DATA PRIVACY NOTICE
RELAXED AND WAXED
1. Personal data
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the ‘GDPR’).
2. Data Controller
The Salon Manager is the data controller (contact details below). This means they decide how your personal data is processed and for what purposes.
3. How do we process your personal data?
The Salon complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use personal data for the following purposes: -
· to administer appointment records and bookings;
· to maintain our financial accounts and records;
· to provide news and information about events, activities and promotions;
· to manage employees and volunteers;
· to maintain a relationship with suppliers (no information will be passed to 3rd parties without specific consent)
· Correspondence;
4. What is the legal basis for processing your personal data?
· there is no disclosure to a third party without consent; or
· Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement; or
· Explicit consent of the data subject has been given so that we can keep you informed about news, events, activities and services and keep you informed about events.
5. Sharing personal data
Your personal data will be treated as strictly confidential and will only be shared with employees within the salon for purposes connected with the specific needs of the individual. We will only share your data with third parties with your consent.
6. How long do we keep data?
We retain data on the following basis:
|
Record Type
|
Retention Period
|
|
Customer records
|
7 years from date of last treatment
|
|
3rd Party suppliers
|
24 months after the last contact
|
|
Payment Financials
|
6 years after the calendar year to which it relates
|
|
Records of attendance of children/young people and helpers at events
|
25 Years
|
|
Photographs and videos of events
|
24 months after the event – selected items retained for historical records
|
|
Insurance Records
|
Indefinitely
|
|
Safeguarding matters
|
75 years, unless informed otherwise by the authorities
|
|
Accident Books
|
3 years from the date of the last entry (or, if the accident involves a child/ young adult, then until that person reaches the age of 21)
|
|
Complaints (non -safeguarding)
|
3 years after resolution of complaint (unless further action is anticipated)
|
|
Employee Records
|
6 years after the date of termination of employment
|
|
Pension Records (money purchase)
|
6 years after transfer or value taken
|
|
Financial Records
|
6 years after the calendar year to which it relates
|
|
Organisational administration document (not covered by any of the above)
|
Date of expiry of event unless required for legal reasons
|
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
· The right to request a copy of the personal data which Relaxed and Waxed holds about you (a Subject Access Request or ‘SAR’);
· The right to request that the data controller of Relaxed and Waxed corrects any personal data if it is found to be inaccurate or out of date;
· The right to request your personal data is erased where it is no longer necessary for Relaxed and Waxed to retain such data;
· The right to withdraw your consent to the processing at any time (unless as an organisation there is a legal precedent for the details being retained i.e. safe guarding incidents, accident books etc);
· The right to request that the data controller provide you with your personal data and where possible, to transmit that data directly to another data controller.
· The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing (unless there is a legal precedent as stated above);
· The right to object to the processing of personal data (unless there is a legal precedent as stated above);
· The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, queries of complaints please in the first instance contact the Salon Manager at:
|
Address
|
Telephone
|
Email
|
|
7a Market Place
Kettering
Northants
NN16 0AL
|
01536 529878
|
Philippa@relaxedandwaxed.com
|
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
The Salon Manager
Relaxed and Waxed
Date: 25 May 2018