Cabello Hair Design are fully committed to complying with the General Data Protection Regulation (GDPR) enforceable by 25th May 2018. This privacy policy outlines how we use personal information we collect about you when you use this website and our services.

Last Updated: 9th August 2018

Table of Contents

Who we are
What personal data we collect and why we collect it
Who we share your data with
How long we retain your data
What rights you have over your data
Where we send your data
Our contact information
How we protect your data
What data breach procedures we have in place

 

Who we are

Website: https://cabellohairdesign.co.uk/
Company Name: Cabello Hair Design
Address: 12 The Square, Kenilworth, Warwickshire, CV8 1EB
Phone: 01926 851116
Email: [email protected]

 

What personal data we collect and why we collect it

Website Forms

If you complete our Contact Form, the information entered will be emailed to us. You will not be able to complete this form, without giving consent for the submitted data to be collected and stored. We will only use this information to contact you regarding your enquiry.

If you complete our Subscribe Form, the information entered will be stored in our website database. Periodically, we add this information to our mailing list, with double opt-in enabled, which means you will receive an email, asking if you would still like to be subscribed to our mailing list. We will only use this information to contact you about Cabello Hair Design and the services we offer.

If you are currently using our services, we may send information that would be of a legitimate interest.

Analytics

By using our website and accepting our cookies, we will record information that is used to track your activity on our website via Google Analytics. This includes your IP Address and User Agent information.

You can opt out of our Google Analytics tracking, by clicking here and using the “Change your consent” or “Withdraw your consent” options.

You can view Google’s Privacy Policy here.

We use the Google Analytics for WordPress by MonsterInsights plugin to connect our website to Google Analytics and you can view their Privacy Policy here.

Our server uses Plesk software that includes Webalizer and AWStats analytic tools, which also log your IP Address.

Social Media

By using any of the Social Media Share buttons on our website, the AddToAny plugin used may temporarily store an IP address and set a client cookie for security purposes.

Security

Our website uses the Wordfence plugin to protect itself against malicious users and this plugin uses cookie files. You can view their Privacy Policy here.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

 

Who we share your data with

KWD IT

KWD IT manages our website, ensuring it remains secure and continues to function correctly. They can, therefore, access any of the data in our website database. Under no circumstances do we give permission for KWD IT to share any information stored in our website database or use any personal data for their own means.

Plugin Developers

Our website uses third-party plugins to provide additional functionality. If any issues occur with these third-party plugins, the developers need logins to the administration area of our website, so that they can diagnose and fix the problem. Once the issue has been resolved, their access is revoked.

 

How long we retain your data

Website Forms

We aim to delete information collected by our website forms after a 3 month period, but no longer than 12 months. If we begin carrying out work for you based on the information collected by our website forms, we will not delete the information within this period. If a point reaches where we are no longer working with you, we will aim to delete your information after a 12 month period, but no longer than 24 months. You can request that we delete your data sooner, by contacting us here.

Analytics

The logs created on our server by our Plesk software are automatically cleaned up after a 30 day period.

We have configured our Google Analytics account to clean up personal data after a 26 month period.

 

What rights you have over your data

You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Ensuring accuracy of information, you can also request corrections. For large/excessive data requests we may charge a small fee.

 

Where we send your data

We use the BackWPup plugin to take daily backups of our website, which uploads these backups to a secure Dropbox account. Each backup is automatically deleted after 14 days. To find out more about how Dropbox handles our data, whilst keeping within the EU regulations, please click here.

 

Our contact information

If you have any privacy-specific concerns, you can contact Nicola Wheeldon using any of the following methods…
Email: [email protected]
Phone: 01926 851116
Address: 12 The Square, Kenilworth, Warwickshire, CV8 1EB
Alternatively, please use our Contact Form.

 

How we protect your data

The following information lists the steps that we take to help protect your data:

  • Our website is always using the latest version of WordPress and Plugins.
  • We deactivate and remove any plugins no longer used and only have our active theme installed.
  • We use the Wordfence security plugin to help prevent unwanted access to our website and this plugin ensures that strong passwords are compulsory for all accounts that have access to our website.
  • We ensure that we don’t have any more than the required amount of accounts, that can gain access to our website.
  • Each team member has a unique login and we use a plugin, which tracks each users activity.
  • Our website uses an SSL Certificate to encrypt the information sent between your device and our web server.
  • Our server has a Firewall to help keep out unwanted visitors.
  • Our computers are all protected using strong passwords.
  • Any personal information that leaves our office on portable devices, is thoroughly encrypted.

 

What data breach procedures we have in place

If we believe your personal data has been breached, we have the following procedures in place:

  • We will contact the ICO within 24 hours of becoming aware of the breach, with all the relevant information.
  • If the breach has exposed any unencrypted personal data, we will also inform the impacted users.
  • We will consider the needs of any law enforcement investigations before publicly announcing the breach.

If our website has been hacked, we will contact KWD IT, who have a procedure in place (as detailed on their Privacy Policy page).