Bliss Salon is committed to protecting and respecting your privacy. This document sets out the basis on which any personal data we collect from you, or that you are providing to us, will be processed by us. Please read the following information carefully to understand our views and practices regarding your personal data and how we treat it. The specific rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”). Additional information is also available from the ICO website.
Client confidentiality is and always has been an essential part of our business operations, therefore Bliss Salon takes your privacy very seriously. Your privacy rights and how we gather, use and share your personal information is provided within this Privacy Notice. It includes the personal information we already hold about you currently and the further personal information we may collect about you, either from you or from a third party. How we use your personal information will depend on the particular services we provide to you.
“Personal information” (or personal data) is any information relating to an identified or identifiable natural person (i.e. an individual), for example this can be a name, an identification number, location data, an online identifier or any other identifier of that person’s physical, physiological, genetic, mental, economic, cultural or social identity.
2. WHO ARE WE?
Bliss Salon is a beauty salon providing a range of beauty and wellbeing services. The Company must process personal data (including sensitive personal data) so that it can provide beauty and wellbeing services – in doing so, the Company acts as a data controller of personal information that we gather and use.
3. THE PURPOSE(S) OF PROCESSING YOUR PERSONAL DATA
We need some personal information before we can provide our services to you, for example to check your health prior to commencing any treatments. The exact information we require varies depending on the type of service we are providing. We use your personal data for the following purposes:
- providing beauty and wellbeing services;
- dealing with any complaints;
- maintaining our own accounts and records; or
- sending you relevant updates about our services, either to exercise our legitimate interests if you are a client (unless you have chosen to opt out of marketing) or with consent if you are not currently a client.
4. THE CATEGORIES OF PERSONAL DATA GATHERED
With reference to the categories of personal data gathered, we process the following categories of your data so that we can operate and administer the services we provide to you:
- Full name;
- your address;
- Email address;
- Telephone number;
- GP contact details.
Depending on the services provided by us, the above information may be sufficient however other personal information may be required which comes under processing of special categories, for example sensitive personal information about you, for example when we are to provide some of our beauty treatments. If we do have sensitive personal information, it is because it is necessary to establish the best treatment for you and to ensure there are no contra-indicators which may affect your health. Special protection is given to certain kinds of personal information that is particularly sensitive. The conditions for processing special category data are listed in Article 9(2) of the GDPR.
Such processing may include for example:
- General health;
- Medical history; and
Our policy is to hold and use sensitive personal information only if it is relevant to the services we are providing you and we will take the utmost care in keeping it secure.
Security of your information is a key element of data protection. We take appropriate measures to secure all personal information and protect it from unauthorised loss or damage. We train all staff and it is an employment requirement that management and our staff comply with our Data Security policy.
Of course, should you wish to withdraw your consent to our usage of sensitive personal information at any time, please let us know immediately or contact enquiries@BlissPerth.co.uk. You should be aware however, this may mean we cannot provide you with your specific beauty treatments.
5. HOW WE GATHER YOUR PERSONAL INFORMATION
We obtain personal information:
- directly from you, for example when you meet with one of our staff in person, speak to us on the telephone, email us, use our website or fill out a web form;
To keep your data secure and allow us to stay in contact with you, please let us know whenever your personal information changes. For example, please let us know when you get a new email address, change your telephone number or business address so we can keep our records up to date. There may be occasions when we make contact with you directly to check that the data we hold about you is still accurate.
More information on lawful processing can be found on the ICO website.
6. SHARING YOUR PERSONAL DATA
Your personal data will be treated as strictly confidential.
We do not share your personal information. We do not allow third party service providers to use your personal data for their own purposes.
Such companies will not contact you directly unless you have agreed to that. All companies are required to comply with data protection laws and are regulated by a data protection regulator. Where it is necessary for your personal information to be forwarded to a third party we will use appropriate security measures to protect your personal data in transit and this will only be done with your explicit consent.
Data protection law requires us to have contracts in place with our suppliers who are data processors. These contracts need to contain appropriate protections including confidentiality and security.
Our suppliers have been carefully selected to provide us with appropriate services:
- iSalon software: for our appointment records and management – for more information read their Privacy Notice Policy https://www.isalonsoftware.co.uk/privacy/.
This supplier in providing our software can only access the system remotely where we have given our permission to service software issues and we are on the system whist they carry out their repair works.
Additional selected suppliers provide us with services relating to our website hosting, and telecoms systems, banking and payment services.
7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We keep your personal data for no longer than reasonably necessary for the purpose we collect it. Different laws may also require us to keep different data for different periods of time. We retain records for 10 years from:
- the date of their creation; or
- after the date on which we last provided you with beauty or wellbeing treatments.
Further examples are in case of any legal claims or complaints arising.
We may contact you at the expiry point to determine if you would prefer us to maintain contact with you.
8. PROVIDING US WITH YOUR PERSONAL DATA
We require your personal data as it is a requirement, necessary to enter into a contract with you.
9. YOUR RIGHTS AND YOUR PERSONAL DATA
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
10. TRANSFER OF DATA ABROAD
We do not transfer personal data outside the EEA.
11. FURTHER PROCESSING
If we wish to use your personal data for a new purpose, not covered by this Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
We do not obtain data about you from cookies. They are widely used to make websites work or work more efficiently.
13. HOW TO MAKE A COMPLAINT
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Manager:
- by email at enquries@BlissPerth.co.uk
- by telephone on 01738 632 329; or
- in writing to The Data Protection Manager, Bliss Salon, 12 Hospital Street, Perth PH2 8HN.
If this does not resolve your complaint to your satisfaction, you have the right to raise a complaint directly with the Information Commissioners Office (ICO) :
- by telephone on 0303 123 1115
- by email: Scotland@ico.org.uk
- in writing to: Information Commissioner’s Office, 45 Melville St, Edinburgh EH3 7HL.