GDPR – HOW WE USE YOUR INFORMATION
EC Beauty is a beauty salon operated by Emma Chisholm within Morpeth Health & Beauty Rooms in Morpeth, Northumberland.
At EC Beauty we take your personal data very seriously and that's why we want to let you know why and how we collect and store your personal details in accordance with General Data Protection Regulation (GDPR) legislation.
HOW WE COLLECT YOUR DATA
We collect your data in several ways at EC Beauty, as detailed below.
In the salon, using a printed Client Consultation form. Further details of all information collected can be found below under the heading 'What personal data we collect and why'. The Client Consultation form is stored in a secure cupboard, and accessed and up-dated when you attend for a treatment.
Website and Facebook E-newsletter sign-up form, where you can sign up to receive our E-newsletter, requiring your name and email address. The sign-up form uses a double opt-in system before you are registered to receive emails from ourselves.
Social media - You may contact us via Facebook messenger, Instagram Direct Message or other networks and we will reply to your message as soon as possible thereafter.
CCTV - is operated within the premises where we are based, operated by Morpeth Health & Beauty Rooms Ltd. Your image may be captured on CCTV during your visit to the premises. This is for the safety and security of clients and staff at the premises as well as a deterrent for the purpose of criminal activity.
WHAT PERSONAL DATA WE COLLECT AND WHY
When arriving for your appointment at the beauty room, we will ask you to complete a Client Consultation form. We require the following personal details from you and have given a legal reason why we need these.
Your full name - So we can address you in the salon and ensure all communication is with the correct person.
Date of birth - To help us distinguish 2 clients with identical names and also for the emergency services in case of an emergency whilst at the beauty room.
Address - To aid the emergency services in case of an emergency whilst at the beauty room. If any of your loved ones contact us to send you a gift voucher.
Email address - To organise appointments, as well as emails about special offers and new products if you have consented to receive them.
Medical history - Including operations, diseases, disorders - Medical history is crucial to allow us to perform our treatments safely and adhere to the terms of our insurance.
Allergies - To ensure nothing we use during a treatment or around you at the beauty room can cause you harm, irritation or any other complications and to adhere to the terms of our insurance.
Medication - Some medication can be a contra-indication to treatment or react with products we use. It is essential we know details to protect you and adhere to our insurance terms.
Patch test - This is a skin test we carry out in the beauty room to test for potential allergic reactions to certain treatments. We keep this on file so we know you are able to have that treatment and in the event of a reaction we know what was used and when.
Treatment history - This is so we can see what treatments you have had how the treatment was carried out, so that we can ensure future treatments are consistent.
Your consent - We require you to read and sign a paragraph that allows us to obtain this information lawfully from you and legally store it in accordance with GDPR.
Your contact preferences - If you wish to be on our mailing list you must opt in otherwise we cannot legally send you our newsletters and special offers.
Your consent to use treatments photos - Some of our treatments involve before and after photos on our iphone or ipad, to aid the client experience and proof of progress/treatment. These are mainly but not limited to nail, eyebrow and eyelash treatments. Sometimes we like to use these on social media and need your permission to do so.
Your signature - To prove it was you that was present in the beauty room and that you answered all of the above to the best of your knowledge and honestly. That you agree to EC Beauty holding your data in paper form in our secure locked cupboard, and also your name and email address on our website providers server if you have consented to receive our marketing emails. Our website provider is GoDaddy.
For clients under the age of 16, we will only keep and use their personal information with the consent of a parent, carer or guardian.
HOW YOUR DATA IS STORED
Your data is held in digital and paper form at EC Beauty. Client Consultation forms are stored alphabetically in a locked cupboard that only Emma Chisholm has access to. Digital information is stored by GoDaddy in order to send marketing emails to you. Access to these email addresses is password protected.
Electronic devices at EC Beauty comprise an Apple iphone which is password protected does not contain client personal data except phone numbers. The iphone contains client images from previous treatments with client permission and are not used for any marketing purposes other than agreed by the client to post on social media, for example, Facebook and Instagram.
Pictures taken of treatments are deleted immediately after sharing on social media. Photos do not contain personal details or clients full face. We'd like to share some reviews that you send us via Facebook. Only a first name is used on Social Media, if at all.
Click here to visit the GoDaddy’s Privacy Notice.
HOW LONG WE HOLD YOUR PERSONAL DATA FOR
We will hold your data for up to 7 years unless you ask us otherwise as we appreciate some clients visit us weekly whereas some may come yearly. In order to continue to provide the client with the best service possible we need these records to see exactly what treatments were performed, reactions, likes, dislikes, patch tests, products used etc.
We do not sell or share your personal data with third parties. With the exception of GoDaddy, no other third party has any client personal data.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This is used by GoDaddy to track visitor use of the website and to compile statistical reports on our website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
Our website and newsletters include links to other websites. This privacy notice only applies to this website so when you link to other websites you should read their own privacy notices.
YOUR RIGHT TO ACCESS OR CHANGE YOUR MIND
The data controller for EC Beauty is Emma Chisholm. In the event of a breach of personal data you will be contacted by the above mentioned person within 72 hours of discovery.
You have the right to be forgotten. If at any time you no longer wish to be on EC Beauty’s database that's no problem, simply send an email to Emma at email@example.com who will remove any digital files and then cross shred your paper file and ensure if you opted onto our mailing list that this is also removed. When you unsubscribe from our emails, you are automatically removed from our mailing list.
You have the right to request a copy of the personal information that we hold about you. Responses to requests will be made within 30 days, and will be handled by Emma Chisholm.
You also have the right to data portability if you wish us to transfer some personal data, for example, patch test results if you are moving out of the area.
You also have the right to object to processing and direct marketing.
HOW TO CONTACT US
Please contact us if you have any questions about our privacy notice or information we hold about you:
By email at firstname.lastname@example.org
Write to us at EC Beauty, 12 Market Place, Morpeth, Northumberland NE61 1HG.You also have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern at www.ico.org.uk/concerns/handling