At Luxe Beauty Lounge we take your personal data very seriously and that's why we want to let you know why and how we collect and store your personal details in accordance with the new GDPR legislation that came into effect on 25th May 2018.
How we collect your data
We collect your data in several ways at Luxe Beauty Lounge, as detailed below. 1. In the salon using a printed Client consultation form, further details of all information collected can be found below under the heading 'What personal data we collect and why'. We then store your name, address, date of birth, email address, treatment history and any medical alerts on our secure digital cloud system PHOREST. 2. Contact Form- This is a contact form on our website for you to contact us with enquiries. We ask for your name, email address and to leave a comment, you will NOT be added to our mailing list for using this. 3. Social Media- You may contact us via Face book messenger or other networks and we will reply to your message but we DO NOT PAY TO USE YOUR PERSONAL DATA FROM SOCIAL MEDIA.
What personal data we collect and why
When arriving for your appointment at the salon we will ask you to complete a client record card. We require the below personal details from you and have given a legal reason why we need these. 1. Your full name- so we can address you in the salon and ensure all communication is with the correct person. 2. Date of birth, to help us distinguish 2 clients with identical names and also for the emergency services in case of an emergency at the salon (yes it has happened before). 3. Address- to aid the emergency services in case of an emergency whilst at the salon. If any of your loved ones contact us to send you a gift voucher. 4. Email address- to send booking confirmations and 48 hour reminders. 5. Medical history including operations, diseases, disorders- medical history is crucial to allow us to perform our treatments safely and adhere to the terms of our insurance. 6. Allergies- to ensure nothing we use during a treatment or around the salon can cause you harm, irritation or any other complications and to adhere to the terms of our insurance. 7. Medication- some medication can be a contraindication to treatment or react with products we use. It is essential we know details to protect you the client and adhere to our insurance terms. 8. Patch testing- this is a skin test we carry out in the salon to test for potential allergic reactions to certain treatments, It needs to be repeated if you have not visited us for a year or more. We keep this on file so all therapists know you are able to have that treatment and in the event of a reaction we know what was used and when. 9. Treatment history- this is so each therapist can see what and how the last therapist carried out a treatment on you to ensure results are consistent amongst all staff. 10. Your consent- we require you to read and sign a paragraph that allows us to obtain this information lawfully from you and legally store it in accordance with GDPR. | 11. Your contact preferences- if you wish to be on our mailing list you must opt in otherwise we cannot legally send you our newsletters and special offers. 12. Your consent to use treatment photos- some of our treatments involve before and after photos on salon devices to aid the client experience and proof of progress/ treatment. Sometimes we like to use these on social media and need your permission to do so. Mainly, but not limited to, nails, eyelashes
13. Your signature- to prove it was you that was present in the salon and that you answered all the above to the best of your knowledge and honestly. That you agree to Luxe Beauty Lounge holding your data on our online booking system database (Phorest) and on paper form in our secure locked filing cabinets.
How your data is stored
Your data is in digital and paper form at Luxe Beauty Lounge. Paper copies of consultation forms are stored alphabetically in a locked filing cabinet that only staff of Luxe Beauty Lounge have access to. Digital information is stored using Phorest online booking system with cloud software and is password protected. Only Luxe Beauty Lounge staff have this password and certain areas are restricted even further to management only. Electronic devices at Luxe Beauty Lounge comprise of a desktop computer, laptop and IPad,or tablet all of which are password protected. The IPad contains some client images from previous treatments with client permission and are not used for any marketing purposes other than agreed by the client in their consultation form. Photos do not contain personal details or clients full face.
How long we hold your personal data for
We will hold your data for up to 4 years unless you ask us otherwise as we appreciate some clients visit us weekly whereas some might come yearly. In order to continue to provide the client with the best service possible we need these records to see exactly what treatments were performed, reactions, likes, dislikes, patch tests, products used etc plus insurance require us to hold on to client data for 4 years.
With a client base in excess of 1500 we do need a little help to deliver our email confirmation, 48 hour reminders, failure to show notices, newsletters and emails. We use Phorest who have updated their software to comply with the new GDPR Legislation. We DONOT sell or share your personal data with anyone. No other third party including our accountant has any client personal data. Your data control officer for Luxe Beauty Lounge is Rachael Dover. In the event of a breach of personal data you will be contacted by the above-mentioned person within 72 hours of discovery. You have the right to be forgotten. If at any time you no longer wish to be on Luxe Beauty Lounge database that's not a problem, simply send an email to Rachael at firstname.lastname@example.org and I will personally remove your digital file if you have one and cross shred your paper file and ensure if you opted onto our mailing list that this is also removed, or you can unsubscribe.
You have the right to access your personal data that Luxe Beauty Lounge holds and the right to rectification if it is incomplete, incorrect or out of date. You also have the right to Data Portability if you wish us to transfer some personal data, maybe patch test results if you're moving town to another salon. You also have the right to object to processing and direct marketing. Your data can remain in one place but not used.