Privacy & Cookies Policy


Under GDPR, we have a legal duty to protect any personal information we collect from you. We use leading technologies and encryption software to safeguard your data, and keep strict security standards to prevent any unauthorised access to it.

We do not pass on your details to any third party.

Your rights

Under GDPR, you have rights as an individual which you can exercise in relation to the information we hold about you. These are;

  • a right of access to a copy of the information comprised in their personal data;
  • a right to object to processing that is likely to cause or is causing damage or distress;
  • a right to prevent processing for direct marketing;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to claim compensation for damages caused by a breach of the Act.

You can read more about these rights here.

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience.

In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others.

The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers

The Jeniosa Promise to all of its clients

We only hold your name and contact details for bookings and appointment purposes as well as any special service requirements and product sales history.

If at any time you wish to be removed from our Booking Software, you simply need to email us at – Or put in writing your request and duly deliver it to our Salon in Rhos On Sea. We will then endeavor to remove your details from our system.

The data we hold for all of our customers, relates to the goods and services we have provided them, as well as the aforementioned contact details

We respect your privacy and your choices.

We make sure that privacy and security are embedded in everything we do.

We will never sell your personal data.

We are committed to keeping your personal data safe and secure. This includes only working with trusted partners.

We are committed to being open and transparent about how we use your personal data.

We will not use your personal data in ways that we have not told you about.

We respect your rights, and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

All of our data is held on a third party server with a very secure system installed.

No data is held on our computer system at all, as it is all web based with a world leader in booking operations.

If at any time any breach should occur, we will act immediately and identify any possible risk.

To date we have maintained a Zero Compromise record, and our providers work tirelessly to ensure we are as safe as can be.

Google Analytical Tracking

We use Google Verified tracking codes on this website, to track demographic, regional and general usage data. This data is only used with the Google Console and ensures our webmasters are able to ensure that the website is functioning correctly. In addition we also use the data for internal marketing purposes.

We have added some of the Cookie / Tracking data details below:

gtag.js and analytics.js set the following cookies:

Cookie Name Expiration Time Description
_ga 2 years Used to distinguish users.
_gid 24 hours Used to distinguish users.
_gat 1 minute Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.
AMP_TOKEN 30 seconds to 1 year Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_<property-id> 90 days Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more.

People who contact us via social media

We use the following providers: Facebook & Instagram to manage our social media interactions.

If you send us a private or direct message via social media the message will be stored by the respected social platforms, who also should adhere to the GDPR

The Booking Sofware organisation uses Sub Processors – Please see below.

List of Timely’s Sub-processors (GDPR)

To support delivery of our Services, Timely Limited (“Timely”) may engage and use data processors (“Subprocessors”) with access to certain personal information. This page provides important information about the identity, location and role of each Subprocessor we use.

Terms used on this page, but not explicitly defined, have the meaning outlined in our Terms of Service or the Data Processing Agreement established with you, the customer. 

The information shared here is for educational purposes to demonstrate how Timely engages with third-party systems, specifically which providers we use as part of delivering the Timely service to you. It should not be interpreted as offering any additional rights or binding agreements.

What is a Subprocessor?

A subprocessor is an external service or provider that is enlisted by Timely to deliver our service to you. As part of that service delivery, we may be required to share personal information we have collected about you with these providers.

How do we protect your information?

We take the privacy and security of your personal data very seriously and have strict processes in place to ensure this information is shared securely and only when necessary.

Personal information: We employ Secure Socket Layer (SSL) technology on the collection, storage and processing of all data. All accounts are accessed via secure login with one-way hashing of all passwords. We do not access or share any data unless required to by law or with your permission to help resolve system problems.

Payments: All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and are required to keep the information confidential. We do not store this information ourselves, instead keeping this with our payment providers who have the highest level of PCI compliance (Find out more about our provider’s compliance).

Timely also requires that any third-party services or subprocessors, that we use as part of delivering this service to you, meet the requirements and obligations under GDPR, as well as those requirements of the local authority (NZ).

We have established Data Processing Agreements (DPA’s) with all of our providers, to ensure your personal information is collected, stored and processed in a legal/lawful manner.

Third parties (Subprocessors)

We’ve broken the list of processors into relevant sections, to give you greater understanding over how these services have access to your information.

Infrastructure Subprocessors – Service Data Storage

Timely uses the following organisations to store/host/collect Personal Information, or provide other infrastructure that helps with delivery of the Timely Service. These are secure environments that are controlled by the Timely team and are protected by Data Processing Agreements:

Entity Name Purpose Entity Country
Amazon Web Services, Inc. Cloud Service Provider United States
Microsoft Corporation (Microsoft Azure) Cloud Service Provider United States
Google Inc. Cloud Service Provider United States

Service Specific Subprocessors

Timely works with other third-parties to provide specific functions or features within the Timely Service. These providers will have access to relevant personal information (both in an identifiable and anonymous manner) in order to provide their relevant functions. The use of information is limited to the specific purposes we’ve detailed below:

Entity Name Purpose Entity Country
Twilio, Inc. Cloud-based SMS Notification Services United States
Nexmo, Inc. Cloud-based SMS Notification Services United Kingdom
SendGrid, Inc Cloud-based Email Notification Services United States
Mailgun Technologies, Inc Cloud-based Email Notification Services United States
HelpScout, Inc Cloud-based Customer Support Services United States
Intercom, Inc Cloud-based Customer Support Services Ireland, Inc Cloud-based Customer Support Services United States
Slack Technologies, Inc Cloud-based Communication Services United States
Chargify, LLC Cloud-based Billing Services Various
Campaign Monitor Cloud-based Email Delivery Services United States
Ask Nicely Cloud-based Survey Services New Zealand
TYPEFORM S.L Cloud-based Survey Services Spain

Add on integrations

The following subprocessors are third-parties that we offer optional integrations with. Relevant customer data and personal information will be shared with these services as part of delivering the wider Timely Service. These third-parties are engaged directly by you, the account holder, you can enable or disable these features in your account at any time.

Entity Name Purpose Entity Country
Xero Limited Cloud-based Accounting Services New Zealand
MYOB Group Limited Cloud-based Accounting Services New Zealand, Australia
Intuit, Inc (QuickBooks) Cloud-based Accounting Services Various (New Zealand, Australia, United Kingdom, United States)
Google Inc (Google Calendar, Google Contacts) Cloud-based Services United States
Vend Limited Cloud-based POS Services New Zealand, Australia, United Kingdom
Spreedly, Inc Cloud-based Payment Services United States
PayPal, Inc; PayPal (Europe) Ltd Cloud-based Payment Services United States, United Kingdom
Stripe, Inc; Stripe Payments Europe, Ltd; Stripe Payments Australia Pty. Ltd Cloud-based Payment Services United States; Ireland; Australia LLC Cloud-based Payment Services United States

Content Delivery Channels

Timely also uses certain providers to assist and support operations under the Timely Services (as described in the Data Processing Agreement).These providers do not have direct access to data that you have shared with us, but we may collect personal information you have shared with us via these services, as part of delivering the wider Timely Service.

For example: If you contact us for support via our Facebook, Twitter or Instagram page, we will pass on your contact details and questions to other services that we use to provide support (see Service Specific Subprocessors above.

Entity Name Purpose Entity Country(ies)
Automattic (WordPress) Cloud-based CMS Services United States
Facebook Cloud-based Social Network United States (Virginia and California)
Instagram Cloud-based Social Network United States (Virginia and California)
Twitter Cloud-based Social Network United States

Changes and updates

As our business grows and evolves, the third-parties and subprocessors that we engage with may also change over time. We will provide the account owner with notice of any changes by sending a notification to the registered account holder’s email address, along with posting any changes here. Please check back here to stay in the loop.