At the Beauty Room & Day Spa Kilsyth we take great care with all the Personal data we hold, to ensure we comply with best professional practice and with the law.
the Beauty Room & Day Spa
We are a Data Controller and are subject to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
We are a member of the ICO (Information Commissioner’s office) and comply with this act for the protection of all.
This Privacy Notice explains what Personal Data the Spa holds, why we hold and process it, who we might share it with, and your rights and freedoms under the law.
Types of Personal Data
The Spa holds personal data in the following categories.
1. Clients beauty, safety and health data and correspondence.
2. Staff employment data.
3. Contractors data
Why we process Personal Data (what is the purpose)
“Process” means we obtain, store, update and archive data.
1. Clients data is held for the purpose of providing clients with appropriate, high quality, safe and effective beauty and spa treatments.
2. Staff employment data is held in accordance with Employment, Taxation and Pension law.
3. Contractors data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
1. We hold clients data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
2. We hold staff employment data because it is a Legal obligation for us to do so.
3. We hold contractors data because it is needed to Fullfil a Contract with us.
Who might we share your data with?
We can only share data if it is done securely and it is necessary to do so.
1. Client data may be shared with other beauty professionals who need to get involved in your treatments (for example if we refer you to a specialist). [Client data may also be stored for backup purposes with our computer software suppliers, email marketing [who may also store it securely][overseas]. [Client data is also collected by our client payment devices and operations to facilitate card, online payments, telephone payments of services, products etc. to operate our day to day business activities, and improve our services the banking companies provide us with, including fraud.
We use Phorest for all our bookings and everything is stored on their secure servers and is password protected so only staff members involved in your treatments and management are able to access your digital client records.
“We do not share any of our clients details or information with anyone.
Please note due to the nature of the treatments you receive you will be asked about medical conditions and medications for your safety and our reputation – please be honest with us and know that all information you share is strictly confidential.
2. Employment data will be shared with government agencies such as HMRC.
You have the right to :
1.Be informed about the personal data we hold and why we hold it.
2. Access a copy of your data that we hold by contacting us directly : we will acknowledge your request and supply a response within one month or sooner.
3. Check the information we hold about you is correct and to make a correction if not.
4.Have your data erased in certain circumstances.
5. Transfer your data to someone if you tell us to do so and it is safe and legal to do so.
6.Tell us not to actively process or update your data in certain circumstances.
How long is the Personal Data stored for?
1.We will store client data for as long as we are providing beauty and spa treatments. We will archive ( that is, store it without further action) for as long as it is required for legal purposes or other trusted experts recommend.
2. We must store employment data for six years after an employee has left.
3. We must store contractors data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to [us] our Data protection officer, who is [Marie Moffitt and contact telephone number 01236 823100] and we will do our best to resolve the matter. If this fails, you can complain to the information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.