WHAT IS GDPR?
The GDPR was adopted by the EU Parliament to:
Create consistency within all the member states of the EU as to the rules regarding data protection, implementation of the law, and how the rules are enforced.
Modernise the principles laid out in the 1995 Data Protection Directive (Directive 95/46/EC), which was written before the advent of social media, ‘smart’ mobile devices that now can access things like cameras and geo-location information, and the ubiquity of online services and communications.
Reinforce the rights of individuals to control and protect their personal data.
Strengthen the EU internal market, ensuring stronger enforcement of the rules, streamlining international transfers of personal data and setting global data protection standards .
THE GDPR APPLIES TO:
Organisations located within the EU;
Organisations located outside of the EU if they offer goods or services to (even for free), or monitor the behaviour of, EU residents; and
Organisations processing and holding personal data of EU residents, regardless of the Organisation’s location.
WHAT IS PERSONAL DATA?
GDPR defines personal data broadly as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
A Data Controller is an organisation that determines the purposes, conditions, and means of the processing of personal data. Carol Ann Marsh is a Data Controller, for the purposes of operating its beauty/chiropractic/acupuncture business in Dover and online at www.tranquility-dover.co.uk, and is registered to process personal data with the ICO (Information Commissioner’s Office)
The Data Protection Officer for Carol Ann Marsh is Carol Marsh who can be contacted at email@example.com
A Data Processor is an organisation that processes personal data on behalf of Controllers. Third party data processors with which Carol Ann Marsh is associated includes (but is not limited to):
IT systems, online salon diary and accounts system Fresha, social media platforms including facebook/instagram, website analytics via google and contact forms via our website which is hosted through daily.co.uk.
Our website may also collect cookies/HTTP cookies. This is a small piece of data sent from a website and stored on your computer by your web browser in order to improve your browsing experience. You can update your cookies preferences at any time via your own browser(s) as this is not something we influence.
Please be assured, we only work with third party data processors who comply with the GDPR and at all times your personal details are secure.
Our website includes links to other websites. This privacy notice only applies to our website www.tranquility-dover.co.uk so when you link to other websites you should read their own privacy notices.
HOW DO WE USE PERSONAL DATA?
Carol Ann Marsh uses your data for the following legitimate purposes:
· To enable our business to respond to your enquiries and booking requests for beauty treatments and therapies/chiropractic treatment/acupuncture treatment or to record your personal preference of beauty products as part of our service to you. The information you give us may include your name, address, email address, phone number, relevant history which may suggest that a service or treatment should not go ahead or certain products should not be used (eg allergies, pregnancy, skin conditions), payment and transaction information, IP address and CVs.
· Enquiries include those made in person, by email or telephone, through e-newsletters or direct mail, or via our website at www.tranquility-dover.co.uk and associated social media platforms.
· To enable provision of beauty/chiropractic/acupuncture services according to your instructions.
· To keep in touch with you during the course of treatment(s) you have asked us to provide.
· To instruct GDPR-compliant third party data processors, where appropriate, who may be assisting us in the provision of your beauty treatment (in the case of complex therapies). This would be explained to you in each instance beforehand.
· To contact you occasionally by email newsletters (subject to your positive opt-in) or letter to follow up about the service(s) you have received or to inform you of similar services and products we offer that are relevant to you. You can update your details or unsubscribe from these contacts at any time.
We will keep your personal data on our secure systems indefinitely as a requirement of insurance cover (unless you request removal according to your rights under the GDPR).
SECURITY OF DATA
We operate a ‘safe file’ system in our salon and our staff are fully-trained in data security. This applies to all client files and contacts whether securely stored in physical files or held on desktop/hand-held devices. Non-essential paperwork is routinely shredded and recycled and physical records are locked in secure cabinets.
When making credit card payments to Carol Ann Marsh, your details are input direct into our secure payment terminal and we do not keep identifiable credit card details after use, except for the card terminal receipt which we are required to keep for 18 months, which are locked in secure cabinets.
YOUR RIGHTS UNDER THE GDPR
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of your personal data which Carol Ann Marsh holds.
The right to request that Carol Ann Marsh corrects any personal data if it is found to be inaccurate or out of date.
The right to request your personal data is erased where it is no longer necessary for Carol Ann Marsh to retain such data.
The right to withdraw your consent to the processing of personal data at any time.
The right to request that Carol Ann Marsh provides you with your personal data and where possible, transmits that data directly to another data controller, (known as the right to data portability).
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
The right to object to the processing of personal data.
The right to lodge a complaint with the Information Commissioners Office.
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer:
Carol Marsh at firstname.lastname@example.org
Or write to: Carol Ann Marsh, 4 Park Place, Dover, Kent CT16 1DF
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or write to:
The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF