GDPR Compliance

Last updated: July 16, 2025

At salon_and_spa, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.

1. Our Commitment

salon_and_spa is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of, and appreciation for the new Regulation.

2. Data Collection & Processing

We collect and process personal data only where we have legal bases for doing so under applicable GDPR. We have implemented appropriate technical and organizational measures to ensure compliance with the requirements of the GDPR. This includes:

  • Data Protection Impact Assessments (DPIA) for high-risk processing
  • Maintaining records of processing activities
  • Implementing data protection by design and by default
  • Ensuring appropriate security measures are in place

3. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

  • Right to be informed - about how we process your personal data
  • Right of access - to the personal data we hold about you
  • Right to rectification - of inaccurate personal data
  • Right to erasure - also known as the 'right to be forgotten'
  • Right to restrict processing - in certain circumstances
  • Right to data portability - allowing you to obtain and reuse your data
  • Right to object - to processing in certain circumstances
  • Rights related to automated decision making and profiling

4. Data Security

We take the security of all personal data under our control seriously. We implement and maintain appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure.

5. Data Breach Notification

In the event of a data breach, we have procedures in place to detect, report, and investigate it. Where legally required, we will report certain types of personal data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.

6. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect the data in accordance with GDPR requirements.

7. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws. You can contact our DPO at: info@faxt.com

8. Contact Us

If you have any questions about this GDPR Compliance statement or our data protection practices, please contact us at privacy@faxt.com.