DATA PROTECTION policy

Policy brief & purpose

Our Data Protection Policy refers to our commitment to treat information of employees, subcontractors, customers, stakeholders and all those with whom we work with the utmost care and confidentiality. With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. 

 

Our Data Protection Policy has been designed to ensure that:

  1. We only collect the necessary data from all parties including customers, potential customers, and all those with whom we work to ensure the highest quality of treatment and to fulfil our legal obligations.

  2. Anyone from whom we collect personal data understands the purpose of the data we collect and the limits for which it can be used and gives informed consent to this purpose.

  3. Anyone from whom we collect personal data understands that, at any point in the future, they can request that we destroy any data we have collected from them and that we will do so, unless to do so would contravene our legal obligations.

 

Scope

This policy refers to all parties (employees, job candidates, self-employed sole traders, customers, suppliers etc.) who provide any amount of information to us.

 

Who is covered under the Data Protection Policy?

Employees of our company and its subsidiaries must follow this policy as part of the terms of their employment. Contractors, self-employed Hair, Beauty and Wellness professionals, consultants, partners and any other external entity must also agree to follow this policy as part of the terms of their contractual relationship with Wonderland Hair & Beauty By Alice (WHABBA) when they are providing their services via WHABBA and when they come into contact with and/or store any data they receive via their work with WHABBA.  Unless otherwise stated, our policy refers to anyone we collaborate with or who acts on our behalf and may need occasional access to data.

 

Policy elements

As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, phone numbers, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc. Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.

 

Our data will be:

  • Accurate and kept up-to-date

  • Collected fairly and for lawful purposes only

  • Processed by the company within its legal and moral boundaries

  • Protected against any unauthorised or illegal access by internal or external parties.

 

Our data will not be:

  • Communicated informally

  • Stored for more than a specified amount of time

  • Transferred to organisations, states or countries that do not have adequate data protection policies

  • Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities) In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs.

 

Specifically we must:

  • Let people know which of their data is collected.

  • Inform people about how we’ll process their data. Inform people about who has access to their information. Have provisions in cases of lost, corrupted or compromised data.

  • Allow people to request that we modify, erase, reduce or correct data contained in our databases.

 

Actions

To exercise data protection, we’re committed to:

  • Restrict and monitor access to sensitive data

  • Develop transparent data collection procedures

  • Develop and undertake periodic risk assessment of our Data Protection procedures with advice from specialist consultant/s

  • Undertake staff training in the latest data protection requirements, how they discuss informed consent with customers when collecting data and in how to reduce our risk of a data breach.

  • Advise employees, sub-contractors and self-employed partners in online privacy and security measures

  • Build secure networks to protect online data from cyberattacks

  • Ensure all remote hosting of data is with companies that confirm their services are compliant with the data protection laws of the jurisdictions in which we trade

  • Ensure our terms and conditions make clear to customers the purpose of the data collected and what it can be used for to enable informed consent

  • Establish clear procedures for reporting privacy breaches or data misuse Include contract clauses or communicate statements on how we handle data

  • Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.) Our data protection provisions will appear on our website.

 

Disciplinary Consequences

All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.

 

Frequently Asked Questions (FAQ’s)

What is a privacy policy?

A privacy policy is a statement that discloses some or all of the ways a website collects, uses, discloses, and manages the data of its visitors and customers. It fulfils a legal requirement to protect a visitor or client's privacy. Countries have their own laws with different requirements per jurisdiction regarding the use of privacy policies. Make sure you are following the legislation relevant to your activities and location. 

 

What type of information do you collect?
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

 

How do you collect information?
When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.

 

Why do you collect such personal information?
We collect such Non-personal and Personal Information for the following purposes:

  1. To provide and operate the Services;

  2. To provide our Users with ongoing customer assistance and technical support;

  3. To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;

  4. To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services; 

  5. To comply with any applicable laws and regulations.

 

How do you store, use, share and disclose your site visitors' personal information?
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

 

How do you communicate with your site visitors?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.

 

How can your site visitors withdraw their consent?
If you don’t want us to process your data anymore, please contact us at wonderlandhairbyalice@outlook.com or send us mail to: Wonderland Hair & beauty By Alice, 1, Police Houses, Gateshead Road, Streetgate, Sunniside, Newcastle upon Tyne, NE165LG.

 

Privacy policy updates
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

 

Questions and your contact information
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at wonderlandhairbyalice@outlook.com or send us mail to: Wonderland Hair & beauty By Alice, 1, Police Houses, Gateshead Road, Streetgate, Sunniside, Newcastle upon Tyne, NE165LG.