It will describe how we collect, use, store and dispose of your data.
Going forward, if at any point you object to Spa-To-You holding your data please contact us at any time, and request us not to, and notify us of your ‘right to be forgotten’.
How do we collect your data?
We collect your data by various methods, verbally, written, electronically, and via social media.
How do we store your data?
We will store your data electronically on an encrypted pc and in a paper format secured and protected. By law we must retain some of your data for business purposes for 7 years. After this time all data we hold on you will be destroyed or deleted.
You have the right to access the data we hold at any time. You also have the right to be forgotten. This will prevent us from contacting you again for marketing or any other purpose. We will still need to retain any historical data for 7 years for the purposes mentioned above.
What data do we collect?
We need to collect and use various data from you for working business purposes. This data includes but not limited to.
Date of birth.
Full postal address.
Medical information (Only those conditions specified by you for the purposes of your safety, health, and protection during the supply of treatments to you).
The same details for other members of a larger group (their permission will be granted separately).
How will we use this data?
We only use your data for business needs. These include, identifying, contacting and getting to you. Making sure that our treatments are correct, safe for you, and to gain your approval.
We will also use your data for keeping you informed of our offers and services for marketing purposes.
Sharing of your data.
Spa-To-You will never share your data with third parties unless for the a specific business need to help protect you. In this instance your data will only be shared on a need to know basis with our insurer The British Association of Beauty Therapy and Cosmetology (BABTAC).
You have various rights and protections under data protection laws including the General Data Protection Regulation (GDPR).
These include your right to,
Complain. You can do this in writing, and Spa-To-you will respond in writing within 72 hours of receipt of any complaint.
Right of access. You have the right to contact us and ask us for copies of your personal information. This right always applies. A template of this type of request is available on the Information Commissioner’s Office (ICO). We have one month to respond.
Right to rectification. You have the right to ask us to rectify any information you believe is inaccurate. You also have the right to ask us to complete any information you believe is incomplete. This right always applies.
Right of erasure. You have the right to ask us to erase your personal information in certain circumstances. We will not be able to delete your data when required for specific obligatory purposes.
Right to the restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances.
Right to the objection of processing. You have the right to object to the processing of your data. This is for the purposes of marketing.
Does Spa-To-You act as a data controller or processor?
Spa-To-You is a controller and a processor of your data.
Spa-To-You has a presence on social media, and takes all possible opportunities to protect data and restricts access to any personal data it holds. However, we would encourage you to review your own privacy settings, that controls the access to your data that could be accessed by anyone that may link to you via Spa-To-You’s social media channels.