Privacy policy

Privacy Policy
Last update: 24/05/2018

Grace Ellen Beauty and your personal data
This is Grace Ellen Beauty’s Privacy Policy. It sets out how we collect and process your personal data, what we use it for, and gives you important information on how you can amend information we hold on you such as amending or removing consent for marketing communications or updating your personal details. If you have any queries about this policy or how we handle any personal data you provide to us, please contact us using the details provided at the bottom of this document.
“Personal Data” is any data that identifies you. The Personal Data which you supply to us you agree will be true. We will deal with your Personal Data in compliance with the current UK & EU data protection legislation, which includes the EU General Data Protection Regulation (GDPR) which comes into force on 25th May 2018. Please note this applies only to services which we operate and control. For such external services or sites please see their Privacy Policies to understand how they might be handling your data.

Who is Grace Ellen Beauty?
Grace Ellen Beauty is a small family run Beauty Salon based in Little Chalfont.

Our Purpose for Collecting and Processing Personal Data
Our intention is to provide the best possible experience for visitors to our beauty salon and the local community in which we operate. We collect and process data in order to keep accurate records of client information, appointment reminders, medical information and beauty related services. Also to send them of appropriate and relevant information and to help provide and improve our services as a whole.
Some data is required in order to operate our services to you, and in some cases we are required to hold certain information for legal compliance, law enforcement or contractual purposes. We will hold the information for a minimum of 7 years this is for insurance purposes.

Legal Basis
Data protection laws set out a number of valid reasons for the collection and processing of personal data. These include: Consent, such as ticking a box / filling in the email line of the consult form to opt-in to receive marketing emails from us; legitimate Interest; compliance with the law; and, to fulfil contractual obligations.

What Data We Collect
When filling in your consultation we collect name, address, date of birth, contact number and medical history. This again is for insurance purposes and it also important to us so we can provide safe beauty services.
Personal details are required in order to sign-up to the Grace Ellen Beauty loyalty scheme, which provides members with offers and promotions. These details are required to administer the scheme, such as the sending of birthday discount vouchers, identifying members, informing them of the current offers and promotions within the scheme, and tracking usage of the scheme.

Use of Personal Data for Marketing Communications
We only send post, email, text messages and mobile notifications to you about news and services that we consider may be of interest to you only if you have given us permission to do so or if appropriate where we consider there to a legitimate interest in the information for example if you have signed-up to the Grace Ellen Beauty loyalty scheme and knowledge of available offers and promotions is the primary function of the scheme.

Who Controls or Has Access to the Data?
Personal data is accessed and processed by staff at Grace Ellen Beauty involved in operating the relevant beauty services. The use of personal data will remain under the control of Grace Ellen Beauty at all times operating as the Data Controller. We do not sell your data to other companies.
Data subjects have various rights in relation to accessing and amending the data companies hold on them under GDPR. More information on how to do this can be found later in this document.

Retention Period & Criteria
We only keep personal data for as long as necessary for the purpose for which it was collected or to comply with legal, contractual or law enforcement purposes. At the end of this period data is deleted.

Security
We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the Internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.

Data Subject’s Rights
Data subjects have a number of rights which we recognise and uphold. These include: The right to be informed about how we collect and process your personal data which is detailed in this document; The right to access this information; The right to rectify or erase data; The right to restrict the processing of data; The right to data portability; The right to object; and, rights relating to automated decision making and profiling. Data subjects also have the right to lodge complaints with the Information Commissioners Office and the right to withdraw consent.

How do I access or amend my data?
You can access and update your personal details by either emailing our team at graceellenbeauty@icloud.com or contacting us by phone on 01494 766 468. In line with GDPR access requests are free and will be responded to within a month.

How do I remove myself from your mailing list?
If you want to be removed from our mailing list simply email us or call us and say that you would like to opt out.
Each email we send contains an opt out option.
Opting out of marketing communications will be honoured unless a later opt-in is received for the same contact details.
If you would like request we delete your data completely please email us at graceellebeauty@icloud.com

Changes to this Privacy Statement
We will occasionally update this Privacy Statement and when we do, we will also revise the “last updated” date at the top of this document. We will obtain your consent for any updates to this Privacy Statement that materially expand the sharing or use of your personal information in ways not disclosed in this Privacy Statement at the time of collection.