GDPR PRIVACY NOTICE

(Why Innerlather collects your personal data and what is done with it)

When you supply your personal information to Innerlather it is stored and processed for the following reasons:

• I need to collect some personal information about you and your health in order to make sure there are no contraindications to your treatment. It is also a requirement for me to be compliant with the British Association of Beauty Therapy and Cosmetology (BABTAC) policies. You can of course, refuse to provide the information, however unfortunately I would have to refuse your treatment as this form is a legal requirement for my insurances.

• Provided I have your consent I may occasionally send you emails with the latest news and offers.

• I have a legal obligation to retain your records for seven years after your most recent appointment. After this time your records will be destroyed in a method compliant with GDPR.

• Records retained on paper, which is locked in a cabinet within the salon, are only accessible by me.

• Records recorded on the computer are password protected and is only accessible by me.

• Your phone number and email may be used electronically, with your permission. This is for appointment reminders or occasional offers. My devices are password protected.

• If you wish to contact me via social media, this is password protected on my devices. (For historic issues with privacy associated with social media sites, you may wish to think about what you post publicly on my sites).

• I will never share your data with anyone without your consent.

• You have the right to see what personal data of yours I hold and you can ask me to correct any factual errors. Provided the legal minimum period has elapsed, you may also ask me to erase your records.

• I would like you to be absolutely confident that I treat your personal data responsibly. If you feel I have mishandled your data in some way, you have the right to make a formal complaint.