The law requires that eight data protection principles are followed in the handling of personal data.
These are that personal data must be:
1. Fairly, transparently and lawfully processed.
2. Obtained and processed for limited purposes and not in any manner incompatible with those purposes.
3. Adequate, relevant and limited to only data that is necessary to perform the purpose for which it was obtained.
4. Accurate and up to date.
5. Not kept for longer than is necessary.
6. Processed in accordance with the data subject's rights.
8. Not transferred outside of the EEA or between countries without adequate protection.
We are committed to following these principles and will be open and transparent about the purposes for which we will use your data.
Who are we?
The Beauty Studio is the data controller, this means it decides how your personal data is collected, handled, processed and stored, and for what purposes. If any of your personal information changes, you believe that any of the information we hold is incorrect or you have any queries with regard to your personal information or our data protection policies and procedures, then please contact us at email@example.com
What is Personal Data?
‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is anyone who can be identified, directly or indirectly from that data. Identification can be by the information alone or in combination with other information that is within our possession, control or from other information to which we legally have access to.
What is the legal basis for processing your Personal Data?
All Personal Data that we process, will be in accordance with one or more of the following legal basis’:
- Consent from the individual (or someone authorised to consent on their behalf).
- Where it is necessary in connection with a contract between us and an individual or an individual that is authorised to represent a non-natural person with whom we have a contractual relationship.
- Where it is necessary because of a legal obligation – if the law says you must, you must.
- Where it is necessary in an emergency, to protect an individual’s ‘vital interests’.
- Where it involves the exercise of a public function – i.e. most activities of most government, local government and other public bodies.
- Where it is necessary in our legitimate interests, as long as these are not outweighed by the interests of the individual.
How do we protect your Personal Data?
The Beauty Studio aims to protect your Personal Data, and complies with its obligations under the GDPR, by:
- keeping Personal Data up to date;
- only storing information in secure locations;
- destroying information that is no longer relevant;
- not collecting or retaining unnecessary or excessive amounts of data; protecting Personal Data from loss, misuse, unauthorised access and disclosure;
- ensuring that appropriate technical measures are in place to protect Personal Data.
- ensuring that we undertake suitable due diligence checks on 3rd parties who have a legal basis for Processing Personal Data.
Please note that we have a legal obligation under GDPR, that we must notify any data breach to the controller without undue delay. The Beauty Studio therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller.
What do we use your Personal Information for?
We use Personal Data to:
- fulfil our contractual obligations to businesses or individuals, for products and services that have been requested/provided;
- verify identity, which may include natural persons where a contractual relationship is proposed or exists, in order to assess credit and other commercial risks to our business.
- provide you with information, news, events and activities that is relevant to the goods or services that we are contractually providing to you or consuming from you;
- provide you with news, events and activities, for which you have consented to us to do so (please see ‘Marketing Consent’ section below)
Who else has access to your Personal Data? Disclosures
In addition, we may disclose your personal information:
- to the extent that we are required to do so by law; Any statutory, governmental or regulatory body that requests Personal Data and that we are obliged by Law or regulation, to provide.
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
We do not collect any data from our website www.thebeautystudiowarminster.co.uk – the site is provided purely for information about the business.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary, however there are circumstances when we may retain Personal Data for a longer period:
- where we have a statutory or regulatory obligation to retain the Personal Data;
- to ensure that our business is properly run in an efficient and compliant manner
What are your rights?
Unless subject to an exemption under the GDPR, you have the following rights in respect to your Personal Data: -
- to request a copy of your personal data which we hold about you (Access);
- to request that we correct any personal data if it is found to be inaccurate or out of date (Recification);
- to request your personal data is erased, unless there is a legitimate reason for us not to comply (we will always provide you with more details about your Rights in our response to your request) (Erasure – ‘Right to be forgotten’);
- to transmit that data directly to another data controller, (Portability);
- to lodge a complaint with the Information Commissioners Office.
If you wish to exercise any of your rights, please see our ‘Contact Details’ section below
Special Categories or ‘Sensitive’ Data
In order to provide the right “treatments” and “products” we may require you to provide us with certain special categories of information that are treated in law as being particularly sensitive (e.g. information relating to your health). We will ask that you agree to us processing any Sensitive Personal Information that you provide to us in accordance with this policy. This sensitive personal data will be required to:
- ensure that we follow good governance in providing the right “treatments” and “products” to you to ensure your health and well-being is protected as best we can, and that any laws and regulations are fulfilled.
To exercise all relevant rights, queries or complaints please contact us :
Email: Joanne Francis – firstname.lastname@example.org
Phone: 01985 847077
Post: The Beauty Studio, 4 Three Horseshoes Walk, Warminster, Wiltshire BA12 9BT
You can also contact the Information Commissioners Office on 0303 123 1113 or via email
https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.