Last updated and effective from 25th May 2018.
Data privacy is of high importance for Bijou Beauty Therapy and we want to be open and transparent with our processing of your personal data.
We therefore have a policy setting out how your personal data will be processed and protected:
Who is the controller of your personal data?
Bijou Beauty Therapy,
First Floor, 67 High Street, Great Missenden, Buckinghamshire, HP16 0AL,
Where do we store your data?
The data that we collect from you is stored within a secure Outlook contacts folder and also within a secure Mailchimp account, which is used as a third party platform whereby Melissa Buckingham uses the data intended for occasional marketing emails/ newsletters or updates.
Who can access your data?
Your data may be shared within the Bijou Beauty Therapy company for vital interests only for the keeping of health records used in conjunction of treatments. We never pass on, sell or swap your data for marketing purposes to third parties.
Your provision of your personal information to us is completely voluntary. “Personal information” is information that can specifically identify you. We do not collect personal information unless you submit that information to us. Categories of personal information we may collect include:
- Identity Data, which includes name or other similar identifiers.
- Contact Data, which includes address, email address and telephone numbers.
- Vital Interests, which includes medical information such as any recent illnesses or operations, allergies, medications or anything that may contra-indicate a treatment and put the individual at any risk.
Additionally, we may also collect certain others types of information that, along with Identity Data and Contact Data, may be considered and specifically named “personal data” in certain jurisdictions, including the European Union (“EU”), such as:
- Financial Data, which includes credit card, debit card or other payment card details.
- Transaction Data, which includes details about payments to and from you.
- Technical Data, which includes internet protocol (IP) address, location data, your login data, and device and browser information.
- Usage Data, which includes information about how you use our Website and advertising we serve on those sites.
- Marketing and Communications Data, which includes your preferences in receiving marketing from us
We use different methods to collect data from and about you including through:
Direct interactions: You may give us your information by registering or contacting us. This includes information you provide when you:
- subscribe to our service or publications;
- during the initial treatment consulation
- purchase product(s) on our website(s)
- request marketing to be sent to you; or
- give us feedback.
Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data and Usage Data about you. Some of the ways in which we or our website may collect are further described below:
- Clickstream Data: As you use the Internet, a trail of electronic information is left at each website you visit. This information, sometimes referred to as “clickstream data,” can be collected and stored by a website’s server. For example, clickstream data can tell the type of computer and browsing software you use and the address of the website from which you linked to the website. The website may collect and use clickstream data as a form of aggregate information to anonymously determine how much time visitors spend on each page of our website, how visitors navigate throughout the Website and how we may tailor our website to better meet the needs of visitors. This information often will be used to improve our website and our services. Any collection or use of clickstream data will be anonymous and aggregated and will not intentionally contain any personal information.
INFORMATION USE AND SHARING
Subject to the section titled “Additional EU Disclosures”, we use information held about you to perform our services and for other purposes outlined below. Specifically, we use your information for a variety of purposes:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- To perform specific services that you have requested.
To respond to your direct inquiries.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- To send you marketing materials (see below)
- Where we need to comply with a legal or regulatory obligation.
Subject to the section titled “Additional EU Disclosures”, we may share the information we collect about you with certain third parties in the following ways:
- To use certain services on our website, payment card information may be requested. We may ask you for credit card, debit card, or other payment information. By submitting your payment information through our websites, to the extent permitted by applicable law, you expressly consent to the sharing of your information with third-party payment processors, and other third-party service providers.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them, if we are part of a bankruptcy proceeding or other change in control.
- Third parties to whom we need to share your information to investigate suspected fraud, harassment or other violations of any law, rule or regulation, or the policies for the website.
THIRD-PARTY LINKS AND SOCIAL NETWORKING SERVICES
The Website may integrate with social networking services. You understand that we do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our Website, we are doing so merely as an accommodation and, like you, are relying upon those third-party services to operate properly and fairly.
You should be aware that information which you voluntarily include and transmit online in a publicly accessible blog, social network or otherwise online may be viewed and used by others. We are unable to control such uses of your information, and by using such services you assume the risk that the information provided by you may be viewed and used by third parties.
We have put in place appropriate security measures to prevent information about you from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed; however, due to the inherent open nature of the Internet, we cannot ensure or warrant the security of any information provided online. We have put in place procedures to deal with any suspected data breach that will affect you and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for your information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see Request erasure below for further information.
In some circumstances we may anonymize information about you (so that it can no longer be associated with you) for research or statistical purposes in which case we may use and retain this information indefinitely without further notice to you.
What are your rights?
Right to access:
You have the right to request information about the personal data we hold on you at any time. You can contact Bijou Beauty Therapy and we will provide you with your personal data via e-mail.
Right to portability:
Whenever Bijou Beauty Therapy processes your personal data, by automated means based on your consent or based on an agreement, you have the right to get a copy of your data transferred to you or to another party. This only includes the personal data you have submitted to us.
Right to rectification:
You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed.
Right to erasure:
You have the right to erase any personal data processed by Bijou Beauty Therapy at any time except for the following situations:
*you have an unsettled debt with Bijou Beauty Therapy, regardless of the payment method
*if you are suspected or have misused our services within the last four years
*your debt has been sold to a third party within the last three years or one year for deceased customers
*your credit application has been rejected within the last three months
*if you have made any purchase, we will keep your personal data in connection to your transaction for book-keeping purposes
Your right to object to processing based on legitimate interest:
You have the right to object to processing of your personal data that is based on Bijou Beauty Therapy legitimate interest. Bijou Beauty Therapy will not continue to process the personal data unless we can demostrate legitimate grounds for the process which overrides your interest and rights or due to legal claims.
Your right to object to direct marketing:
You have the right to object to direct marketing, including profiling analysis made for direct marketing purposes.
You can opt out from direct marketing by the following means:
* following the instruction to ‘unsubscribe’ in each marketing emails.
Right to restriction:
You have the right to request that Bijou Beauty Therapy restricts the process of your personal data under the following circumstances:
* if you object to a processing based Bijou Beauty Therapy‘s legitimate interest, Bijou Beauty Therapy shall restrict all processing of such data pending the verification of the legitimate interest.
* if you have claim that your personal data is incorrect, Bijou Beauty Therapy must restrict all processing of such data pending the verification of the accuracy of the personal data.
* if the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead
* if Bijou Beauty Therapy no longer needs the personal data but it is required by you to defend legal claims.
How can you exercise your rights?
We take data protection very seriously and therefore we intend to handle your requests in relation to your rights stated above. You can contact us directly via email at firstname.lastname@example.org
Right to complain with a supervisory authority:
If you consider Bijou Beauty Therapy to process your personal data in an incorrect way you can contact us. You also have the right to raise a complaint to a supervisory authority.
Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.