On the 25th May 2018 the current law designed to safeguard your personal information is changing. The current Data Protection Act is being replaced by the EU General Data Protection Regulation (GDPR) which sets out some new rules that we need to let you know about.
Your Personal Data – What is it?
From May 25th 2018, your personal data is defined as any piece of information that allows you, as an individual, to be identified. This may include your name, your address, contact telephone and/or email contacts.
Who are we?
Tara Jones is the Data Controller for Barkham Beauty Rooms Ltd, and they are ultimately responsible for managing the information we record, and for what purposes it is used for.
How do we process your personal information?
Barkham Beauty Rooms Ltd complies with the obligations set out under GDPR, we do this by keeping your personal information up to date, only collecting the information that is strictly necessary, and managing the secure destruction of personal information when it’s no longer required.
We use your personal information in the following ways:
- Booking your appointment with us, via telephone or email
- To record details of your treatment against your consultation form or client record
- For fraud prevention purposes when purchasing gift vouchers
- For payments, invoices and accounts processing
- Keeping you updated on changes to your appointment via telephone, email or SMS
- Keeping you updated on our latest promotional offers via email
What’s the legal basis for handling my information?
- Processing your information is necessary in order for us to complete a sales transaction, this covers booking an appointment and/or paying for your treatment
- Our legal obligations in order to protect you and us, which include:
- Client consultation forms in order to protect us under our current Public Liability Insurance. Failure to do so will result in the void/termination of our cover to protect you
- For the purposes of crime prevention through our CCTV systems which protect our premises
The processing of special categories of personal data
Under GDPR, some of your personal information that we record is classified as ‘Special Category’ this means we have to be clear in the information we record, and the reasons for recording this information with your consent;
1. Your health data
We record information relating to your health in order to identify which treatments are suitable, and advise where we are required to do so, against some types of treatments as a result of medical conditions such as cancer, joint or muscle problems, some skin conditions.
Your data and third parties
Your personal information is classified as Strictly Confidential; this means that we do not share your personal information with any third parties. We will only share your personal information with third parties with your consent.
We are obliged to share your personal information and some Special Categories of data in the event of a medical emergency following your treatment to qualified medical practitioners.
Any promotions, or activities provided by our suppliers, which may include competitions, event days or special pricing will be treated as a separate contract between you and the supplier.
How long do you keep my information?
We keep your personal information for no longer than is necessary for a period of 7 years in order to; for client safeguarding reasons for skin treatments, compliance with our insurances, in the event of any legal claims or complaints made against us, and for the processing of our financial accounts.
Your rights to your information
Under GDPR you have rights when it comes to allowing us to process your personal information, these include:
- The right to request a copy of all the information that we hold about you
- The right to request we correct any inaccurate or out of date information about you
- The right to stop us processing your personal information for things such as promotional marketing and appointment reminders.
- Where there is a dispute in our accuracy or handling of your information, request we restrict any further processing
- The right to object to us processing your information where applicable, outside of the requirements in order for us to carry out treatments
- The right to lodge a complaint with the Information Commissioner’s Office
If we need to use your data for another purpose
This privacy notice covers the items set out in section 3, if we wish to use your personal information for another purpose we will provide a new privacy notice which will explain how we will use your information. Your consent will be required before we can use your information in the new way or for the new purpose.
Consenting to your information being processed by us
You are consenting to us processing your personal information during your booking (also known legally as ‘Invitation to treat’ where we are required to capture your personal information to book your appointment.
You are consenting to your payment information being processed by us at point of sale for the purposes of completing your financial transaction by us.
You will be prompted to select your communication preferences on your client consultation form, which include; appointment updates, our latest offers and new product launches.
If you’re unhappy with how we’re processing your information
To report any queries or complaints, including the right to exercise your rights you should contact the data controller, Tara Jones at Barkham Beauty Rooms Ltd, 330 Barkham Road, Wokingham, RG41 4DE.
You may choose to refer your query to the The Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.