My name is Sophie Wallis and I run Blackdown Beauty & Complementary Therapies.
My lawful basis for collecting your information (under Article 6 of the General Data Protection regulations – GDPR) is that you consented to me collecting your personal data for a specific purpose/specific purposes (when you signed the marketing form) and because you have agreed to me contacting you (about new therapies, special offers, things that I think might be of interest to you, to send you greetings cards and to send you an appointment reminder) this provides me with a legitimate basis/reason to process your information. You have also entered into a contract with me when you agreed to purchase a product or service from me and I can legally process your information in order to deliver that product or service. You are not obliged to give me any information, but due to my membership of the FHT and the requirements of my insurance I would be unable to offer you a treatment without it. You can withdraw your consent re contact from me at any time by contacting me on the number shown above or via email: email@example.com You also have the right to withdraw your consent to me holding information about you and to ask for information about you to be deleted from my files. However, under Article 17 GDPR I am allowed to retain information that would/could be used in the defence of a legal claim. Therefore, if you ask me to delete information from my files I will only be able to delete information that would not be used in the defence of a legal claim. I will only ever hold information about you that is absolutely necessary and then only for the times outlined below. I will not share any information that you give to me with anyone else unless there is a legal reason to do so (e.g. a medical emergency whilst you are on my premises, it is necessary to save life/limb, information is required by a court or an insurance company acting on my behalf or yours).
Information about you will be retained for 10 years after your last treatment if you are over the age of 18, 10 years after you have reached 18 years of age if you are under 18 and 28 years in the case of pregnant women. After the times mentioned above all paperwork relating to you will be shredded and recycled. You have a right to access any personal information that I hold about you and I have one month to provide you with this information, you can ask to access your information verbally or in writing. If you ask verbally to access your notes I will write on your notes that you have requested this information and when you have requested it. If you ask to access your information in writing a copy of your letter will be kept in with your notes.
Because I process personal information relating to you and keep identifiable information on paper and electronically (on my mobile telephone and email) I am registered with the Information Commissioners Office (ICO). You have a right to complain to the ICO if you believe that there is a problem with the way in which I am handling your information.
Written information that relates to you is stored in a locked cabinet and there should never be a personal data breach re the information that I hold (as I am the only person that has access to the keys for the cabinet and it is locked when other client’s are in the house). If anyone breaks into the cabinet and takes your personal information, I will contact you asap to inform you (and the police) and I will inform the ICO (within 72 hours).
If you have consented to me contacting you via the telephone, your name and telephone number will be stored on my mobile telephone so that I can contact you more easily to remind you about treatments and to enable me to identify who is contacting me to make or cancel an appointment. My telephone is protected by a pin code (that no one else knows) and internal security systems. Should there be a security breach or my phone is stolen, I will inform you (and the police where appropriate) and I will inform the ICO (within 72 hours). Your name and number will be deleted from my phone 1 year after your last treatment.
If you consent to me contacting you via email, your name and email address will be stored on my computer in a folder and in my email address book, no one else has access to my email address book and my computer has up to date spy wear protection installed. Your email address will also be held in my Jacquie Lawson ecard address book, so that I can send you ecards when appropriate. This ecard address book can only be entered using a password and I do not store the password on the computer. I have to enter a password every time I want to access my Jacquie Lawson account. Any breach of security will be reported to you; any relevant body e.g. roundcube and outlook (my email providers) and the ICO (within 72 hours). Your email address will be deleted 1 year after your last treatment.
If you have consented to me contacting you via the post, your address will be kept on my (password spyware protected) computer (so that when I write to you I can access and print off your address easily), in an address book (so that I can access all of my client’s addresses without having to go through every folder in my filing cabinet each time I contact you and in case the computer ever breaks down) and on your notes (so that I have all of your details together). The address book is kept in my lockable filing cabinet that no one else has access to. Any breach of security will be reported to you; and the ICO (within 72 hours).
If you place a review on my facebook account you accept that people will see the information that you have placed there. Your review will remain on facebook indefinitely unless you ask me to delete it. If you have any questions or concerns re how I store or use your personal information please do not hesitate to contact me at any time.