tools. Wix is used to host our website but also allows us to collect mailing list sign ups. Mailchimp is the email creation and distribution tool that we use to email our clients.
The following cookies are currently used by ‘Wix’ websites, they can be removed from your device at any time:
Creates activities and BI
Identify logged in site members
7. Communications from Mirror Mirror
Mirror Mirror currently communicates with clients in a variety of ways. If no permission has been given then contact will only occur via telephone or by SMS appointment reminders. When permission has been granted we also contact clients using email and SMS for promotional and service purposes.
We currently send out the following email communications:
Monthly offer emails
Monthly prize draw winners’ emails
Service and policy updates
We sometimes also use SMS to contact clients regarding promotions and special offers.
8. Your rights in relation to your personal information.
You have the right to receive a copy of, update, amend, delete, or limit the use of your Personal Information. If you wish to do any of the above please contact us and let us know.
You have the right to file a complaint with your local supervisory authority for data protection (but we still recommend that you contact us first).
9. Data Retention
We may continue to retain such Personal Information even after you cease to use any particular Services, as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.
We maintain a data retention policy which we apply to information in our care. Where your Personal Information is no longer required we will ensure it is securely deleted.
Mirror Mirror has implemented security measures designed to protect the Personal Information you share with us, including physical, electronic and procedural measures. We take data security very seriously and as such any personal data that is stored in any of our databases or third party processing tools cannot be copied, amended or deleted by anyone other than a Mirror Mirror staff member.
11. Contacting Us
Telephone – 01274 510033
Email – firstname.lastname@example.org
Post – Mirror Mirror
25 Park Road