Privacy Policy

NICHOLAS JAMES GDPR STATEMENT OF COMPLIANCE

We are fully committed to compliance with the letter and the spirit of the GDPR and other relevant UK data protection law. Where you entrust Nicholas James with personal information, we take our responsibilities as a data processor and trusted custodian very seriously.

1. ORGANISATIONAL MEASURES

1.1. We are contractually bound to keep personal information confidential. The importance of this is regularly reiterated in our company policy and processes.

1.2. We are taking constant advice and training in respect of ensuring that data subject rights are protected and that any breaches are reported without delay. We will record all breaches, however minor, and near misses and we review this information to help us to continually improve our service.

2. TECHNICAL MEASURES

2.1. By the nature of Nicholas James work with clients, we do collect data. Most of this is collected during the appointment in the salon. Please let us know if you would like these files to be deleted after the appointment has ended, and if you require a copy for your records.

2.2. All systems containing personal information are protected by (at least) strong passwords and protection from brute-force attacks. Users are not permitted to share login credentials and are obliged to change credentials whenever they suspect another person may have learned them.

2.3. Where appropriate and feasible, additional security measures such as multi-factor authentication, activity alerts and audit logs are also employed.

2.4. All transfers of personal information over the Internet use encryption unless you have specifically asked us to use email (which is not inherently secure).

2.5. We do not share your information or files with anyone unless directed by you.

2.6. We are continually reviewing and improving our technical security measures in line with industry best practices and published guidance from the UK Information Commissioners Office (ICO).

3. PROCESS AND POLICY

3.1. We have carried out a data protection audit and maintain records in accordance with Article 30. We have adopted a general statement of policy which sets out our company commitment and the responsibilities that we have.

3.2. We have carried out due diligence on all suppliers, professional advisers and service providers that we share personal information with. We are also in the process of checking that all mandatory provisions for data processors are in place and negotiating new agreements or seeking satisfactory assurances where they are not.

3.3. We have reviewed our existing policies and processes with regard to data protection to ensure they comply with the new requirements and we have updated our privacy notice accordingly. We are also introducing robust processes to deal with data subject requests and breach notifications within the required time frames.

3.4. We use cookies to ensure the basic functionalities of the website and to enhance your online experience. Should you wish to manage your preferences, please click here.

Nicholas James

Nicholas James is a small independent company with a very personal approach to everything that we do. It is our aim to make every client feel like our most important, which everyone is. This is just one of the reasons your data is treated with the strictest of confidence.

Along with skin tests results, colour recipes and grey hair, everything we know about our clients is in the strictest of confidence. That data is precious to us because it is precious to you.

Please let us know if you no longer want us to store your data and we will destroy your files immediately. In the future we may ask for additional validation and identification to fulfil such requests.

We look forward to seeing you soon. NJ