WHAT IS GDPR?
The GDPR was adopted by the EU Parliament to:
Create consistency within all the member states of the EU as to the rules regarding data protection, implementation of the law, and how the rules are enforced.
Modernise the principles laid out in the 1995 Data Protection Directive (Directive 95/46/EC), which was written before the advent of social media, ‘smart’ mobile devices that now can access things like cameras and geo-location information, and the ubiquity of online services and communications.
Reinforce the rights of individuals to control and protect their personal data.
Strengthen the EU internal market, ensuring stronger enforcement of the rules, streamlining international transfers of personal data and setting global data protection standards .
THE GDPR APPLIES TO:
- Organisations located within the EU;
- Organisations located outside of the EU if they offer goods or services to (even for free), or monitor the behaviour of, EU residents; and
- Organisations processing and holding personal data of EU residents, regardless of the Organisation’s location.
WHAT IS PERSONAL DATA?
GDPR defines personal data broadly as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
A Data Controller is an organisation that determines the purposes, conditions, and means of the processing of personal data. Margaret Balfour Beauty Centre is a Data Controller, for the purposes of operating its beauty business in Sherborne and online at www.margaretbalfour.co.uk, and is registered to process personal data with the ICO (Information Commissioner’s Office) Reg. No. ZA338643.
The Data Protection Officer for Margaret Balfour Beauty Centre is Margaret Balfour who can be contacted at email@example.com
A Data Processor is an organisation that processes personal data on behalf of Controllers. Third party data processors with which Margaret Balfour Beauty Centre is associated includes (but is not limited to):
IT systems/Salon Control, Clarins UK (and the ClarinsforMe Loyalty Scheme), Mailchimp e-marketing/mailing list platform (and associated external marketing services), e-commerce software and paypal payment platform for online purchases via www.margaretbalfour.co.uk, salon accounts systems, social media platforms including facebook/twitter/instagram, website analytics via google and contact forms via our website.
Our website may also collect cookies/HTTP cookies. This is a small piece of data sent from a website and stored on your computer by your web browser in order to improve your browsing experience. You can update your cookies preferences at any time via your own browser(s) as this is not something we influence.
Please be assured, we only work with third party data processors who comply with the GDPR and at all times your personal details are secure.
HOW DO WE USE PERSONAL DATA?
Margaret Balfour Beauty Centre uses your data for the following legitimate purposes:
- To enable our business to respond to your enquiries and booking requests for beauty treatments and therapies or to record your personal preference of beauty products as part of our service to you.
- Enquiries include those made in person, by email or telephone, through e-newsletters or direct mail, or via our website at www.margaretbalfour.co.uk and associated social media platforms.
- To enable provision of beauty services according to your instructions.
- To keep in touch with you during the course of treatment(s) you have asked us to provide.
- To instruct GDPR-compliant third party data processors, where appropriate, who may be assisting us in the provision of your beauty treatment (in the case of complex therapies). This would be explained to you in each instance beforehand.
- To contact you occasionally by email newsletters (via our third party platform mailchimp and subject to your positive opt-in) or letter to follow up about the service(s) you have received or to inform you of similar services and products we offer that are relevant to you. You can update your details or unsubscribe from these contacts at any time.
We will keep your personal data on our secure systems indefinitely as a requirement of insurance cover (unless you request removal according to your rights under the GDPR).
SECURITY OF DATA
We operate a ‘safe file’ system in our salon and our staff are fully-trained in data security. This applies to all client files and contacts whether securely stored in physical files or held on desktop/hand-held devices. Non-essential paperwork is routinely shredded and recycled and physical records are locked in secure cabinets.
When making credit card payments to Margaret Balfour Beauty Centre, your details are input direct into our secure payment terminal and we do not keep identifiable credit card details after use.
YOUR RIGHTS UNDER THE GDPR
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Margaret Balfour Beauty Centre holds.
- The right to request that Margaret Balfour Beauty Centre corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for Margaret Balfour Beauty Centre to retain such data.
- The right to withdraw your consent to the processing of personal data at any time.
- The right to request that Margaret Balfour Beauty Centre provides you with your personal data and where possible, transmits that data directly to another data controller, (known as the right to data portability).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioners Office.
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer:
Margaret Balfour at firstname.lastname@example.org
Or write to: Margaret Balfour Beauty Centre, Swan Yard, Sherborne, Dorset. DT93AX
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or write to:
The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF