top of page

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Demi Beaute is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. This privacy notice makes you aware of how and why your personal data will be used and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  - Used lawfully, fairly and in a transparent way.

  - Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

  - Relevant to the purposes we have told you about and limited only to those purposes.

  - Accurate and kept up to date.

  - Kept only as long as necessary for the purposes we have told you about.

  - Kept securely.

Your personal information is collected by us when you and your technician complete our client record card.

This includes identity data, contact data and information about your health.

Information about your health is a special category of personal data which has enhanced data protection rights.

How we will use information about you

We will use the personal information we collect about you to:

perform the contract we are about to enter into or have entered into with you;

to comply with legal or regulatory requirements; and

where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We also need to process your personal information to decide whether to enter into a contract with you.

How we use particularly sensitive personal information

We will use your medical information to determine whether a particular treatment or product is suitable for you and to assist us with any issues that arise followin

g treatment as a result of certain conditions or medication.

We may also process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests).

Data Sharing

We will only disclose your personal data to third parties where required by law or to our employees or third-party service providers who require such information to assist us with administering the relationship with you. Third-party service providers may include, but not be limited to data storage or hosting providers. These third-party service providers may be located outside of the UK. We require all third-party service providers to implement appropriate security measures to protect your personal data consistent with our policies and any data security obligations applicable to us.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business

need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

How long will you use my information for?

We will not usually retain your personal information for more than 7 years from the date of your treatment. We have a legitimate business interest to retain your data for this period. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

Your rights in connection with personal information

  - Under certain circumstances, by law you have the right to:

  - Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are  lawfully  processing it.

  - Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  - Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

  - Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

  - Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

  - Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Demi Yates in writing to 169 Ash Hill Road, Ash Vale, Aldershot, Surrey, GU125DW.

  - Right to withdraw consent.  You have the right to withdraw your consent to us processing your personal data at any time. To withdraw your consent, please contact Demi Beaute. Once we have received notification that you have withdrawn your consent we will dispose of your personal data securely.

Demi Beaute - Edited Logo 2019-02 (2).pn
bottom of page