Privacy policy

Our website address is https://pawspitstop.co.uk. Paws Pitstop is a dog grooming salon based in St. Peter, Jersey, and is the data controller responsible for the personal data described in this policy. For any question about your data, or to exercise one of your rights, you can reach our data-matters contact on 01534 724378 (a dedicated data protection contact is being confirmed pending legal review).

We process your personal data in line with the Data Protection (Jersey) Law 2018. The independent supervisory authority for data protection in Jersey is the Jersey Office of the Information Commissioner (JOIC). If you have a concern about how we handle your personal data that we have not been able to resolve, you have the right to complain to the JOIC at jerseyoic.org.

We only use your personal data where the law allows us to. The lawful basis depends on what the data is for:

• •Consent — for marketing messages (email and SMS) and for sharing photographs of your dog on social media, in advertising and for education. You can withdraw your consent at any time.
• •Performance of a contract — to take and manage your booking, take payment, keep your dog's grooming records, and run the concierge collection and delivery service.
• •Legitimate interests — to run and secure our service, prevent fraud and abuse, and understand and improve how our service is used, in a way that does not override your rights.
• •Legal obligation — to keep financial records, such as invoices and payment records, for the period the law requires us to retain them.

We collect the following categories of personal data, each under the lawful basis shown:

• •Account and contact details — your name, email, phone number and password (stored only as a secure hash). Basis: contract.
• •Dog profile — your dog's name, breed, behaviour notes and sensitive details (medical notes, vet details and microchip number). These sensitive fields are encrypted at rest. Basis: contract.
• •Appointment and grooming history — your bookings, the services carried out, groom-status history and groomer notes. Basis: contract.
• •Photographs — before/after and in-progress photos of your dog. Basis: contract for your record, and consent for social media, advertising and education.
• •Payment metadata — a reference to your saved card and your payment-provider customer id. We never store card numbers. Basis: contract and legal obligation.
• •Device and push tokens — the push-notification token for your device, so we can send you the updates you have asked for. Basis: contract and consent.
• •Concierge driver location — when you book a concierge collection or delivery, the driver's live location is used to give you an ETA for that journey. Basis: contract.
• •Marketing preferences — whether you have opted in to marketing, and your cookie choices on this website. Basis: consent.

A dog’s medical notes, vet details and microchip number are treated as sensitive operational data and are encrypted at rest using application-managed AES-256-GCM envelope encryption, with the master key held as a managed secret. We collect them only to groom your dog safely and to contact a vet in an emergency.

Under the Data Protection (Jersey) Law 2018 you have the following rights over the personal data we hold about you:

• •Access — to ask for a copy of the personal data we hold about you.
• •Rectification — to have inaccurate data corrected and incomplete data completed. You can edit most of your details directly in the app.
• •Erasure — to ask us to delete your personal data (the right to be forgotten).
• •Restriction — to ask us to limit how we use your data in certain circumstances.
• •Portability — to receive the personal data you have provided in a structured, commonly used, machine-readable format, and to have it sent to another controller where this is technically feasible.
• •Objection — to object to processing we carry out on the basis of our legitimate interests, and to object to direct marketing at any time.

You can also withdraw any consent you have given — for marketing, via the unsubscribe link or your in-app preferences; for cookies, via the cookie banner below. To make a request, contact us on 01534 724378 or use the in-app account controls. We will respond to a request to exercise any of these rights within 30 days and we will not charge you for a routine request. Erasure does not extend to data we are obliged to keep for administrative, legal, financial or security purposes (see our retention schedule below).

We keep personal data only for as long as we need it, or for as long as the law requires. Our retention schedule is:

• •Appointment photos — hard-deleted from our photo storage when the associated dog is deleted, after a short grace period. Invoking your right to erasure also deletes the photos tied to your appointments.
• •Audit logs — security and compliance audit logs are kept for 3 years.
• •Groom-status history — the record of how an appointment progressed is kept for 3 years.
• •Inactive clients — if you have had no appointment for 3 years, we anonymise your personal data; however, financial records (invoices and payment records) are kept for 7 years to meet our legal and tax obligations.

When you save a card with us, your card details never touch our servers — they go directly to our payment partner, Stripe, which is PCI-DSS Level 1 certified. We store only a reference to the card (not the card itself) and your Stripe customer id. You can remove a saved card at any time from your profile in the app.

We use a small number of trusted service providers who process personal data on our behalf and under contract, only for the purposes we set and with appropriate safeguards in place:

• •Stripe — card payments and the secure storage of your card (we never see your card number).
• •Twilio — sending SMS messages, such as appointment reminders.
• •Resend — sending email, such as booking confirmations.
• •Cloudinary — storing the photographs taken during a groom.
• •Google Maps — routing for the concierge collection and delivery service.
• •Anthropic — powering AI-assisted features within the service.
• •Firebase — delivering push notifications to your device.

We use essential cookies only to make booking, sign-in and security work — these cannot be turned off, as the site cannot function without them. With your permission we also use analytics and advertising cookies to improve Paws Pitstop and measure our marketing; these are set only if you consent via the cookie banner, and you can change your choice at any time.

When you sign in we set session cookies to keep you signed in and remember your display choices. These contain no card data and are removed when you sign out.

We take the security of your data seriously. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Jersey Office of the Information Commissioner without undue delay and, where feasible, within 72 hours of becoming aware of it, and we will tell you directly where the law requires us to.