GENERAL DATA PROTECTION REGULATIONS
"Boring But Essential"
Here at Lash & Brow Workshop we are committed to the protecting and respecting your privacy as well as ensuring that the data which we hold on clients is both accurate and only used with the explicit permission of the client.
Key Aspects Affecting Lash & Brow Clients
Right to Access
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format‘ and have the right to transmit that data to another controller.
More information on GDPR can be found at https://www.eugdpr.org
We keep records for a number of reasons in various formats which are explained in more detail below.
The Systems we use that Store Client Data
Our Online Booking System may contain your information if you have booked an appointment with us by telephone or online. It is web based and is secured with 128bit encryption.
Our Website has a number of forms such as for instance the Contact & News Letter Sign Up Form. If you have ever completed a form on our website your information will be held securely on our web server using SSL 128bit encryption.
Our Email Marketing System 'MailChimp' or 'Shout Out' may have a record of your name if you are a current client, have filled in a web based form or have entered a Facebook Competition.
(All of our emails have an 'unsubscribe' option in the footer. Please click this if you no longer wish to receive any of our emails.)
Our Lockable Filing Cabinet is used to store all client paper forms in which were mainly used in Lash & Brow Workshops early days. Nowadays we encourage clients to use our Online Forms, but in the event a paper form is filled in, it would be stored here. Only Kris, the owner of Lash & Brow Workshop, holds the key and has access.
What we use Your Data For
Name: We use your name for our appointment system so we know who is visiting each day. Your name is also used to personalise messages sent from our booking system, website, email marketing system and SMS/Text Based marketing system.
Email Address: Email Addresses are used in our booking system to send appointment confirmations and to send emails to you regarding appointments including request to fill in online Consultation Forms. In addition we use email addresses in our website to send confirmations of forms that have been completed and our email marketing system to send offers and newsletters.
Mobile Phone Number: Our booking system may hold your mobile phone number so that the system can send you reminder messages 24 hrs before your appointment and also so we can contact you should we need to discuss your appointment. Your mobile number (if we hold it) may also be used to send text based promotions and/or offers.
Home Phone Number: We may hold your home phone number in our booking system only if you do not have a mobile number or if you have not given us your mobile number. Your home phone number if we hold it would only be used to contact your about your appointment.
Your Address: We may hold your address if you have chosen to disclose it when booking an appointment online. We would use your address to send Birthday & Christmas Cards but also special offers if appropriate.
Your Date of Birth: We may hold your address if you have chosen to disclose it when booking an appointment online. The system uses this information to send you a birthday message the day before your birthday with a special offer.
Appointment Notes: Our booking system may hold appointment notes specific to your so that when you next come in for your next treatment we have a record of what products where used previously. In addition notes may be held which will aid your next treatment such as for instance expressed preferences and in the event of eyelash extensions also the lash mapping.
Consultation Forms: Our booking system may hold Consultation & Patch Test Forms which are undertaken online. These forms may contain Medical & Health Information which is required to ensure we can safely proceed with a certain treatment. This information is held on our secure web server.
Requesting Your Data to be Removed
You can contact us here should you wish to have some or all of your data removed from our systems. Be advised that no further treatments will be able to be conducted once removed. Your request will be actioned within 14 days and this entry itself will also be deleted once actioned.
Note that certain data (such as for instance Consultation/Patch Test Forms etc) we are required to keep for a minimum of 7 years (as advised by our Insurance Company) for establishment, exercise or defence of any legal claims.