THE BEAUTY WARDROBE DELIVERY FAQ’s
Privacy Notice – Treatment and Products
The Beauty Wardrobe Limited
About this document
This Privacy Notice will help you understand how we collect, use and protect your personal information. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Data Protection Officer by email: firstname.lastname@example.org or by post: Data Protection Officer, The Beauty Wardrobe Ltd, 1230 Leeds Road, Bradford, BD3 8LG.
We take privacy seriously and at any time, you may request a copy of information we have recorded about you. You may also request we remove all identifiable information with respect to yourself. As a matter of course, we will delete your identifiable information if you have not undertaken business with us after 5 years. By agreeing to use our services, you agree to this consent.
Who we are
The organisation responsible for the processing of your personal information is The Beauty Wardrobe, 1230 Leeds Road, Bradford, BD3 8LG. This means that we are a ‘data controller’ under the Data Protection Act 1998 (and, once in force, to the General Data Protection Regulation (also known as the GDPR)). Our registration number with the Information Commissioner’s Office is A8328837.
WHAT INFORMATION WE COLLECT ABOUT YOU
The personal data you have provided, we have collected from you, or we have received from third parties includes:
name, address and address history, date of birth and gender
contact details, including telephone numbers and email address
financial information, including credit/debit card details (although we do not retain complete payment card information)
details about your family and dependants (e.g. your marital status and number of children)
information about your lifestyle and living circumstances (e.g. your medical history, biometrics and diet)
identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address
Retain pictures of treatment areas or potential treatment areas for the use of medical research, promotional and audit.
Digital Channel. If you have contacted us directly or through a third party (example Facebook, Instagram or Text Message) we may continue to use this form of communication(s)
When contacting us through the website, we may collect cookies for a better online experience.
We use CCTV on premises and may forward this onto relevant legal authorities.
We collect voice recordings of all phone conversations between ourselves and the client. This could have sensitive and medical information but never store credit / debit cards over the phone.
Any information regarding COVID-19
HOW WE COLLECT INFORMATION ABOUT YOU
Most of the personal information we hold about you is that which we collect directly from you, for example:
each time you contact us through various mediums
when you purchase our products or services
when you register to receive information from us
when you complete a consultation form to have a consultation or treatment from us
From our website including your cookies and browsing history
Each time you have a new area treated, we may take pictures for tracking of progress and for legality purposes.
each time you interact with us, respond to communications or surveys, or enter competitions
when you make enquiries or raise concerns with our customer service team.
Filling in in salon registration forms at check in / checkout
When you call us or we call you
In order to understand more about you and provide you with an appropriate treatment plan, and to improve our marketing interaction, we also supplement and combine the personal information that we collect from you with other categories of data obtained from other sources, such as indicated below: confirmation:
Data from digital sources
WHAT WE USE YOUR INFORMATION FOR AND THE LEGAL BASES FOR PROCESSING
We may store and use your personal information for the purposes of:
(a) recommending you the correct treatment.
(b) Recording personal and biometric data for better enhancement of treatment and tracking the overall success of treatment.
(c) keeping biometric and pictures on a secure cloud based system compliant with GDPR
(d) keeping track of number of treatments, frequency, products and for promotional purposes
(e) time to time, we may process (to or from) payments via third parties i.e banks, paypal, stripe. We may need to take your payment details or we may need to give you ours. We do not keep these details.
(f) we keep an electronic data on a GDPR compliant software system but we also keep paper copies for treatments.
(g) CCTV footage is kept on site until it records over itself. Usually for 30 days. In the event of an incident i.e theft, robbery, car accident etc, we can share this on social media to find the culprit(s) or person of interest. We can also share the video with legal representatives.
(h) communicating with you about your quotes, treatment and product information, including responding to your enquiries.
(i) administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(j) undertaking market research and statistical analysis, including analysing your use of our website. This allows us to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
(k) fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).
(l) we store phone records including medical information which could be passed on to Government department ie. Track and trace for COVID-19 related incidents.
Our “legitimate interests” as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
WHERE WE STORE YOUR INFORMATION
We keep your treatment plan, biometrics and medical and personal history on paper format, kept in a secure filing cabinet. Every therapist has access to this information however we have CCTV directly watching this. We also keep a computerised form of your personal and biometric details.
We take privacy seriously and at any time, you may request a copy of information we have recorded about you. You may also request we remove all identifiable information with respect to yourself. As a matter of course, we will delete your identifiable information if you have not undertaken business with us after 5 years.
For transparency, listed are the business services we provide and how each service uses the information we collect.
Appointment confirmations and reminders
We will contact you via phone, email or SMS to confirm appointments made and remind you of upcoming appointments. We consider your having made the appointment as consent to undertake this activity but, if you want, you may opt out at any time.
Appointment ratings and reviews
After visiting us we may send you an email or SMS asking you to rate our services and provide feedback. We consider you having received services as consent to undertake this activity but, if you want, you may opt out at any time.
Data processors and data locations
We use numerous leading software solutions within our business to provide the services listed above. These software solutions act as data processors and store and process data in numerous locations outside our business premise. For a list of data processors and data storage locations please visit: www.shortcuts.com.au/datastoragestatement.
USING YOUR PERSONAL DATA FOR MARKETING
We will send you marketing about similar products and services by post, telephone, email, SMS and through digital channels. Digital channels includes social media and similar such digital marketing channels. We may upload and match the personal data you provide to us with the data you provide to social media and similar such digital marketing channels. This allows us to improve our knowledge of you and, in return, serve you with relevant marketing messages.
You can object to receiving marketing from us at any time. Please provide your details via post Data Protection Officer, 1230 Leeds Road, Bradford, BD3 8LG or alternatively follow the unsubscribe link in our marketing emails or SMS; or send us your name, address and date of birth via email to email@example.com
We consider that it is within our legitimate interests to send you information about our products and services for marketing purposes.
WHO WE SHARE YOUR DATA WITH
Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties:
insurance underwriters and others who are involved with the provision of insurance services to you alongside us (as is necessary for the performance of a contract between you and us);
third party service providers who we instruct for the purposes of handling marketing, SMS, computerised system (as is necessary for the performance of a contract between you and us);
third party data suppliers, as explained under “How we collect information about you” (as is necessary for our legitimate interests);
third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers, and debt collection agencies (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
regulators and law enforcement agencies, including the police, the Financial Conduct Authority, Government Track & Trace Department, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations).
HOW LONG YOUR INFORMATION IS KEPT
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 5 years on our main systems after which time it will be archived, deleted or anonymised. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details.
Under the Data Protection Act 1998 you have the following rights:
to obtain access to, and copies of, the personal information that we hold about you;
to require that we cease processing your personal information if the processing is causing you damage or distress; and
to require us not to send you marketing communications.
Once the GDPR comes into force on 25 May 2018, you will also have the following rights:
to require us to erase your personal information;
to require us to restrict or object to our data processing activities;
to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
to require us to correct the personal information we hold about you if it is incorrect.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.
You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk.