I, Grace Emmerson, hold some of the information you give me. This document outlines how that information is used and how I keep it secure.
Your personal data is held securely on password-protected devices, is accessed and read only by me and is never sold or shared with a third party except in exceptional circumstances.
The only exception to this is when a third party member of my family take a parcel to the post office to post your online order. In this instance they will see your name and address.
I keep your personal data for a maximum period of three years after our last contact or transaction unless you request it is deleted sooner.
- How I obtain your personal data
You provide me with personal data in the following ways:
- During a Dr Hauschka Facial, Body Treatment, Holistic Massage or skin care consultation
- Through email, over the telephone or by post
- By taking credit card and online payment
This may include the following information:
- name, postal and email address, contact details and date of birth.
- details of your treatment or consultation.
I use this information in order to provide you with an efficient service. This means that the legal basis of our holding your personal data is for legitimate interest.
- How we use your personal data
I act as a data controller for use of your personal data to provide skin care treatment and advice. I act as a data controller and processor in regard to the processing of credit card and online payments.
I undertake at all times to protect your personal data, including any health and contact details, in a manner which is consistent with my duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. I will also take reasonable security measures to protect your personal data storage.
I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime. Also where there is a legal requirement such as a formal court order. I may use your data for marketing purposes such as newsletters subject to you giving me your express consent.
- Do I share your information with other organisations?
I will keep information about you confidential. I will only disclose your information with other third parties if required by duty or law:
- My insurance company for the processing of a complaint made by you
- Any legal or crime prevention agencies if I have a duty to do so or if the law allows us to do so
- What are your rights?
You have the right to see, amend, delete or have a copy, of data held that can identify you, with some exceptions. You do not need to give a reason to see your data.
If you wish to access your data please contact me at firstname.lastname@example.org and I will respond in a timely fashion. You have the right, subject to exemptions, to ask to have your information deleted or corrected or updated where it is no longer accurate
- What safeguards are in place to ensure data that identifies you is secure?
I only use information that may identify you in accordance with GDPR. This requires me to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful.
I also ensure the information is kept in secure locations, restrict access to information to authorised personnel only, protect personal and confidential information held on equipment such as laptops with a firewall and up to date security systems.
- How long will I hold confidential information for?
Following completion of your treatment I retain your personal data for a maximum period of three years after our last contact or transaction. This enables me to offer continuance of service and to process any complaint you may make.
- Website technical details
I do use electronic forms on my website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. I also aim to use secure forms where appropriate.
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout
If you have a complaint regarding the use of your personal data please contact Grace Emmerson, 38 Fernbank Rd, Bristol, BS6 6PU or email email@example.com and I will do my best to help you.