Privacy and Cookie Policy

Last updated March2019


This privacy and cookies policy (“Privacy Policy“) details data used on (the “Websites“), the Toyin Customer mobile application software and the Toyin Connect (salon diary and management tool) application software and website at (“Connect”), both of which are available for download from iTunes and Google Play (the “Apps“), customisable websites powered by Connect hosted at unique subdomain addresses on (the “Partner Sites”), and the web interfaces, also powered by Connect, embedded on Partner Sites and on our salon partners (“Partners”)’ own websites and social media pages, through which customers can make bookings directly with Partners at (the “Widgets”) (together, the “Platform”).

The data controller for your information is Hotspring Ventures Limited (registered address: c/o 19 Moneyer House Provost estate N1 7RB(“Toyin”, “we”, “our” or “us”). You can write to us at: 19  Moneyer House Provost estate N1 7 RB or email us on:

We are committed to protecting the privacy of our users and customers. This Privacy Policy is intended to inform you how we gather, define, and use information that could identify you, such as your name, email address, address, other contact details or online identifiers, other information that you provide to us when using the Platform (“Personal Information“) and also what Cookies we use. Please take a moment to read this Privacy Policy carefully.

What information do we collect?

When you visit and/or use our Platform or contact us, we may collect the following information: 

  • Personal Information that you choose to share with us when you register for an account, subscribe to emails, newsletters and alerts and which you provide to us when using our services, including information entered into our booking platform and included in your comments, reviews or survey responses. In the course of making a booking or submitting reviews, you might voluntarily provide us with sensitive personal data if relevant to the service that you are requesting or reviewing (relating to your health or ethnicity, for example).
  • Personal Information that you share with us as part of an application for a job at Toyin, submitted either directly on the Websites or indirectly, including but not limited to, via a recruitment agency, unsolicited application or third-party recruitment platform. In the course of making an application you may choose to voluntarily provide us with sensitive personal data relating to whether reasonable adjustments ought to be made for you in the application process or subsequently if an employment relationship is established. However, you must not share any sensitive personal data with us that would not be necessary for us to make reasonable adjustments for you, e.g. political opinions, religious beliefs or specific information on your state of health.
  • Where you are utilising our online payment facility, we may store (via ourselves or our appointed payment processor) your credit and debit card details on a secure encrypted basis.
  • If you choose to communicate with us (for example, through the Platform, live chat, email, telephone, SMS, or social media) we will record the fact that you have contacted us, the content of your and our communication, your contact details, and other unique identifiers including IP address and display name. 
  • Information about your visits to and use of the Platform, such as information about the device and browser you are using, your IP address and location, your identifier for advertisers (IDFA), the date and time that you visited, the duration of your visit, the referral source and website navigation paths of your visit and your interactions on the Platform including the salons and treatments you are interested in. Please note that we may associate this information with your Toyin account. Please see the cookies section of this Privacy Policy for further information on the purposes for which we collect and use this information.

It is important that all the Personal Information you give us when you register as a user or otherwise when you use the Platform is correct and accurate. This includes, by way of example only, ensuring that we have your correct contact (including email) details at all times. 

If you plan to submit someone else’s Personal Information to us, for instance when making a booking on their behalf, you should only provide us with that third party’s details with their consent and after they have been given access to information about how we will use their details, including the purposes set out in this Privacy Policy. 

Protecting your personal information

The transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our Platform. Any transmission is at your own risk. Once we have received your Personal Information we will use strict procedures and security features in relation to that data. 

How do we use your personal information?

In general terms, we use Personal Information to provide you with the services and products you request, process payment, provide customer services, deliver our content and ads which we think may be of interest to you, for customer research, to send you marketing and promotional emails and to notify you about important changes to our Platform. 

We also use your Personal Information for the following purposes:

  • To fulfil a contract, or take steps linked to a contract. This is relevant where you request a service via Toyin. This includes:
  • Sending you information about your requested services (such as appointment reminders) by email, SMS and push notification
  • Facilitating your bookings and taking payments
  • Responding to your questions and concerns
  • Administering your account
  • As required by Toyin to conduct our business and pursue our legitimate interests, in particular:
  • To keep our Platform and systems secure and to prevent fraud, security incidents and other crime
  • To verify compliance with our terms and conditions and for the establishment, exercise or defence of legal claims
  • To notify you about new Toyin services and special offers we think you will find valuable, for example via email and displaying advertising on third party websites such as Facebook (where consent is not required)
  • To tailor and personalise marketing notifications and advertising for you based on information you provide and your use of our Platform, products and services and other sites (please see the Cookies section of this Privacy Policy for further information)
  • To help us monitor, improve and protect our Platform, products and services, and to personalise our Platform, products, services (and those of our partners) for you, based on information you provide and your use of our Platform, products and services and other sites (please see the Cookies section of this Privacy Policy for further information)
  • To investigate and respond to any questions or complaints received from you or from others, about our Platform or our products or services
  • To conduct internal research and analysis so that we can see how our Platform, products and services are being used and how our business is performing
  • To conduct market research and consumer surveys
  • To collate and publish reviews of products or services offered by our Partners, and use these for advertising campaigns
  • To use customer communications for training, record-keeping and quality control purposes. If you telephone our customer experience team, please note that the fact that you have contacted us will be noted and your call may be recorded. You will be told if such a recording is being made and also given the opportunity to opt-out of being recorded if you wish to do so and the means for doing so
  • To process applications for a position at Toyin, whether submitted directly or indirectly, including to examine your suitability for the role, curriculum vitae, and professional skills, to schedule interviews and assessments, to contact referees and, if successful, to offer you a job and establish an employment relationship with you. Information which you provide will be held for a period of 12 months and may be referred to in the event you make future applications to work at Toyin.
  • Where you give us consent:
  • To notify you about new Toyin services and special offers we think you will find valuable, for example via email and displaying advertising on third party websites such as Facebook (where consent is required)
  • To send you information about competitions and surveys and details of promotional offers of our Partners and about other selected third parties’ goods or services, for example those of health, beauty, leisure and lifestyle brands, by email and as push notifications via the App
  • To pass your personal information to our Partners and other selected third parties’, for example health, beauty, leisure and lifestyle brands, to enable them to send you information about their goods and services on their own behalf
  • To place cookies and use similar technologies in accordance with the Cookies section of this Privacy Policy and the information provided to you when those technologies are used
  • On other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time
  • For purposes which are required by law:
  • To respond to requests by government or law enforcement authorities conducting an investigation
  • To meet legal, regulatory and compliance requirements 

Withdrawing consent or otherwise objecting to direct marketing

Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.

  • If you would like to unsubscribe from receiving communications which Toyin sends you, you can do so by clicking the “unsubscribe” button at the bottom of email communications which we send you or alternatively by contacting us at In the case of email marketing please allow 48 business hours for your email address to be removed from our system. 
  • If you would like to unsubscribe from receiving communications which are sent by Partners and other third parties, please contact the Partner or third party directly. In the case of our Partners, if you need our assistance with this, we will be happy to do what we can to help you.
  • If you would like to no longer receive push notifications via the App, you can do so by revoking push notification permission for the Apps in your phone’s operating system settings. 

Your rights in relation to your personal information

In relation to the personal information we hold about you, you may be entitled to ask us: 

  • For a copy of your personal information
  • To correct, erase or restrict the processing of your personal information
  • To obtain personal data which you provide to us for a contract or with your consent in a structured, machine readable format and to ask us to transfer this information to another organisation
  • To object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). 

In the first instance you may be able to view or change the information you have provided us with by logging in to your online account. 

Your rights in relation to your personal information are limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground we may continue to process Personal Information which you have asked us to delete. You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant supervisory authority.

If you wish to exercise any of the above rights, please contact us at Please note, however, that no financial information will be provided without verification.

What about other websites linked to our Platform?

We are not responsible for the practices employed by websites linked to or from our Platform nor the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our Platform. 

Please remember that when you use a link to go from our Platform to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including websites which have a link on our Platform, is subject to that website’s own rules and policies. Always read over those rules and policies before proceeding. 

Social Media and User Generated Content

Some of our Platforms allow users to submit their own content. Please remember that any content submitted to one of our Platforms can be viewed by the public, and you should be cautious about providing certain personal information e.g. financial information or address details via these Platforms. We are not responsible for any actions taken by other individuals if you post personal information on one of our social media platforms, e.g. Facebook or Instagram. Please also refer to the respective privacy & cookie policies of the social media platforms you are using. 

Changes to our Privacy Policy

If we change our privacy policies and procedures, we will post those changes on our Platform to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it. 

Where we store your personal data

The data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (EEA), including for the purposes of processing that data by selected third parties, in order to facilitate Toyin’s business. Countries outside the EEA may not have laws which provide the same level of protection to your personal data as laws within the EEA. Where this is the case we will put in place appropriate safeguards to ensure that such transfers comply with applicable data protection laws.


We retain your Personal Information for as long as is required to fulfil the activities set out in this Privacy Policy, otherwise communicated to you or for as long as is permitted by applicable law. For example:

  • where you apply for a position at Toyin, whether directly or indirectly, information which you provide will be held for a period of 12 months and may be referred to should you make future applications to work at Toyin;
  • where you contact us via live chat on the Platform, we usually retain customer live chat data for up to 60 days after the end of the session; and 
  • where you contact us via telephone and do not opt-out, we shall retain call recordings for up 90 days from the date of the call.

Our policy on Cookies

In common with other commercial websites and apps, our Platform use standard technologies including cookies and similar tools including web server logs, web beacons, tokens, pixel tags, local storage, device identifiers and tracking IDs (together referred to as “Cookies” in this Privacy Policy) for the purposes set out below.

Note that third parties collect and use data from Cookies placed on the Platform. This Privacy Policy may not describe the privacy practices of such third parties. We encourage you to read the privacy policies of these third parties and, if you prefer to not have data reported by these parties, follow their opt-out processes where these exist. Please review What can I do to change my Cookies preferences? section below for further information.

Why do we use Cookies?

  • Strictly Necessary/Transactional Purposes

Using Cookies for this purpose is essential for our Platform to work correctly. They may be required to enable you to move around our Platform and use our features, for system administration, to prevent fraudulent activity, to keep you logged in from one page to another or so that we can remember what you have added to your basket. These cookies cannot be switched off as our Platform cannot function properly without them.


ITKT / ATKT – Keep you logged in as you move around the Platform

venue-basket-123456 – Keep your products in your shopping cart as you move around the Platform

  • Functionality Purposes

Using Cookies for this purpose enables us to enhance and simplify your user experience. For example they may remember choices you make such as the country you visit our Platform from, language, search parameters such as date, area or treatment, and help to identify issues with our Platform (such as crash incidents). These can then be used to provide you with an experience more appropriate to your selections and to tailor and enhance your visits to our Platform. The information these technologies collect may be personally identifiable, such as your log-in details. They cannot track your browsing activity on other websites or apps outside the Platform. We use some tools for this purpose, for example Snowplow.


preferred_language – Remembers your language choice on our multilingual websites

homepage-search’ – Remembers homepage search settings for your next visit

recent-locations – Remembers recent locations you’ve searched 

  • Performance Purposes

Using Cookies for this purpose enables us to better understand how many users visit our Platform, how users arrive at, and browse or use our Platform and which parts of our Platform are most popular. This helps us to improve the Platform, such as navigation and interface experience, and improve our products and services. To achieve this, we collect information on how people use our Platform and use third party technologies for this purpose, including but not limited to Google Analytics, Snowplow, Optimizely, Hotjar, AppsFlyer, Fabric Analytics, Firebase, and Crashlytics. We also use these Cookies to help us measure the effectiveness of our online marketing and advertising activities. We use some third party Cookies for this purpose, including but not limited to Salesforce Marketing Cloud, Snowplow, Impact Radius, Awin, DoubleClick Floodlight, Bing, and tools provided by social media platforms (including Facebook and Snapchat).


Google Analytics is a web analysis service provided by Google, Inc. We use Google Analytics to monitor how visitors use our Platform, to compile reports and to help us improve the Platform. Google collects information in an anonymous form, including the number of visitors to the Platform, where visitors have come to the Platform from and the pages they visited on the Platform. This information is then used by Google to make reports for us and to help us improve the site. Please see Google’s privacy policy here for further information on the data Google collects and how it is processed. 

Hotjar is a software which we use to help us to improve the user experience on our Website (, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar helps us understand how users use the Website (mouse movements, clicks, scrolling etc.). For this purpose Hotjar uses analytics cookies to collect non-personally identifiable information including standard internet log information and details of visitors’ behavioural patterns upon visiting our Website. By using our Website, you acknowledge and accept our privacy practices as well as those of Hotjar’s. Please see Hotjar’s privacy policy ( for further information on the data Hotjar collects and how it is processed. 

Awin is one of the affiliate networks we use to provide affiliate marketing to potential customers of Toyin. Awin’s network of third party affiliates display Toyin adverts on our behalf and Awin uses Cookies to analyse the performance of these adverts and to enable us to process commission payments to Awin and its affiliates where those adverts lead customers to make purchases on the Platform. For more information, you can find Awin’s privacy policy here

  • Targeting or Advertising Purposes

Using Cookies for this purpose enables us to display adverts on and off the Platform, and to collect information about your browsing habits and usage of the Platform in order to make adverts more relevant and personalised to you and your interests. We may use remarketing technologies to enable third parties to display relevant and personalised ads to you through their networks. They are also used to identify that you have seen a particular advert, limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. We use some third party technologies for this purpose, including but not limited to Salesforce Marketing Cloud, Sovendus, Affiliate People, Snowplow, DoubleClick Floodlight, Google Analytics Audiences, Facebook Analytics, Bing, and AppsFlyer. Technologies are also placed by social media sites for advertising and targeting purposes (including Facebook, Pinterest and Snapchat).

These technologies remember the sites you visit and that information is shared with other parties such as advertisers. When we use third parties for advertising and targeting purposes, we may disclose: 

  • Personally identifiable information, such as email address, order ID, venue.
  • Generic, aggregated or anonymised data relating to your visits and use of our Platform; or 
  • Information in a pseudonymised form such as a browser cookie ID / code or cryptographic hash of your email address to help us tailor and display our ads to you on other services. This ID or code is matched against your equivalent unique code similarly generated by our ad partners to tailor adverts to you. 

The third party companies that we use for targeting and advertising purposes have their own privacy policies which you should read in detail. 


Facebook Targeting. These cookies are set by Facebook. Facebook uses cookies to manage social login and to collect data on its users’ interests. Facebook uses this data to deliver targeted advertising during your browsing experience/ whilst you are online.

Doubleclick Advertising. Doubleclick is Google’s real time bidding advertising exchange. These cookies ensure that you can see Toyin offers on carefully selected third party websites after you have left the Platform.

Google Targeting. These cookies are set by Google. These cookies enable Google to profile the interests of visitors and ensure that relevant Toyin advertising reaches you on third party sites or search. These cookies may also be used to store user preferences, verify Google user accounts.

How do we use information we collect from tracking technologies?

See How do we use your personal information? above.

What can I do to change my Cookies preferences?

Please find below a number of ways in which you can manage your Cookie preferences online. Please also refer to the privacy & cookie policies of the relevant third party for more information. 

  • Most browsers and devices allow you to remove tracking technologies and/or block new tracking technologies being set. To turn off tracking technologies, look at the “help” menu on your browser, or visit your device settings. However, please note, that (a) this may not be effective for all tracking technologies and (b) switching off tracking technologies may restrict your use of the Sites and/or delay or affect the way in which they operate.
  • AdChoices is a self-regulatory program that encourages online advertising platforms to include an advertising option icon on any ads or webpages where data is collected and used for behavioural advertising. Find out more here:
  • Use your mobile device settings to configure your advertising preferences.
  • Visit Your Online Choices here to opt out of various interest based advertising
  • Hotjar: You may opt-out from having Hotjar collect your information at any time here:
  • Google Analytics: If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-Out Browser Add-On by following the instructions here: You may opt out of Google’s use of Cookies by visiting the Google advertising opt-out page here
  • Facebook Ads: You can control how Facebook uses data to show you ads by turning off ads which may be based on interests and / or your relationship with specific advertisers, in your ad preference settings. For further information, please visit the various Facebook pages which allow you to learn more about Facebook ads and Cookies and to update your settings: 

Please note that where you have opted out of receiving our email marketing communications via the methods described above under the section Withdrawing consent or otherwise objecting to direct marketing, you may still see our non-targeted adverts whilst you are online, if your interests settings on Facebook are aligned to an audience segment (pre-defined by Facebook) which our business is also associated with. We do not control whether these ads are displayed to you. 

  • In the case of third parties not specified in this section, please consult their relevant privacy & cookies policy to find out more about adverts displayed to you whilst you are online and how you can opt-out.