UPDATED ON 1ST JUNE 2020
When you give your personal details to Lime Studio, they are stored and processed for the following reasons in compliance with the Data protection Act 2018, which includes the General Data Protection Regulation (GDPR):
We need to collect personal information about your general health and any known medical conditions or allergies in order to provide you with the best care whilst in for your treatment(s). Your treatment request, and our agreement to provide that service, constitutes a contract. You can refuse to provide the information, however in doing so we would not be able to provide this service.
We have a legitimate interest in collecting that information, to ensure that we can carry out the treatment or service effectively and safely.
It is important that we can contact you in order to confirm, change, cancel or remind you about appointments you have with us. This again constitutes legitimate interest; it is in your best interest that we have the correct contact details for you.
Provided we have your consent, we may contact you regarding your appointments and occasionally for payments (e.g. deposits). We may also require consent to use your photograph or any video of you on Social Media platforms and/or website. In general, we do not send marketing emails or texts as most of our promotions will be on our Social Media platforms. You may withdraw this consent at any time – by contacting us via email, phone or in person.
We have a legal obligation to retain your records indefinitely in order to provide you with the best possible service and for future reference.
Your medical/health information and treatment records will be stored on paper, in a locked cupboard, and the salon is always locked out of working hours. Our online booking system ‘Ovatu’ will store your full name, telephone number, email address and appointment details. Ovatu has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is password protected, the passwords are changed regularly and the system is backed up regularly. We also use Social Media as a way for you to get in touch with us regarding enquires and booking appointments.
Your contact details such as full name, telephone number and email address may be on our correspondence via text, email, Facebook Messenger, Instagram Direct Messages, and Twitter Direct Messages all of which are password protected and passwords are changed regularly.
We will never share your data with anyone who does not need access without your written consent. Only the following people will have routine access to your data:
- Our booking system provider (Ovatu) who store appointment records and client information such as full name, email address, telephone number securely online.
- Staff at Lime Studio will have access to all information so that they can provide you with treatment, organise schedules and appointments.
- Other administrative staff, such as our accountants. Administrative staff will not have access to your medical/health information or treatment, just your essential contact details.
- Due to Covid-19, the Isle of Man Government have requested that we will provide them with your full name, contact number and date of your appointment for contact tracing purposes. This information will only be given out on request if there is a possibility that you have been in contact with a confirmed positive Coronavirus case.
All the above service providers and/or contractors are “Data Processors” and have their own Privacy Policies which are GDPR compliant.
From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your medical/health information). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Please help us to keep the most up to date details for you by keeping us informed of any changes.
Provided the legal minimum period has elapsed, you can also ask us to erase your records.
We want you to be confident that we are treating your personal data responsibly and that we are doing everything to make sure that the only people who can access that data have a genuine need to do so.
If you feel that we are mishandling your personal data in anyway, you have the right to complain.
Complaints need to be sent to the Data Controller who can be contacted below:
Unit 2 Tower House, Castle Street, Douglas, Isle of Man, IM1 2EU.
If you are not satisfied with our response, then you have the right to raise the matter with the Isle of Man Government’s Information Commissioner’s Office.