NRG'S PRIVACY POLICY

Privacy Policy of NRG Hair & Skin

 

1. Confidential Information

At NRG Hair & Skin, we take the confidentiality of client information seriously. Confidential information, including client lists, trade secrets, pricing structures, and any documents created in the course of employment, remain the sole property of NRG Hair & Skin. Employees shall not, during or after their employment, disclose or use this confidential information for personal or external benefit without prior consent from the salon owner.

 

2. Privacy Statement

NRG Hair & Skin is committed to keeping all client and staff information secure and confidential. We do not share client information with third parties (bar Stripe, our secure payment system) and will only use the information provided for the purpose of delivering high-quality salon services.

 

3. Client Record Keeping

All client records are securely stored on our password-protected computer system. Client information will be used solely to provide personalized and professional salon services. Staff members are strictly prohibited from sharing any client’s or staff member’s personal details, such as phone numbers, addresses, appointment times, work schedules, or finishing times, without explicit consent. If a third party requests information about another client or staff member, staff should offer to take the requester’s contact details and pass them on to the individual concerned for them to initiate contact if they choose.

 

4. Collection and Storage of Credit Card Details

NRG Hair & Skin does not store full credit card details. When clients choose to store their card information, it is processed securely through Stripe, our third-party payment provider. Stripe generates unique tokens that allow us to process payments without storing sensitive card details. Only the last four digits and expiry date of stored cards are visible within our system. All card data is securely stored in Stripe’s vault and is inaccessible to anyone at NRG Hair & Skin. If a data breach were to occur, the stored tokens are meaningless outside of Stripe’s secure system and cannot be used elsewhere.

 

5. Secure Handling of Payment Information

Staff are strictly prohibited from writing down credit card details on paper or other unsecured media. When entering credit card details into Timely (Stripe), staff must be in clear view of security cameras. If a client requests card details to be deleted, staff must process the deletion immediately. Staff must use only salon-provided iPads or computers for processing card transactions; personal devices are not permitted for this purpose. 

​

6. Compliance with PCI DSS Standards

By utilizing Stripe’s payment processing system, NRG Hair & Skin ensures compliance with PCI DSS (Payment Card Industry Data Security Standard) regulations. Stripe is a certified PCI Service Provider Level 1, the highest level of compliance, and manages card security on behalf of our business. This minimizes the risk of exposure and reduces compliance responsibilities for NRG Hair & Skin.

 

7. Policy Enforcement

Failure to comply with this privacy policy may result in disciplinary action, up to and including termination of employment, and legal action where necessary.

 

For any privacy-related inquiries, please contact NRG Hair & Skin management.