Privacy policy.
At Cicely’s Holistic Beauty we take our handling of your personal data very seriously. Per guidelines from the Federation of Holistic Therapists (FHT) and the General Data Protection Regulation (GDPR), we would like to make clear how we process your personal data/ information and what data we process.
We process five main sources of your personal data:
The physical paper form you fill out when you first have an appointment with us. This has your prior medical conditions, address, title, name, date of birth, email, beauty treatment/ beauty product history.
Regarding this form, we only hold one original paper version of this on salon premises, which are locked when unattended. We do not make copies, or store it electronically, and will not pass these to a third party unless you explicitly request we do so. Per recommendations by the Federation of Holistic Therapists (FHT), and in relation to insurance requirements, we hold this information for 10 years.
Please see this form the Federation of Holistic Therapists Website https://www.fht.org.uk/fs/s/v/taster-treatment.pdf
“How long do you keep client records for?”
At the time of writing, the Information Commissioner’s Office (ICO) refers people to Principle 5 of the Data Protection Act, which recognises that there is not a 'one size fits all' approach in areas like data retention. This means it is up to the individual to determine what they believe is 'a reasonable period of retention' to suit their business and clients' needs.
As I hold Combined Medical Malpractice, Public and Products insurance through the FHT, the policy underwriters, Hiscox, stipulate that client records should be retained for a minimum of 10 years.
Your email, and name and address and other relevant contact details e.g. phone number (treatment/ medical history are not stored electronically – only on paper as above), which we store electronically in our Gmail account. To secure this account we use two-step password authorisation. We only use this to be able to contact you for treatment/ appointment related issues, or to send you our newsletter/ our business related information, which you would have to specifically opt-in to receive, in the original form #1 you filled out.
If you have liked/ messaged us on Facebook, we will be aware of the existence of your profile and you will see updates from us. Similar with What’s App, which some clients like to contact us through. We don’t do anything with this data, and simply make it available as a means for you to contact us for appointments. Please be aware of the respective privacy policies of both Facebook and WhatsApp, when communicating with us through this medium.
We process your credit card data when taking credit card/ debit card payments. We keep receipts of these transactions and use a standard credit card/ debit card machine supplied by WorldPay.
We keep paper details of appointment times/ names/ time/ date/ phone number on our appointment book. We keep these for tax related records, again for 10 years and as recommended by the FHT.
GDPR states regarding personal data:
only collect information that you need for a specific purpose.
keep it secure.
ensure it is relevant and up to date.
only hold as much as you need, and only for as long as you need it.
Allow the subject of the information to see it on request.
Your rights regarding this data:
You can see/ update any medical/treatment related history if it is incorrect.
You can have a copy of this data if you so wish. We will supply this as soon as possible, and certainly within the one month required by the GDPR.
You can make a complaint about our handling of your data to the Information Commissioner’s Office.
We would ask the following:
Please let us know as soon as possible of any updates to the above data, especially anything about your medical/allergy history, which is very important in relation to the safety of your treatment.
If you are a guardian or parent of a child, and you wish them to receive treatment, then we will need explicit written permission to store their data.