Sophie Elise - Beauty Boutique
Being transparent and providing accessible information to individuals about how we will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR) May 2018.
The first principle of data protection is that personal data must be processed fairly and lawfully. The DPA says that in order for the processing to be fair, the data controller (Sophie Elise - Beauty Boutique) has to make certain information available to the data subjects (the individuals whom the data relates to), so far as practicable.
The code of best practice uses the term 'privacy notice' to describe all the privacy information that we make available or provide to data subjects when collecting information about them. For simple terms, please refer to the relevant privacy notice for the services you are requesting, which sets out the following criteria:
What information is being collected.
Who is collecting it.
Why is it being collected.
How will it be used.
Who will it be shared with.
Right of access to data
Methods for un-subscription
These techniques allow us to give data subjects greater choice and control over how their personal data is used and demonstrates that we are using personal data fairly and transparently.
In broader terms, an individual's data will be collected to administer the products, services or information requested.
Sophie Elise - Beauty Boutique collects data for the purpose of legitimate interest and this may include (but not be limited to) title, first name, surname, address, telephone numbers, email address and where provided, status of health, age and gender. In certain circumstances, in order to administer a booking or services being purchased/requested, we may request some personal details of the other guests within the booking or the recipient of other goods or services.
Once data has been collected it will be stored in a secure database and will only be used to confirm bookings and pre-arrival details, to complete transactions for purchases, to advise of offers/promotions or any other relevant information in administrating and fulfilling requests.
Data will be retained for a period of time that is deemed suitable for the purpose of being relevant, which may vary according to the services requested. Personal data can be removed at any time from our systems upon your request.
Personal data will not be shared, sold or passed to third parties.. We may give access to your information to our service providers in order to fulfil activities e.g. data cleansing and distribution, on our behalf. In such instances we only disclose information necessary to deliver the service required and we have a contract in place that states that our partners must keep information secure and confidential, and cannot use it for their own marketing purposes.
Data subjects have a right of access to the data we hold and should contact us in writing with any requests for access. Data subjects may also exercise their right to erasure provided they do so in writing, including any evidence or proof why we should no longer hold their data.
All requests will be considered and a response given within 72 hours. In exceptional cases, we may not agree to full erasure if a legitimate/legal reason for doing so exists.
People's expectations about personal data are constantly changing and data subjects are increasingly willing to share information on social media platforms. Where data has not been consciously provided by data subjects in this way, the requirement to be fair and transparent still arises. In such cases we will continue to be transparent about the processing of data and comply with the legal requirements to provide privacy information via our Privacy Impact Assessment (PIA). This is a methodology for assessing and mitigating the privacy risks involving personal data.
We will also consider the effect of our processing on the data subjects concerned to include the following main elements of fairness:
Using information in a way that people would reasonably expect.
The impact of processing data and any unjustified adverse effects for the individual.
Being transparent and ensuring that people know how their information will be used.
What will be the effect of this on the data subjects concerned.
Is the intended use likely to cause data subjects to object or complain.
We will ensure that data subjects are given appropriate control and choice. Where we need consent from an individual in order to process their information we will explain what we are asking them to agree to and why. To comply with the code, we will also make sure that where people do have a choice, they are given a genuine opportunity to exercise it and it will be given freely, be specific and allow the individual to be fully informed. Consent will also be revocable.