General Data Protection Regulation (GDPR) – Data protection Act 2018
This policy, sets out the basis in which Brow Chic by Ali processes personal data via our Website and booking platforms, what personal information we hold and why, and what your rights are. A copy of this document will be provided to you if you wish.
BROW CHIC by ALI, held under the trading name Spa-Solutions, is registered with ICO (information Commissioners Office).
The Purpose of processing Client Data
We may collect and process personal data you provide to us if you:
• complete an enquiry form or account on our Website
• complete a survey or review
• correspond with us by phone, e-mail, or in writing
• report a problem
• sign up to receive our communications
• make a booking on our booking platform
Personal Data collected for information purposes
Brow Chic by Ali will need to gather and retain potentially sensitive information and will only use this for the purposes of providing treatments and any advice given as a result of your treatment.
All personal and medical data is held secure via licensed software that is password protected and encrypted In order to prevent unauthorised access and is only accessible to those involved in the direct delivery of clients treatments.
• your name, title, date of birth and gender
• contact details including telephone number, postal address & company address, email address (where provided by you)
• medical history and other health related information
• treatment details and related notes
This information will not be shared with any other party without your explicit consent
How long is your data held for:
Brow Chic by Ali will keep your information for the following periods:
Records to be kept for 8 years after last treatment
It is a requirement of insurance that the above data be held for the above time. After this time, your information will be securely destroyed.
Personal Data collected for marketing purposes
Legitimate interests: where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
• providing you with newsletters, surveys, information about our awards and events, offers, and promotions which may be of interest to you;
• communicating with you in relation to any issues, complaints, or disputes;
• improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our Website;
• performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns.
• developing, improving, and delivering marketing and advertising for products and services offered Some personal information is gathered for the purposes of marketing
• information about your visit to our Website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
You have the opportunity to opt into or opt out marketing emails at any time. Where you receive marketing communications from us, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.
GDPR gives you the following rights:
• The right to be informed: To know how your information will be held and used (this notice).
• The right of access: To see your treatment records of your personal information, so you know what is held about you and can verify it.
• The right to rectification: To tell us to make changes to your personal information if it is incorrect or incomplete.
• The right to erasure (also called “the right to be forgotten”): For you to request us to erase any information they hold about you. This right only comes into effect once the “claims occurring” insurance requirement has been adhered to so information cannot be deleted until 8 years following your last treatment.
• The right to restrict processing of personal data: You have the right to request limits on how we use your personal information
• The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
• The right to object: To be able to tell us you don’t want us to use certain parts of your information, or only to use it for certain purposes.
• Rights in relation to automated decision-making and profiling.
• The right to lodge a complaint with the Information Commissioner’s Office: To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.
Brow Chic by Ali Rights
• If you do not agree to Brow Chic by Ali keeping records, personal information, medical information and treatment notes in relation to the performing treatments on you, Brow Chic by Ali will not be able to treat you
• Brow Chic by Ali will have to keep your records for a certain period as described above, which may mean that if you ask us to erase any details about you, they can only be erased until after that period has passed.
• Brow Chic by Ali has the right to move your information between computers and IT systems, as long as your details are protected from being seen by others without your permission.
Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-dataprotection-regulation-gdpr/individual-rights/
If you wish to exercise any of these rights, please use the contact details given above.
If you are dissatisfied with the response you can complain to the Information Commissioner's Office; their contact details are at: www.ico.org.uk