We understand that your privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you.
This policy applies if you interact with us through our website/store, over the phone, online, via email, through our mobile applications or otherwise by using any of our websites or interacting with us on social media.
If you don’t want to read all the detail, here are the things we think you’d really want to know:
- The H-Design Group currently includes H-Design Olari, H-Design Vuosaari
- Your personal information is, where appropriate, shared within the H-Design Group.
- We do use a number of third parties to process your personal information on our behalf and some of them are based outside of the European Economic Area.
- You have a number of rights over your personal information. How you can exercise these rights is set out in this notice.
- We do send direct marketing, if we’re allowed to. And we do this to encourage you to buy our products and services by sending you offers and ideas that we feel will be of benefit to you. If you want us to stop then here’s how.
- We also use your information to display more relevant online advertising and marketing relating to our products and services on websites across the H-Design Group, on other websites and online media channels.
- Our websites and apps are not intended for children and we do not knowingly collect children’s data.
Who are we?
When we say ‘we’ or ‘us’ in this policy, we are referring to the companies that make up the H-Design Group.
The companies that currently make up the H-Design Group are:
- H-Design Hair Saloon -Olari (Piispanpiha 7, 02200 Espoo, Finland +358 453467722)
- H-Design Columbus -Vuosaari (Vuotie 45, 00980 Helsinki, Finland +358 451687400)
What sorts of personal information do we hold?
- Information that you provide to us such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, and so on);
- Information required to make decisions about your applications for products and services we offer;
- Your account login details for our websites and apps, including your user name and chosen password;
- Information about whether or not you want to receive marketing communications from us;
- Information about any device you have used to access our services (such as your device’s make and model, browser or IP address) and also how you use our services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, and how you interact with them. For example whether the communication has been opened, if you have clicked on any links within that communication and the device you used. We do this because we want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our Services;
- Information from other sources such as specialist companies that provide customer information. For example, credit reference agencies such as Experian, the Mail, fraud prevention agencies, claims databases, marketing and research companies, social media providers, pay TV providers and the DVLA, as well as information that is publicly available; and
- Information captured by our CCTV, if you visit any of our premises.
Our legal basis for processing your personal information
Whenever we process your personal information, we have to have something called a “legal basis” for what we do. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose (s);
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
- Legal obligation: We are required to process your personal information by law.
How do we use your personal information?
We may use your information in the following ways:
- To provide our products and services – we need to use your personal information to make our products and services available to you. If you then decide to order any of our products or services, or enter one of our competitions then we’re delighted, thank you. After that, we need to provide them to you, process your payment and sometimes award you points. We need to use your details to do all this.
- To improve your service/shopping experience – we try to understand our customers so we can provide you with a great service/shopping experience, personalized offers, ideas and online advertising. Understanding how you use our services, how you interact with the H-Design Group, where and when you shop, the products and services you buy and how you use and browse our websites helps us to do this.
- For safety and security – we use your personal information to help provide safe and secure environments for our customers to shop in, our colleagues to work in and for our businesses to be conducted. To enable this we use CCTV, monitor online behavior and carry out checks to help us ensure that our customers are genuine to prevent fraud and to help customers use our services appropriately.
- Analytics and profiling – we use your personal information for statistical analysis and to help us understand more about our customers. That includes understanding the products and services you use H-Design Group and by creating profiles about you. This helps us to serve you better and to find ways to improve our services/stores/apps and websites. These profiles help us to send you offers that are more relevant to you.
- Contacting you – we use your personal information to contact you. This may be in relation to a service update, an issue you have raised with us, to conduct market research or to ask for your feedback.
- Marketing and advertising – we use your personal information to provide relevant marketing communications (including by email, phone, SMS, post or online advertising), relating to our products and services. As part of this, online advertising may be displayed on websites across the H-Design Group and on other organizations’ websites and online media channels. We may also use information about how you shop with us to measure the effectiveness of these campaigns.
Cookies and similar technologies
We use CCTV across all salons of H-Design for the protection of our colleagues, customers and business. This includes investigating accidents, incidents, criminal activities and breaches of our policies.
Occasionally we may share CCTV with public or regulatory authorities or in response to requests from individuals seeking to protect their rights, the rights of others or helping to prevent crime and nuisance. We will only share CCTV if we consider a request to be appropriate.
Who might we share your personal information with?
The H-Design Group – we will share your personal information in certain circumstances with the other companies within the H-Design Group so that we can provide you with a high quality, personalized and tailored service (including relevant marketing) across our Group.
Our service providers – we work with different companies so that they can help us provide the products and services you require from us or we think you might be interested in. These third parties include:
- Advertising companies, who help us place H-Design Group adverts online and on other media;
- Social media providers – such as Facebook, Instagram and Twitter;
- Market research partners, who help us analyze customer behavior;
- Companies that deploy our email campaigns because they need to know your email address to carry out these services;
- Companies that provide insights and analytics services so we can stock the right products, send the relevant marketing campaigns and understand our business and customers better;
- Scheme providers – such as Visa and MasterCard – if you hold a credit card or travel money card with us, in order to manage your account and for your payments to be processed;
- Our agents, advisers or others involved in running accounts and services for you and your business or collecting what you or your business owe Group companies.
- Third party vendors who help us manage and maintain the our IT infrastructure;
- Logistics/ delivery/content delivery providers who enable us to deliver products/services you order on our websites;
- Where relevant, our professional advisors, such as lawyers and consultants;
- Security and fraud prevention companies to ensure the safety and security of our customers, colleagues and business;
- Companies which run our contact centers because they need your personal information to identify and contact you;
- Companies who administer competitions for us so they run smoothly;
- Companies that enable us to collect your reviews and comments, both online and offline; and
- Companies that help us with our community and social goals.
If you use the services provided by another company to interact with us, such as a virtual assistant or a social media platform, please be aware that your data is also subject to the privacy policies of these companies.
Other organizations and individuals – we may share your personal information in certain scenarios. For example:
- If we’re discussing selling or transferring part or all of a H-Design Group business, we may share information about you to prospective purchasers and their advisers – but only so they can evaluate the relevant business; or
- If we are reorganized or sold to another organization, we may transfer information we hold about you to them so they can continue to provide the Services to you.
- If we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority;
- If we need to do so in order to exercise or protect our legal rights, users, systems and services; or
- In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. We will only share your personal information in response to requests which do not override your privacy interests. For example, we will not share your personal information with individuals who are merely curious about you, but we will share your personal information to e.g. insurers, solicitors, employers etc. which have a legitimate interest in your personal information.
Banking and financial services information
Credit Reference Agencies
Why do we share data with Credit Reference Agencies?
We share your personal information to check the accuracy of the information you provide us, and to help prevent fraud, money laundering and criminal activity.
Sharing your information with Law Enforcement Agencies or public bodies
Law enforcement agencies (e.g. the police) may also ask us for access to information about our customers’ for the prevention and detection of crime. We will only provide personal information to these agencies where:
- you have told us you are happy for us to do so;
- there is a threat to your life or the life of another customer/individual;
- the law enforcement agency or public body has been given authority by a Court to ask for this information.; or
- legislation(s) mandates the sharing of the information
International transfers of personal information
Keeping you informed about our products and services
We would like to tell you about the great offers, ideas, products and services of H-Design from time to time that we think you might be interested in. Where we have consent or it is in our legitimate interests to do so, we may do this through the post, by email, text message, phone, through online advertising or by any other electronic means.
We won’t send you marketing messages if you tell us not to, but if you receive a service from us we will still need to send you occasional service-related messages and may still send you surveys (you can always opt out of these via the survey email itself). If you wish to amend your marketing preferences, you can do so by logging into any of your H-Design accounts.
Please note that it can take a little while for all marketing to stop once you either withdraw your consent or tell us you’d like to opt out of marketing. This is because some marketing may have been identified as relevant to your interests and may already be in transit, it cannot therefore be immediately stopped.
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.
Automated decision making and profiling
We use automated decision making, including profiling, in certain circumstances, such as when it is in our legitimate interests to do so, or where we have a right to do so because it is necessary for us to enter into, and perform, a contract with you. We use profiling to enable us to give you the best service across the H-Design, including specific marketing which we believe you will be interested in.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way.
If you are seeking to exercise this right, please contact us using the details in the “Contact Us” section below.
How long will we keep your personal information for?
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.
If you would like to exercise one of your rights as set out in the “Your rights” or “Automated decision making and profiling” sections above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by one of the following means:
By email: email@example.com
By post: Data Protection Officer at Privacy Team, H-Design Columbus, Vuotie 45, 00980 Helsinki, Finland.
You also have the right to lodge a complaint with the Finland regulator, Office of the Data Protection. Go to https://tietosuoja.fi/etusivu to find out more.