GDPR: DATA PRIVACY POLICY

Bliss Salon is committed to protecting and respecting your privacy. This document sets out the basis on which any personal data we collect from you, or that you are providing to us, will be processed by us. Please read the following information carefully to understand our views and practices regarding your personal data and how we treat it. The specific rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”). Additional information is also available from the ICO website.

1. INTRODUCTION

Client confidentiality is and always has been an essential part of our business operations, therefore Bliss Salon takes your privacy very seriously. Your privacy rights and how we gather, use and share your personal information is provided within this Privacy Notice. It includes the personal information we already hold about you currently and the further personal information we may collect about you, either from you or from a third party. How we use your personal information will depend on the particular services we provide to you.

“Personal information” (or personal data) is any information relating to an identified or identifiable natural person (i.e. an individual), for example this can be a name, an identification number, location data, an online identifier or any other identifier of that person’s physical, physiological, genetic, mental, economic, cultural or social identity.

Our Data Protection Manager (“DPM”) provides help and guidance to make sure we apply the best standards to protecting your personal information. The DPM can be reached by email at enquiries@BlissPerth.co.uk or by post at Data Protection Manager, Bliss Salon, 12 Hospital Street, Perth PH2 8HN if you have any questions about how we use your personal information or if you would like more information about the content of this Privacy Policy.

This Privacy Policy provides up to date information about how we use your personal information and will update any previous information we have previously provided. We will update our Policy if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.

Our website may have links to other websites. Our Privacy Policy only applies to our website so when you link to other websites you should read their own privacy policies as we have no jurisdiction over other websites unless expressed otherwise.

2. WHO ARE WE?

Bliss Salon is a beauty salon providing a range of beauty and wellbeing services. The Company must process personal data (including sensitive personal data) so that it can provide beauty and wellbeing services – in doing so, the Company acts as a data controller of personal information that we gather and use.

When we use “Bliss” “we” or “us” within this Privacy Policy, we refer to and mean Bliss Salon.  This means we decide how your personal data is processed and for what purposes. Our contact details are:  12 Hospital Street, Perth PH2 8HN.  We provide a wide range of services, all of which can be found on our website enquiries@BlissPerth.co.uk.

3. The purpose(s) of processing your personal data

We need some personal information before we can provide our services to you, for example to check your health prior to commencing any treatments. The exact information we require varies depending on the type of service we are providing. We use your personal data for the following purposes:

  • providing beauty and wellbeing services;
  • dealing with any complaints;
  • maintaining our own accounts and records; or
  • sending you relevant updates about our services, either to exercise our legitimate interests if you are a client (unless you have chosen to opt out of marketing) or with consent if you are not currently a client.

4. The categories of personal data gathered

With reference to the categories of personal data gathered, we process the following  categories of your data so that we can operate and administer the services we provide to  you:

       Personal data

  • Full name;
  • your address;
  • Email address;
  • Telephone number;
  • GP contact details.

Depending on the services provided by us, the above information may be sufficient however other personal information may be required which comes under processing of special categories, for example sensitive personal information about you, for example when we are to provide some of our beauty treatments.  If we do have sensitive personal information, it is because it is necessary to establish the best treatment for you and to ensure there are no contra-indicators which may affect your health. Special protection is given to certain kinds of personal information that is particularly sensitive. The conditions for processing special category data are listed in Article 9(2) of the GDPR.

Such processing may include for example:

  • General health;
  • Medical history; and
  • Lifestyle

Our policy is to hold and use sensitive personal information only if it is relevant to the services we are providing you and we will take the utmost care in keeping it secure.

Security of your information is a key element of data protection. We take appropriate measures to secure all personal information and protect it from unauthorised loss or damage. We train all staff and it is an employment requirement that management and our staff comply with our Data Security policy.

Of course, should you wish to withdraw your consent to our usage of sensitive personal information at any time, please let us know immediately or contact enquiries@BlissPerth.co.uk.  You should be aware however, this may mean we cannot provide you with your specific beauty treatments.

5. How we gather your personal information

We obtain personal information:

  • directly from you, for example when you meet with one of our staff in person, speak to us on the telephone, email us, use our website or fill out a web form;

To keep your data secure and allow us to stay in contact with you, please let us know whenever your personal information changes. For example, please let us know when you get a new email address, change your telephone number or business address so we can keep our records up to date. There may be occasions when we make contact with you directly to check that the data we hold about you is still accurate.

More information on lawful processing can be found on the ICO website.

6. Sharing your personal data

Your personal data will be treated as strictly confidential.

We do not share your personal information.   We do not allow third party service providers to use your personal data for their own purposes.

Such companies will not contact you directly unless you have agreed to that. All companies are required to comply with data protection laws and are regulated by a data protection regulator. Where it is necessary for your personal information to be forwarded to a third party we will use appropriate security measures to protect your personal data in transit and this will only be done with your explicit consent.

Data protection law requires us to have contracts in place with our suppliers who are data processors. These contracts need to contain appropriate protections including confidentiality and security.

Our suppliers have been carefully selected to provide us with appropriate services:

This supplier in providing our software can only access the system remotely where we have given our permission to service software issues and we are on the system whist they carry out their repair works.

Additional selected suppliers provide us with services relating to our website hosting, and telecoms systems, banking and payment services.

7. How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary for the purpose we collect it.   Different laws may also require us to keep different data for different periods of time.  We retain records for 10 years from:

  1. the date of their creation; or
  2. after the date on which we last provided you with beauty or wellbeing treatments.

Further examples are in case of any legal claims or complaints arising.

We may contact you at the expiry point to determine if you would prefer us to maintain contact with you.

8. Providing us with your personal data

We require your personal data as it is a requirement, necessary to enter into a contract with you.

9. Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

10. Transfer of Data Abroad

We do not transfer personal data outside the EEA.

11. Further Processing

If we wish to use your personal data for a new purpose, not covered by this Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

12. Cookie Policy

We do not obtain data about you from cookies.  They are widely used to make websites work or work more efficiently.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

13. How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Manager:

  • by email at enquries@BlissPerth.co.uk
  • by telephone on 01738 632 329; or
  • in writing to The Data Protection Manager, Bliss Salon, 12 Hospital Street, Perth PH2 8HN.

If this does not resolve your complaint to your satisfaction, you have the right to raise  a complaint directly with the Information Commissioners Office  (ICO) :

  • by telephone on 0303 123 1115
  • by email: Scotland@ico.org.uk
  • in writing to: Information Commissioner’s Office, 45 Melville St, Edinburgh EH3 7HL.