Here at The Luxe Clinic we take your personal data very seriously and that's why we want to let you know why and how we collect and store your personal details in accordance with the GDPR legislation that came into effect on 25th May 2018.
At The Luxe Clinic we collect your data in several ways, detailed below;
What personal data we collect and why:
When arriving for your appointment at The Luxe Clinic, we will ask you to complete a client consultation form that includes your personal contact details on how you would like us to contact in future. We require the below personal details from you and have given a legal reason why we need these.
How your data is stored - Your data is in digital and paper form. Paper copies of client consultation forms are stored alphabetically in a locked filing cabinet that only The Luxe Clinic can access. Digital information is stored using Premier Software an online booking system which is protected. The Luxe Clinic can only access this by using a password.
Electronic devices at The Luxe Clinic comprise of a computer, tablet and mobile phone all of which are password protected. The devices contain some client images from previous treatments with client permission and are not used for any marketing purposes other than agreed by the client in their consultation form. Photos do not contain personal details or a client’s full face (unless asked by us and agreed by yourself).
How long we hold your personal data for –We will hold your data for up to four years unless you ask us otherwise as we appreciate some clients visit us weekly whereas some might come yearly. In order to continue to provide the client with the best service possible we need these records to see exactly what treatments were performed, reactions, likes, dislikes, skin (patch) tests, products used etc. plus insurance require us to hold on to client data for four years.
Third parties – At The Luxe Clinic we do need a little help to deliver our email confirmation, 24 hour reminders, failure to show notices and emails. We use Salonlite who have updated their software to comply with the GDPR Legislation. WE DO NOT sell or share your personal data with anyone. No other third party has any client personal data.
Your data control officer for The Luxe Clinic is Chelsea Rodd. In the event of a breach of personal data you will be contacted by the above-mentioned person within 72 hours of discovery.
You have the right to be forgotten. If at any time you no longer wish to be on The Luxe Clinic database that's not a problem, simply send an email to Chelsea Rodd at email@example.com
I will personally remove your digital file if you have one and shred your paper file and ensure if you opted onto our mailing list that this is also removed.
You have the right to access your personal data that The Luxe Clinic holds and the right to rectification if it is incomplete, incorrect or out of date.
You also have the right to Data Portability if you wish us to transfer some personal data, maybe patch test results if you're moving town to another salon.
You also have the right to object to processing and direct marketing. Your data can remain in one place but not used.