Toms Hairdressers is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use information about you in accordance with the General Data Protection Regulation (“GDPR”).
For the purpose of the General Data Protection Regulation (“GDPR”) the data controller is Toms Hairdressers registered in England Wales with company number “” whose registered address is at 74 Hemswell Avenue, Lincoln, LN6 0AZ
Our nominated person for the purpose of GDPR is the Office Manager reporting to the Board of Directors annually.
WHAT DATA WE COLLECT FROM YOU
We may collect and process the following data about you:
- Personal details such as your name, address, telephone number, email address and occupation
- Employment details such as: Specific employment information held such as length of service or employment history/curriculum vitae where provided by you in relation to any application for a role sent to NCL
- Financial data such as: Bank Account details, Insurance information, Social Security information
- Information that you provide by filling in forms on our site https://tomsoflincoln.co.uk/
- Information that you provide via direct communication such as: email, post, telephone, social media
- Information provided in person
- Details of any company information and contact details you provide
- Details of any information you provide in relation to third parties
During your dealings with us, we may also collect and process other information about yourself which is not specified above, including via third parties. This will only be collected and processed in accordance with data protection law.
We may collect and process the following sensitive data about you:
- Information relating to health
- Biometric data
This will only be requested with your specific written consent and where it is required to meet our obligations under Health and Safety Legislation, to comply with the Disability Discrimination Act 2010, any other legislative requirements, or as listed in Article 9(2) of the GDPR.
Criminal Offence Data
We may collect and process the following criminal offence data about you:
- DBS (Disclosure and Barring Services) checks
This will only be obtained with your specific written consent and where it is required to meet our obligations under legislative (or contractual) requirements and in accordance with Article 10 of the GDPR.
Our use of CCTV
We monitor and record images using closed circuit television at our sites. We do this for the purpose of crime prevention and public safety. Access is strictly limited to those undertaking security provision. Unless we need to keep them for an active investigation, we keep recorded images for 30 days. Where necessary we may share CCTV image information with:
- The person in the image
- Services providers
- Police forces
- Security organisations.
When accessing our website or networks we may collect information about your computer, including where available your IP address, operating system and browser type, for system administration.
LEGAL BASIS FOR PROCESSING
We need to have a proper reason under the GDPR whenever we process your personal data ourselves or share it with others outside NCL:
- to fulfil a contract we have with you or to take steps at your request prior to entering into a contract with you
- when it is our legal duty
- when it is in our legitimate interest or the legitimate interest of a third party except where such interests are overridden by your interests or your fundamental rights or freedoms
- when you consent to it.
A legitimate interest is when we have a business or commercial reason to process your personal data, but this must not unfairly go against your rights. If we rely on our legitimate interest, we will tell you what that is.
We will ensure that the collection and processing of your personal data:
- is kept to a minimum with regards to the amount of data collected and the extent of any processing
- will not be overly intrusive to you
- will be proportionate in order to meet our legitimate interests, as above
If applicable, we will only process ‘sensitive personal data’ or ‘special categories of personal data’ provided by you where you have provided your explicit consent to do so via a separate consent form referencing this privacy notice or where there is an alternative legal basis for such processing under Data Protection Laws.
HOW WE USE YOUR DATA AND WHY
We will use your information about you in the following ways:
- To carry out our obligations arising from any agreement that we have with, or concerning, you and to provide you with information, benefits and services you request from us
- To notify you about changes in our policies and procedures
- To notify you of any requirements when visiting any of our sites to facilitate your visit
- To contact you to provide you with information you have requested
- Complying with our legal obligations, any relevant industry or professional rules and regulations or any applicable voluntary codes
- Compliance with demands or requests made by any relevant regulators, government departments and law enforcement authorities or in connection with any disputes or legislation
- To enable you to access information and submit applications regarding potential roles and opportunities at NCL
- To enable NCL to contact you regarding applications regarding potential roles and opportunities at NCL
- Where it is necessary for our legitimate interests
- To provide aggregated anonymised information about our Service Providers and Subcontractors to our Board of Directors and relevant internal stakeholders.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data. Unless otherwise agreed with you, we will not use any of your personal data for automated decision-making or profiling.
We want to keep in touch with you, but will only send you updates about our work, news and events if you have specifically opted-in/consented to receiving such information via email, post and/or telephone.
If at any time you change your mind you can stop receiving communications by informing an employee of NCL and/or specifically sending a request to the details under “CONTACT”.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected unless it is required for a new purpose which we did not originally anticipate.
The legal basis will be assessed, changed if necessary and documented.
In the event of a significant change of purpose, where the change would be unexpected, or where it will have an unjustifiable impact we will notify you and explain the legal basis which allows us to do so.
Where the original basis was consent, we will request specific and informed consent for the new purpose.
Please note that we may be legally required to process your personal information without your knowledge or consent.
HOW LONG WE STORE YOUR DATA FOR
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
WHERE WE STORE YOUR DATA
All personal data you provide is stored on systems with appropriate technical and organisational security measures and controls and located within the European Economic Area, which are sufficient to comply with the requirements under the data protection laws.
WHO ELSE CAN ACCESS YOUR DATA?
In order to provide our services, we employ other organisations who may process your data on our behalf. We call these organisations ‘Service Providers’ and they help us with things like IT services, Legal services, Occupational Health services and Health and Safety services.
All Service Providers will sign relevant contracts and/or data agreements to ensure your data is stored correctly and used only for the purposes contracted and destroyed where relevant once the job for which they are contracted is completed.
In order to provide our services, we are employed by and ‘Clients’ and required to work in accordance with their contracts and/or data agreements and are required to liaise with agreed third parties such as Architects, Employers Agents, Structural Engineers, and specialist bodies where there is a specific legal requirement.
NCL takes reasonable steps to ensure that Service Providers, Clients and associated third-parties adhere to the requirements of data protection laws and recognise that we are bound by obligations to protect the privacy of your personal information.
When necessary to comply with the law, to protect you, ourselves and others, we will respond to requests from public and government authorities to use and share your data with other organisations.
We may use your data for the provision of background checking, referencing and screening purposes.
In addition, we limit access to your personal information to those employees who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We do not share your data outside of the ways specified in this privacy notice.
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes
YOUR RIGHTS IN CONNECTION WITH PERSONAL DATA
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”).
- Request correction of the personal information that we hold about you.
- Request erasure of your personal information.
- Object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
There may be circumstances where the Company will still need to process your data for legal or official reasons. We will inform you if this is the case. Where this is the case, we will restrict the data to only what is necessary for the purpose of meeting those specific reasons.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us on the details under “CONTACT”
We may need to request specific information from you in order to action a subject access request. This will only be the case where we are unable to reasonably identify you from existing data and will be limited to identity confirmation only.
We may refuse to comply with a subject access where its meets the definition under the GDPR.
We will respond to you within 30 days of receipt of your request.
Questions, comments and requests regarding this privacy notice should be addressed in writing to:
email@example.com or by post to Toms Hairdressers, 74 Hemswell Avenue, Lincoln, LN6 0AZ
If you’re not satisfied with our response to any complaint or believe our processing of information does not comply with data protection law, you can make a complaint to the Information Commissioners office (ICO) using the following details:
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, Sk9 5AF
Telephone: 0303 123 1113
CHANGES TO THIS PRIVACY NOTICE