email@example.com/ 07906 275023
Upstairs at Lucinda Wildin Hair, 144 High St, Kelvedon CO5 9JA
I need to inform you what information I collect, why I collect it, how it is processed, how long it is stored for, who it is shared with and your rights with regard to this.
Firstly please rest assured that any information that you share with me via phone, email or in person is considered absolutely confidential and will not be shared or sold.
With regard to GDPR here is what you need to know:
There is CCTV at the salon which may record you entering and leaving the premises. This does not operate upstairs - where my treatment room is located - at all - only downstairs in the hairdressing area. I am not responsible for the CCTV. If you wish to discuss its operation you would need to contact the salon owners Lucinda and Toby Metson.
What info do I collect and why?
At your first appointment I take a consultation. Personal information collected is name, address, date of birth, occupation and your contact details.
I also note your current and past health and wellbeing in the form of a medical history. As a practitioner I have a "legitimate interest" to collect this information to provide you with safe and beneficial treatment or products.
At future appointments notes may be taken and added to the initial information given where circumstances have changed - ie operations, change of medication, injuries sustained, pregnancy etc.
The therapeutic "contract" between me as a practitioner and you as the client allows me to contact you with information relevant to the service I am providing for you ie appointments, check backs, advice, request for payment, changes to services provided etc
How is this information processed and how long is it stored for?
Consultation and any further treatment notes are taken on paper and stored initially at my treatment room and then transferred to a locked storage box at my home.
These records are kept securely for a minimum of 7 years for adults and longer for children, from the date of your last appointment, in accordance with my professional insurance requirements.
When you contact me or I contact you via email or phone an electronic data record will be present. I use Outlook as my current email provider.
My online booking system is operated by a company called Full Slate. Your email and contact mobile number are taken with your consent and a record of dates of treatment and treatment taken is stored on this system. No notes pertaining to your treatment are transferred to this system other than anything you choose to write in the "notes" section on booking your appointment. The system will send you an email confirmation and text reminder of your appointment.
I do not keep any written records of personal information or records pertaining to your treatments as documents on electronic devices.
If you pay by bank transfer my invoices with a record of treatment taken, date and cost are stored on my laptop and used solely for accounting and tax purposes. I do not collect or keep any financial information of clients and people who use my services.
Who is the information shared with?
No one. Paper records are stored in a locked box and only accessed by myself. My electronic devices are password protected and only used and accessed by myself.
You have the right to see what personal data of yours I hold, to ask that any factual errors are corrected and that records are erased after the required minimum retention required - ie minimum of 7 years.
In some circumstances where there is "legitimate interest" of the practitioner to retain records, erasure of records may be deemed unjustified.
If you feel I am mishandling your data you do have the right to complain - in the first instance to the Data Controller of the organisation- ie me - Louise Green, 144 High Street, Kelvedon, Essex CO5 9JA. If you are not satisfied with the response you have the right to raise the matter with The Information Commissioner's Office.
I don’t share your information with anyone and I do everything required of me to keep the information that you do share with me safe and secure. If you have opted in to receive marketing emails from me then these will be sent on an occasional basis, otherwise as a client I only contact you in accordance with our therapeutic contract.
If you have any concerns or require any clarity or further information please contact me firstname.lastname@example.org. Louise Green