Privacy Policy (GDPR)

Privacy Policy - Data Storage and GDPR Compliance

Effective Date: July 2023

Data Collection and Purpose:

a. As a beauty salon based in the UK, we collect and store the following personal data from our clients to ensure the provision of safe and effective treatments:

  • Client's name
  • GP name and contact information
  • Doctor surgery addresses
  • Mobile numbers
  • Address
  • Health records (necessary for treatment purposes)

b. We utilize this information solely to deliver our services with the utmost care, ensuring no negative implications on the client's health or well-being.

Data Retention and Deletion:

a. We store client data until it is no longer necessary for the purpose it was collected, or until the client requests its deletion.

b. Clients have the right to request the deletion of their data at any time.

c. If a client requests data deletion, they will be required to fill out a form each time they visit.

GDPR Compliance:

a. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal data of individuals within the European Union (EU).

b. We are committed to adhering to GDPR principles and protecting our clients' personal data.

c. All personal data collected is processed lawfully, fairly, and transparently.

d. Clients have the right to access, rectify, or request the erasure of their personal data held by us.

Third-Party Services:

a. We use Acuity Scheduling and Stripe to manage payments, bookings, and appointments. When clients use these services, they may provide their full name, mobile numbers, emails, and card details.

b. Acuity Scheduling and Stripe are GDPR compliant and securely handle client data.

c. We do not share or sell any personal information with third parties.

Marketing Communication:

a. We occasionally send marketing emails to clients who have explicitly agreed to receive them.

b. Clients have the right to opt out of marketing communications at any time by unsubscribing through the provided link.

Data Security:

a. We take the security of our client's personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, loss, or disclosure.

b. Access to client data is limited to authorized personnel only.

Consent:

By providing us with their personal data, clients consent to its collection, storage, and processing as described in this Privacy Policy.

Contact Information:

For any questions, concerns, or requests related to data privacy or GDPR compliance, clients may contact us using the following details:

Arch Shoreditch
info@archshoreditch.com

We reserve the right to update and modify this Privacy Policy as necessary. Any changes will be reflected on our website, and clients will be notified of significant updates.