Last Updated September 2019.
- Services are solely managed by Flossie.com Ltd and subsidiary Powered by Flossie.com Ltd.
- Flossie.com Ltd, registration number 3409935 is the Primary Data Controller, the company that’s responsible for your privacy. Our registered address is 96 St Georges Bay Road, Auckland 1052, New Zealand
- Throughout this Policy, Flossie.com Ltd and Powered by Flossie.com Ltd are referred to as ‘Flossie’ for the purpose of ensuring our responsibilities are clear to you.
What does Flossie do?
Flossie provides software that helps hair and beauty businesses (‘Partners’) retail their appointments and products smarter online. Customers can instant book and choose to pay an appointment upfront. Appointments can be made via the Services and through Powered by Flossie Partner branded websites and apps.
Flossie Services are not intended for or directed at children under the age of 13 years. As such, it is designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13.
What we’ve covered in this Policy
- How we use your personal information
- Security of your personal information
- Processing and retaining your information
- International transfers of your personal information outside the EU
- Oxipay Transactions
- Exercising your rights
- Updates to this policy
- Contact Us
We’ve done our best to make this as clear as possible for you, and not include legal terms, unless absolutely necessary.
HOW WE USE YOUR PERSONAL INFORMATION
- Flossie uses your information for the purpose of completing a hair or beauty appointment.
- This includes sharing your personal information to our Partners in order for them to fulfill their duty in the service which you have booked and expect to be delivered.
- When you create an account and choose to receive marketing communications, Flossie let’s you know about special offers and relevant industry news that Flossie thinks will be of interest to you. You can unsubscribe from this at any given time by clicking the unsubscribe link from the email or turning off your notifications from your Phone settings.
- Flossie uses your information to follow-up after an appointment inviting you to leave a review.
- Flossie uses information like cookies to improve your experience on Services; provide us with analytics information that help us improve our Services generally; and to collect information about hair and beauty categories and services of general interest to you so that you may only see ads and offers that are relevant to what you are interested in.
Personal information Flossie collects from you and why
- What you provide directly to us
In order to make a booking you need to create an account and we collect your First Name, Surname, Email Address, Phone Number, City and Country. You also provide your billing information (credit card number, cardholder name and expiry date) to make an upfront payment at the time of booking the appointment.
We use these details to:
- Enable and process your hair and/or beauty appointment.
- Register an account with us.
- Provide you with a tax receipt and information about your upcoming booking.
- Give you the option to store (via a secure encrypted server) your credit card details for ease to quickly make a future booking (this can only be done with the authorization provided by you at payment).
- Invite you to leave a review of your booking experience and service after your appointment.
- Publish your provided rating and review in the relevant Services.
- Update your VIP status and where relevant add credit to your account.
- Subscribe you to receive marketing communications from us and/or submit enquiries and/or start live chats with us.
- Provide to the Partner should they need to contact you about your upcoming appointment.
- Fraud prevention and detection. To prevent and detect fraud against either you or us and our Partners - unfortunate but very critical.
- Show you only adverts as you browse the web or social media platforms so you can see the latest offers and industry news from our Partners that we know you care about.
From your account, you can at any time change and update your personal information.
You may provide us at your choice any health concerns or pregnancy to disclose to the Partner prior to the booking. We do try to limit the circumstances under which we may collect sensitive personal information.
If you plan to submit someone else’s personal information to us, for instance when making a booking on their behalf, you should only provide us with that third parties details with their consent and after they have been given information about how we will use their personal information outlined in this Policy.
It’s important that all the information you provide us when you create an account is correct and accurate. This covers ensuring that we have the correct name and contact details for you at all times.
We will not collect any personally identifiable information about you e.g. your name or email address, through the Services unless you have provided it to us voluntarily. If you do not want your personal data collected, please do not submit it to us.
- What Flossie collects automatically
When you visit and engage with Flossie Services on the web we collect information such as the device, unique device ID number, browser type, IP address and location, the date and time that you visited, the duration of your visit, referral source and navigation paths of your visit across our Services including pages viewed and links clicked (for example hair category viewed and the time and date when viewed).
When you use Flossie Services on app we also collect information regarding what screens are viewed and links clicked. If you have your location feature turned on we use information to only show localized content that’s relevant to you and you can switch this off at any time from your phone settings.
We may associate this information back to you account profile. Collecting this information enables us to better understand who comes to Flossie Services, where they come from and what is of interest to them. We use this information for internal analytical purposes and to improve the quality and relevance of Flossie Services. We also use this information to protect and prevent online fraud.
See our Cookies Policy further below for more information outlining our intent and purpose.
- What Flossie collects from 3rd parties
Partners: Flossie may lawfully obtain personal information from Partners including updated contact information, like email or phone number that we need to add to our account information we have about you.
Online Chat: Flossie collects information about you when you engage with us in live chat. This is for the purpose to provide you with a better online booking experience (for example resolving any requests for a refund).
- Cookies and related tracking technology
- Other instances when you provide information directly to Flossie
Partners: If you’re an employee of a Partner in which we work with than we may also collect from you employee names, photos and other relevant details that are used for the sole purpose of promoting the business across our relevant Services.
Job applications: You may share personal information as part of a job application submitted via a recruitment agent, third-party recruitment platform or online community group or directly to us through our website, social media platforms or live chat. You may share sensitive personal data with us relating to whether reasonable adjustments ought to be made for you in the application process or subsequently if an employment relationship is established.
SECURITY OF YOUR PERSONAL INFORMATION
The security of your personal information is important to Flossie. We want you to feel confident about using Flossie Services to make bookings and we are committed to protecting the personal information we collect.
Flossie has implemented appropriate technical and organisational measures to protect the personal information that we collect and process about you. For example, we use encryption when transmitting your sensitive personal information between your system and ours and then to the Partner, and we employ firewalls to help prevent unauthorised persons from gaining access to your information. Hardware is locked every evening in secured lockers and all databases are managed with secure logins and passwords. In addition, only authorised employees are permitted to access personal information, and they may only do so for permitted business functions.
No method of transmission over the Web, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information.
The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
If you have any questions about Flossie’s security policies please write to us at email@example.com
PROCESSING AND RETAINING YOUR INFORMATION
Flossie retains your personal information for as long as required to fulfil the activities (for example enabling and processing your hair and/or beauty appointment) we’ve set out in this Policy, otherwise communicated to you or for as long as is permitted by applicable law. Examples include:
- When you correspond with us via live chat across Flossie Services we only retain this data for up to 60 days after the end of the session (we do not record phone conversations).
- If you apply for a role with us Flossie only retains your information for up to one year from the submission date.
INTERNATIONAL TRANSFERS OF YOUR INFORMATION OUTSIDE THE EU
The data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (EEA), including for the purposes of processing that data by selected third parties, in order to facilitate our business. Countries outside the EEA may not have laws which provide the same level of protection to your personal data as laws within the EEA. Where this is the case we will put in place appropriate safeguards to ensure that such transfers comply with applicable data protection laws.
Flossie would like to send you information about Partners specifically their services, products and relevant industry news that we think is of relevance to you. If you have agreed to receiving marketing, you can always opt-out at a later date. We may contact you via email or a push-notification to your mobile phone.
You have the right to stop us from contacting you for marketing purposes by either ‘unsubscribing’ from email or turning off your notifications from your mobile phone settings.
If you do decide to opt-in again to receive marketing communications from us you can write to us at firstname.lastname@example.org
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that this transferred to your computers hard drive.
We use the following cookies:
Strictly necessary cookies: These are cookies that are required for the operation of Flossie web Services. For example, cookies that enable you to log into a secure account, book and pay upfront for an appointment.
Analytical and performance cookies: They allow us to recognise and count the number of visitors and to see how visitors move around Flossie web Services when they are using it. This helps us to improve the way Flossie web Services work, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies: These are used to recognise you when you return to Flossie web Services. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your city and country).
Targeting cookies: These cookies record your visit to Flossie web Services, the pages you have visited and the links you have followed. We will use this information to make Flossie web Services and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Third parties (for example Facebook, Instagram, Twitter) do collect and use data from cookies placed on Flossie Services. We don’t describe their privacy or security policies in this Policy. We recommend that you read their policies and if you prefer to not have your data reported by these parties that you follow their opt-out process. We’ve linked to these further down in this section.
Individual cookies Flossie uses and the purpose for which we use them:
- Google Analytics: collect and aggregate visitor information such as browsing patterns, page visits, shopping behaviour to allow analysis of site performance and usage. All information collected is anonymous.
- If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-Out Browser Add-On here
- Google Adwords: store information about your preferences, and allow us to customise and provide you with offers that are targeted at your individual interests on the Google Platform.
- Facebook: enable single sign-on with Facebook Connect to enable you to book appointments faster, store information about your preferences, and allow us to customise and provide you with relevant offers and news that are targeted to your interests.
- Facebook Analytics: used to personalise and optimise ads shown to you on Facebook and Instagram
- You can opt-out of Facebook Analytics Privacy Settings here
- Facebook Retargeting: used to create custom audiences for ads personalisation on Facebook and Instagram
- You can opt-out of Facebook Retargeting Privacy Settings here
- Intercom: customer service tool for live chat in our Services we collect information on your location, queries and device. This allows us to ensure we respond in a timely manner and provide a better customer experience.
- Amplitude Analytics: customer data aggregator to track and analyse behavior when using Services in order to identify gaps and areas to improve the user experience. This data is completely anonymous.
- Branch.io: deep-linking into specific places in the app Services. This data is completely anonymous.
- Appsflyer: service used to identify the source of app downloads and for relevant, related analytics
- You can opt-out of Appsflyer Privacy Settings here
- Sendgrid: platform for sending triggered operational and marketing emails to nominated addresses
You can find more information about how to manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explains how you can delete cookies which are already stored on your device.
The important thing to remember is that some cookies do track your use of Flossie Services but cannot be used to identify you personally or tell us who you are.
EXERCISING YOUR RIGHTS
You can access and update your personal information at any time from your account in the Flossie web and app Services. You can deactivate your account and request to have your data deleted at any time either by contacting us at email@example.com or via our chat service. After you deactivate your account you will no longer be able to access your personal information.
You can create a new account at any given time.
If you are a resident of the European Economic Area, you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by writing to us at firstname.lastname@example.org
- If you request access to your personal data we will confirm whether we hold your information and provide you with a copy, explaining how we process it and why, how long we store it for and your rights associated with it.
- If you request deletion of your personal information, we will erase it. Please do note that we will need to retain any information that we require to fulfil our legal obligations or to establish, exercise or defend a legal (for example fraudulent) claim.
- You can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by writing to us at email@example.com
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the ‘unsubscribe’ link in the marketing emails we send you.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here
CHANGES TO THIS POLICY & HOW TO CONTACT FLOSSIE
Updates to this Policy will be made when required by legal, technical and business developments. When we update this Policy, we will take appropriate measures to update you consistently with the significance of the changes we make. We will obtain your consent to any material Policy changes if and where required by applicable data protection laws.
You can see when this Policy was last updated by checking the ‘last updated date displayed in the header of this Policy.
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may write to us at firstname.lastname@example.org