1. Phorest Platform Privacy Notice for Salons & Staff
1.1 nDevor Systems Ltd T/A Phorest, with its registered office at 9 Anglesea Row, Dublin 7, D07 W5NE, Ireland (we/us or Phorest) provides business management software to salons and their employees and contractors to take payments, manage online bookings, SMS notification delivery and other services (the Phorest Services). Phorest also operates the website www.phorest.com (the Website) and mobile application PhorestGo (PhorestGo or the App, and together with the Website, the Platform) which are accessed by users to avail of Phorest’s Services.
1.2 Phorest acts as Controller of your personal data from which you can be directly or indirectly personally identified (Personal Data) when you use the Phorest Services.
1.3 This Privacy Notice applies to the personal data of the following categories of users of Phorest Services (Users, or you):
(i) customer businesses such as salons who are natural persons or sole proprietors (Salons);
(ii) employees or contractors of customer businesses who use the Phorest Platform and Services (Staff) as indicated specifically throughout this Privacy Notice.
Please note that this Privacy Notice does not apply to (i) the information of business users which are limited companies, as this information is not considered personal data, or (ii) personal data collected by third parties through use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties independently of Phorest).
1.4 Phorest also provides functionality which allows clients of Salons or Staff to book appointments. If you are a client of a Salon or Staff which uses the Phorest Services in this manner, the Privacy Notice at Phorest Privacy Notice | Phorest applies to you.
1.5 The Phorest Services also are governed by the following terms:
1.5.1 for Salons – Phorest Salon Software Terms and Conditions Ireland (including any service-specific terms that apply to additional Phorest Services offered from time to time) (the Phorest Platform T&Cs)) and the PhorestPay Terms and Conditions
1.5.2 for Employees who avail of PhorestTips and for Salons who enable the PhorestTips service for their employees [PhorestTips Employee Terms & Conditions]
2. What Personal Data does Phorest Collect, and how is it collected?
2.1 Phorest collects the following Personal Data from Users:
| Category of Personal Data | Personal Data We Collect |
| Salons | |
| Demographic and Contact Data | First and last name, email address, phone number, postal address |
| Account data | Customer ID, transaction data, login details |
| Financial information and purchase history data | such as account number, sort code and tax and banking details (to facilitate the creation of direct debits and payment of your Phorest invoice). |
| Technical data | IP address; browser type and operating system; geolocation; any other unique numbers assigned to a device. |
| Other Identifying Information that You Voluntarily Choose to Provide | While using Phorest Services, you may submit or upload certain content, communications, data, attachments or files to our Services for hosting and processing by us at your discretion. |
| Online presence | URL of salon’s website and/or social media account |
| Staff | |
| Demographic and Contact Data | First and last name, email address, phone number, (as provided by salon owner) |
| PhorestTips account data | Account ID, transaction data, email address |
| Financial information and purchase history data | VAT/tax number (where applicable) for self-employed staff |
| Technical data | IP address; app and/or browser type and operating system; geolocation; any other unique numbers assigned to a device. |
| Other Identifying Information that You Voluntarily Choose to Provide | While using Phorest Services, you may submit or upload certain content, communications, data, attachments or files to our Services for hosting and processing by us at your discretion. |
2.2 We collect Personal Data about you when you provide such information directly to us. This may occur:
2.2.1 when you become a customer or Phorest and use our Services;
2.2.2 when you voluntarily provide information in free-form text boxes through Platform or through responses to surveys or questionnaires;
2.3.3 when you send us an email or otherwise contact us.
2.3 When you use the Platform and/or Services some information is collected automatically, for example:
2.3.1 through Cookies (defined in our Cookie Notice which is available on the Website and App);
2.3.2 if you download one of our mobile applications or use a location-enabled browser, we may receive information about your location and mobile device, as applicable;
2.3.3 if you download and install certain applications and software that we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the Platform and the Services
3. How Phorest uses your Personal Data – Legal Basis
3.1 Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it but we will only process your Personal Data if we have a lawful basis for doing so. In such circumstances, the table below details how Phorest will use your Personal Data for our commercial or business purposes (Purposes) and the context for which we use your Personal Data (Legal Basis):
| Where required for performance of a contract with you | |
| Legal Basis | Processing of user personal data in order to provide the Phorest Services pursuant to the Phorest Platform T&Cs |
| Purpose | We process your Personal Data for our customers as a matter of “contractual necessity”, meaning that we need to process the data to provide you with the Phorest Services that you request to receive. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Phorest Services that require such data.Specifically, these may include the following processing activities: providing support and assistance for the Website and/or Services and processing transactions and orders;setting up your online account and sending you administrative or account related information;managing your account to provide support and other related services;responding to correspondence that we receive from you, contacting you when necessary or requested; |
Where use is for a legitimate purpose of Phorest | |
| Legal Basis | Processing personal data to pursue Phorest’s legitimate interest in operating and improving the Phorest Services. |
| Purpose | Providing, Customising and Improving the Platform and/or Phorest Services: improving the Platform and/or Phorest Services, including testing, research, internal analytics and product development;personalising the Platform and/or Phorest Services content and communications based on your preferences;obtaining your feedback or user experience;fraud protection, security and debugging;audits, marketing, record keeping, business planning and management;business transactions such as a merger, restructuring or sale;carrying out other business purposes stated from time to time when collecting your Personal Data, such as promotions or competitions; sending emails and other communications according to your preferences or displaying content that we think will be of interest to you.complying with reporting obligations to Salons |
| For compliance with Phorest’s legal obligations | |
| Legal Basis | We may obtain, collect and process Personal Data when it is necessary in order to comply with legal obligations imposed under applicable EU Member State, European Union law or UK law |
| Purpose | We obtain, collect and process your Personal Data to:fulfil legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities;protecting the rights, property or safety of you, Phorest or another party;enforcing any agreements with you; andresolving disputes. |
User consent to processing Personal Data for a particular purpose | |
| Legal Basis | Where you have provided your consent to us using the Personal Data for a particular purpose – Please note that you have the right at any time to withdraw consent to the future use of that Personal Data for some or all of those purposes by contacting us. |
| Purpose | Research and surveys: research and reporting purposes to help us better serve individuals by learning more about their needs and the quality of the Phorest Services.Interest-based advertising: using tools offered by third parties, such as Facebook, that enable such third party to collect or receive information about actions users take over time on our Services. Interest-based advertising tries to make the ads you see more interesting and relevant to you based on information collected by advertising partners over time and across websites and other online services. |
Where required by applicable data privacy laws, we will only use your Personal Data for the purposes for which we collect it (as outlined above), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for any other reasonable purposes in connection with our engagement with you, the Purpose and Legal Basis for any further processing will be notified in advance from time to time.
4. Who does Phorest share your Personal Data with?
We share personal information with the following parties. We always have contracts in place with these entities, obligating them to protect your data.
4.1 Affiliates and companies within the Phorest group: Phorest discloses your Personal Data internally where such disclosure is necessary to provide you with the Phorest Services, the Platform or to manage the business. Personal Data that we collect may be transferred to a different entity, and our legal or other advisors, if we undergo, or evaluate, a merger, acquisition, bankruptcy or other transaction (or proposed transaction) in which that entity assumes control of our business or assets of our business (in whole or in part).
4.2 Salons: where an Employee avails of PhorestTips, certain PhorestTips Account data will be shared with the Employee’s employing Salon as part of Phorest’s reporting procedures in which case the Salon is a separate controller,
4.3 Service Providers: Phorest uses a range of service providers with whom personal data is shared personal, including:
- payments services providers;
- infrastructure service providers;
- data storage and analytics providers; and
- technology services and support (including customer relationship management, email and web hosting providers, marketing and advertising technology providers, and email communications providers).
You acknowledge that, in certain cases, service providers acting as data processors instructed by Phorest will also allow you to use their services directly and independently of Phorest, in which case the privacy notices of those third parties will apply to your use of those services.
4.4 Public/regulatory authorities: We may share any Personal Data where this is required by law or regulation, or court or administrative order having force of law, or where required by regulators. Such transfers are made in order to comply with legal obligations including:
- if Phorest is required to do so by law, court order or legal process;
- in response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
- to enforce Phorest policies or contracts;
- to collect amounts owed to Phorest; or
- when Phorest believes disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity.
5. Transfers of Personal Data
5.1 Phorest software is hosted on Amazon Web Services cloud infrastructure within the European Economic Area (EEA). Your Personal Data is encrypted in transit and at rest.
5.2 Personal Data may be transferred outside the EEA where Phorest engages service providers with locations outside of the EEA, in connection with the purposes described above (see the How Phorest uses your Personal Data section above).
5.3 Some of the countries will be ones which the European Commission has approved and will have data privacy laws which are the same as or broadly equivalent to those in the European Union. However, some transfers may be to countries which do not have equivalent protections, and, in that case, Phorest will rely upon an appropriate legal mechanism such as Standard Contractual Clauses approved by the European Commission, in accordance with such applicable data privacy laws.
6. Data Retention and Storage
6.1 Phorest only retains the Personal Data it receives as described in this Privacy Notice for (a) as long as necessary to provide you with the Service and the App as Phorest’s client; or (b) as long as necessary to fulfil the purpose(s) for which it was collected, including for the purposes of providing Phorest products and services, to resolve disputes, to establish legal defences, to conduct audits, to pursue legitimate business purposes, to enforce Phorest’s agreements and to comply with applicable laws.
6.2 In some circumstances, Phorest may store your Personal Data for longer periods of time, for instance where Phorest is required to do so in accordance with legal, regulatory, tax and accounting requirements. Phorest is required under tax laws to retain your Personal Data for a minimum period of seven (7) years. Any Personal Data related to health and safety records will be retained for ten (10) years.
6.3 Phorest will continue to process your Personal Data where processing is (a) necessary for the establishment, exercise or defence of legal claims; or (b) justified by a legal basis, obligation or legitimate interest.
7. Your Rights as Data Subject
7.1 You can modify or withdraw your consent at any time if you have provided consent to Phorest to process your data. You can, for example, use the unsubscribe option provided or at any time you can contact the Phorest Data Protection Officer to exercise this right.
7.2 You also have the right (subject to applicable data protection laws and regulations) as a Data Subject to:
- Access: You may at any time request a copy of your Personal Data from Phorest. This right can be exercised by writing to us at gdprdpo@phorest.com.
- Rectification, Erasure & Restriction: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you have the right to correct any inaccuracies, and in certain circumstances, to request erasure, or restriction on the use, of your Personal Data, and to object to certain uses of your Personal Data, in each case subject to the restrictions set out in applicable data privacy laws. Further information on these rights, and the circumstances in which they may arise in connection with Phorest’s processing of Personal Data can be obtained by writing to us at gdprdpo@phorest.com.
- Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another data controller where technically feasible
- Objection: Where Phorest is relying on a legitimate interest, in order to use and disclose Personal Data, you may to object to such use or disclosure of your Personal Data, and we will cease to use and process the Personal Data for that purpose, unless we can show there are compelling legitimate reasons for processing to continue or we need to use the Personal Data for the purposes of legal claims.
- Right to File Complaint: You have the right to lodge a complaint about Phorest’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here:
https://edpb.europa.eu/about-edpb/board/members_en.
Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardises the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
7.3 Phorest does not collect the Personal Data of children under the age of sixteen (16) (Minors) without parental or guardian consent. If you believe that Phorest is storing or processing any Personal Data of a Minor, please contact Phorest. If Phorest cannot upon receipt of this contact immediately obtain parental or guardian consent, Phorest will remove the Personal Data of the Minor from storage.
7.4 You can exercise those rights described in this clause 6 and can contact Garret Ahern (the Data Protection Officer) using gdprdpo@phorest.com or writing to the Data Protection Officer, Phorest, 9 Anglesea Row, Dublin 7, Ireland. Any information requests or enquiries made on behalf of a third party must be communicated solely in writing on headed paper. You can direct GDPR and data protection requests and enquiries to the Data Protection Officer.
7.5 Should you wish to make a complaint or raise a grievance about how your Personal Data was (a) gathered; (b) processed by Phorest; or (c) processed by third parties or how a complaint was handled, you have the right to lodge a complaint directly with (i) Data Protection Commissioner, 21 Fitzwilliam Square South, Dublin D02 RD28, Ireland +353 (0) 1 765 0100 ; (ii) Data Protection Commissioner, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF +44 (0) 303 123 1113; (iii) Phorest; or (iv) the Data Protection Officer (together (i) and (ii) the Supervisory Authorities).
7.6 Phorest would appreciate an opportunity to assist you with your query before a complaint is raised with the Supervisory Authorities.
8. Safeguarding
Phorest takes appropriate measures to protect your Personal Data from access from unauthorised persons or inappropriate access, internal or external. Your connection to the Phorest system uses a HTTP Secure communication protocol and TLS security. This means all information transferred to the Phorest system is encrypted during data input and transfer to the cloud.
9. Updates
We may update this Privacy Notice from time to time in order to reflect, for example, changes to the way we process data or for other operational, legal or regulatory reasons. We may notify you by email of any significant changes to this Privacy Notice, however we recommend that you re-visit this Privacy Notice regularly.
