Havana Tanning Lounge Ltd ( hereafter HTL) takes your privacy very seriously. This policy explains our data processing practices.
Our contact details are:
Data Controller: Havana Tanning Lounge
Email Address: firstname.lastname@example.org
If you are not happy with any aspect of how we collect and use your data, you have the right to complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is important that the information we hold about you is accurate and up to date. Please let us know at any time if your personal information changes by emailing email@example.com
2 .What data does HTL collect about you?
Personal data means any information capable of identifying an individual; this does not include anonymous data.
At the time of booking your appointment, we will take your name and a contact telephone number or other means of contact.
At your initial appointment, we will ask for your name, date of birth, address, telephone number and email address. I will also ask for your emergency contact and their telephone number, as well as relevant medical information which may impact on the treatments we provide, and the GP you are registered to along with their surgery contact details. This information will be entered onto a client consultation card which we will ask you to sign, to confirm that it is correct.
At the end of your appointment we will record the date, your treatment and price paid on your treatment record card. We will also ask you to sign this to confirm that you are happy with the treatment you have received and that you have received the relevant and appropriate aftercare advice.
For each client attending an appointment on or after 25th May 2018, we will ask you to sign a one-time privacy agreement, which will be stored with your client consultation card & treatment record(s). You may ask to see this agreement again at any time.
Any purchase of products from us will also be recorded, with the date, your name, the product purchased and price paid.
The above information will also be stored in an electronic format on a password-protected Havana Tanning Lounge account.
3. How does HTL collect your personal data?
We collect data about you through a variety of methods, including:
You may provide data by filling in the above forms, and by communicating with me by post, telephone, email, social media accounts or otherwise, including when you:
– book an appointment
– order a product or service
– request resources (e.g price list) be sent to you
– leave us a review or provide other feedback
~ Third parties or publicly available sources
We may receive personal data about you from various sources such as:
– advertising networks such as Facebook based outside the EU
– analytics providers such as Google based outside the EU
4. How does HTL use your personal data?
We do not use the personal information you provide for anything other than to contact you regarding your appointment, or for matters relating to your visit to our salon and products we provide.
We will only use your personal data when legally permitted. The most common uses of your personal data are:
– Where we need to comply with a legal or regulatory obligation; or
– Where we need to perform the contract between us; or
– Where it is necessary for HTL s legitimate interests (or those of a third party); and your interests and fundamental rights do not override those interests
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at firstname.lastname@example.org.
You may receive marketing communications from us if you have provided me with your details when:
– Attending an appointment; or
– Enquiring about our services; or
– Following HTL account on social media;
– Purchasing a product from HTL
– In each case you have not opted out of receiving that marketing.
You may request that Havana Tanning Lounge (HTL) stops sending you marketing communication at any time by emailing us at email@example.com. If you opt out of receiving marketing communication, this will not apply to personal data provided to us as a result of treatments received.
We will not share your personal data with third party for marketing communication.
WE will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email firstname.lastname@example.org. We may process your personal data without your knowledge or consent where this is required or permitted by law.
5. Disclosure of your personal data
We may have to share your personal data with the parties set out below for the purposes set out above:
Service providers who provide IT and system administration services.
Third party service providers who are contracted to Havana Tanning Lounge in the course of dealing with your request.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We will only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
6. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we will limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Data retention
We are required to keep such information for legal and insurance purposes. will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements. All records are kept for a period of 7 years from the most recent appointment, after which the record will be securely destroyed.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8. Your legal rights
You have a right to view the information we keep which relates to you, and you may also request that this information is changed, corrected or securely destroyed.
You may request that once we have your details written on a record card that we delete any previous message(s) sent to our email or HTL social media accounts which contain your personal information.
Please note that if you request that I erase or destroy your personal data entirely I will no longer be able to carry out treatments for you.
You can see more about these rights at: https://ico.org.uk/…/guide-to-the-genera…/individual-rights/
If you wish to exercise any of the rights set out above, please email us at email@example.com You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request, in order to speed up our response.
We will try to respond to all legitimate requests within 28 days. Occasionally it may take us longer than this time if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.