Privacy policy.
This document explains how we might collect your data and what happens to it. Your privacy is fundamentally important to us and we would not collect or use data which was not important for the functioning of our business and to our relationship with you. We are passionate about the services we provide for you and the relationship we can develop with you. We need to use some personal data from you in order to, for example, run our appointments system as well as to share with you information about the services we can offer and to help us decide which services and products you might be interested in. There are also some legal reasons why we need to receive and store your data, such as consent forms for certain treatments.
Who are we?
Rebecca Jade Health and Beauty Ltd is officially the Controller of your data. We suggest you read this Privacy Policy carefully and contact john@rebeccajadebeauty.co.uk if you have any queries at all regarding data or the GDPR (General Data Protection Regulation) as applicable to this business.
What information do we collect?
We routinely collect your name, addresses, email addresses, telephone numbers and date of birth. We keep records of the treatments we have provided for you and on occasions we will keep other sensitive data about you, such as any medical conditions you reveal to us, when they might be relevant to any treatments we consider providing for you.
How do we use personal information?
Mostly we use your data in order to manage your records within our systems and to contact you as required. For example we might send a text message to your mobile phone reminding you about an appointment for a treatment you have booked. We might also assess the information we keep about you in order to decide to contact you (e.g. by email) about a particular service or product which we think might be of interest to you. This is always intended very much to be exclusively things which we feel could genuinely be useful or of interest to you. The decision to contact you might be made by a person considering your data, or by a computer. Sometimes the information we hold can be used to help us decide if a particular service is not appropriate for you, for instance a known or suspected medical condition where it renders some treatments inadvisable. Sometimes there are legal reasons for us to hold your information for an extended period, such as when you provide written consent for us to provide certain types of treatment for you. We will never sell your data to any other company (unless that is part of an acquisition of part or all of our company.)
Our website also uses cookies. What are they?
Cookies are a technology which can be used to provide you with tailored information from our website. A cookie is an element of data that our website sends to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to accept it. This procedure is normal for most websites, but you can set your browser to remove cookies if you wish.
What legal basis do we have for processing your personal data?
Sometimes we process your data by what is legally defined as Consent. This for example is where you willingly provide your email address on our website in order to sign up to our newsletter. On other occasions there might be a Legal reason to hold your data, such as in regulatory financial issues or medical consent. On other occasions it can be defined legally as Legitimate Interest, which covers simple things like booking an appointment for you, then recording any relevant information about that appointment afterwards.
When do we share personal data?
We only share your data when it is necessary for our business. When we provide this for other companies, they are not at liberty to use the information for any other company or purpose unless that is legally required. For instance we use a company called Mail Chimp to send emails to our clients, so they need access to your data in order to do this. We use Twilio to send text messages to you. We might use a variety of Marketing Companies in order to promote our services to you, so they might need access to some of your data. Some other bodies will be given access to your data, such as software developers who work on our website, though they are not permitted to view or use such data in any way. All of our staff will have access to your data. In all cases there are contractual obligations which restrict your data from being copied or used in any way which is not required as described or implied above.
Where do we store and process personal data?
All written records of your data are stored securely on our premises in Harpenden, England. All digital records are held within a secure, UK data centre. None of your data will be moved or stored outside the European Economic Area.
How do we secure personal data?
Your written records are regarded as important documents which we aim to look after carefully and are retained securely within our premises. Digital records are maintained at a UK data centre where a very high level of security is maintained. When digital information is transferred between parties over the internet, we have to assume there is a risk that it could be intercepted or accessed in some way. We consider this to be similar in some ways to sending information by traditional post. Usually it arrives securely but this cannot be guaranteed. However we do not consider ourselves to be the likely target of any sort of criminal data theft as we are a very low risk enterprise. We do not use, record or store such things as card payment details and it is these which are the most valuable targets for criminals. We will review our data security measures periodically to ensure that we are taking reasonable steps to keep this safe.
How long do we keep your personal data for?
We intend to keep your general data for 5 years from the date we last used it. This is because we find that some of our clients can return to the salon after a gap of some quite considerable time. It can be beneficial to know about any previous history when this occurs. After that time, we will expect to "anonymise" the data, or delete it completely. If you would prefer us not to store your data, you can ask us to delete or anonymise it sooner. There are exceptions to this. Sometimes there are legal reasons to retain records, such as for financial reasons or where medical consent is given in writing. Currently we are storing this type of information indefinitely, though this might be reviewed in future.
Your rights in relation to personal data
We respect your rights under the GDPR to access and control your personal data. These are for:
Access to personal information. You can request to see what personal data we hold for you. We expect to provide this within 30 days of receiving your request.
Correction and deletion. You can ask us to do this if you wish at any time.
Withdrawal of consent. Where applicable you can do this and we will delete your data. However if there are legal reasons for us storing your data, as mentioned above, then we might not be able to delete it.
Data portability. You can ask us to provide a copy of any data we hold for you and we will supply this in a structured, commonly used, and machine-readable format.
Restriction of processing and objection. If you do not wish your data to be used for the purposes of marketing our services and products to you, it is always possible to opt out of this service.
Lodging a complaint with the Information Commissioner’s Office. If you have any questions or concerns regarding privacy, these should be raised with us first. You can either speak to us in person, or email john@rebeccajadebeauty.co.uk. If you are not happy with the response then you can contact the Information Commissioner’s Office. Their contact details can be found online.This document explains how we might collect your data and what happens to it. Your privacy is fundamentally important to us and we would not collect or use data which was not important for the functioning of our business and to our relationship with you. We are passionate about the services we provide for you and the relationship we can develop with you. We need to use some personal data from you in order to, for example, run our appointments system as well as to share with you information about the services we can offer and to help us decide which services and products you might be interested in. There are also some legal reasons why we need to receive and store your data, such as consent forms for certain treatments.