Privacy Policy

Information Security and Data Protection Policy

Keeping your Records

Polished complies with the General Data Protection Regulation (GDPR) and this policy describes our procedure for ensuring that personal information about customers is processed fairly and lawfully.

What Personal Information do We Hold?

In order to carry out our services we do need to hold personal information about you. This personal data May comprise;

• Your name, Address including postcode, Telephone number and email address
• Dates of any patch tests and treatments you have had done with us.

Why do we hold information about you?

We keep basic and accurate personal data about our customers to ensure we know treatments you have received and to ensure your safety regarding products used.

How do we Process the data?

We will process personal data in the following way;

Retaining data – we will retain your records while you are a customer of ours and for 6 years thereafter for insurance purposes.

Security of Information – Personal data about you is held in our appointments system and is only accessible by Tracy Barclay, Emma Cocking, Ruth King and Chiara Miller, It is password protected at all times. Any client record cards are kept in salon and in our locked office.

Use of Data – We only use your data to contact you to confirm or remind you of an existing appointment made by yourself and no marketing purposes at any time.

Disclosure of Information – We do not disclose any personal information

Disclosure to third parties – In very limited circumstances such as required by law or court order personal data may have to be disclosed to the third party. In all other situations, disclosure that is not covered by this code of practice will only occur when we have your specific consent.

Access

You have the right to access the data we hold about you and to recive a copy. Acccess may be obtained by making a request in writing and you will receive a written copy within 10 working days.

You may also request deletion of your data, unless this breaches current legislation in regards to insurance purposes but all contact records (i.e. email and phone numbers) can be removed from the system.