This Privacy Notice will help you understand how we collect, use and protect your personal information. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Data Protection Officer by email: firstname.lastname@example.org or by post: Data Protection Officer, The Beauty Wardrobe Ltd, 1230 Leeds Road, Bradford, BD3 8LG.
We take privacy seriously and at any time, you may request a copy of information we have recorded about you. You may also request we remove all identifiable information with respect to yourself. As a matter of course, we will delete your identifiable information if you have not undertaken business with us after 5 years. By agreeing to use our services, you agree to this consent.
The organisation responsible for the processing of your personal information is The Beauty Wardrobe, 1230 Leeds Road, Bradford, BD3 8LG. This means that we are a ‘data controller’ under the Data Protection Act 1998 (and, once in force, to the General Data Protection Regulation (also known as the GDPR)). Our registration number with the Information Commissioner’s Office is A8328837.
WHAT INFORMATION WE COLLECT ABOUT YOU
The personal data you have provided, we have collected from you, or we have received from third parties includes:
HOW WE COLLECT INFORMATION ABOUT YOU
Most of the personal information we hold about you is that which we collect directly from you, for example:
In order to understand more about you and provide you with an appropriate treatment plan, and to improve our marketing interaction, we also supplement and combine the personal information that we collect from you with other categories of data obtained from other sources, such as indicated below: confirmation:
WHAT WE USE YOUR INFORMATION FOR AND THE LEGAL BASES FOR PROCESSING
We may store and use your personal information for the purposes of:
(a) recommending you the correct treatment.
(b) Recording personal and biometric data for better enhancement of treatment and tracking the overall success of treatment.
(c) keeping biometric and pictures on a secure cloud based system compliant with GDPR
(d) keeping track of number of treatments, frequency, products and for promotional purposes
(e) time to time, we may process (to or from) payments via third parties i.e banks, paypal, stripe. We may need to take your payment details or we may need to give you ours. We do not keep these details.
(f) we keep an electronic data on a GDPR compliant software system but we also keep paper copies for treatments.
(g) CCTV footage is kept on site until it records over itself. Usually for 30 days. In the event of an incident i.e theft, robbery, car accident etc, we can share this on social media to find the culprit(s) or person of interest. We can also share the video with legal representatives.
(h) communicating with you about your quotes, treatment and product information, including responding to your enquiries.
(i) administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(j) undertaking market research and statistical analysis, including analysing your use of our website. This allows us to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
(k) fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).
Our “legitimate interests” as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
WHERE WE STORE YOUR INFORMATION
We keep your treatment plan, biometrics and medical and personal history on paper format, kept in a secure filing cabinet. Every therapist has access to this information however we have CCTV directly watching this. We also keep a computerised form of your personal and biometric details.
We take privacy seriously and at any time, you may request a copy of information we have recorded about you. You may also request we remove all identifiable information with respect to yourself. As a matter of course, we will delete your identifiable information if you have not undertaken business with us after 5 years.
For transparency, listed are the business services we provide and how each service uses the information we collect.
Appointment confirmations and reminders
We will contact you via phone, email or SMS to confirm appointments made and remind you of upcoming appointments. We consider your having made the appointment as consent to undertake this activity but, if you want, you may opt out at any time.
Appointment ratings and reviews
After visiting us we may send you an email or SMS asking you to rate our services and provide feedback. We consider you having received services as consent to undertake this activity but, if you want, you may opt out at any time.
Data processors and data locations
We use numerous leading software solutions within our business to provide the services listed above. These software solutions act as data processors and store and process data in numerous locations outside our business premise. For a list of data processors and data storage locations please visit: www.shortcuts.com.au/datastoragestatement.
USING YOUR PERSONAL DATA FOR MARKETING
We will send you marketing about similar products and services by post, telephone, email, SMS and through digital channels. Digital channels includes social media and similar such digital marketing channels. We may upload and match the personal data you provide to us with the data you provide to social media and similar such digital marketing channels. This allows us to improve our knowledge of you and, in return, serve you with relevant marketing messages.
You can object to receiving marketing from us at any time. Please provide your details via post Data Protection Officer, 1230 Leeds Road, Bradford, BD3 8LG or alternatively follow the unsubscribe link in our marketing emails or SMS; or send us your name, address and date of birth via email to email@example.com
We consider that it is within our legitimate interests to send you information about our products and services for marketing purposes.
WHO WE SHARE YOUR DATA WITH
Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties:
HOW LONG YOUR INFORMATION IS KEPT
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 5 years on our main systems after which time it will be archived, deleted or anonymised. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details.
Under the Data Protection Act 1998 you have the following rights:
Once the GDPR comes into force on 25 May 2018, you will also have the following rights:
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.
You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk.