Privacy Notice.
This Privacy Notice will help you understand how I collect, use and protect your personal information.
The Data Protection Act 1998 is changing to the General Data Protection Regulation. This Privacy Notice will explain how it affects you, as an individual and help you understand, why, and how I store your information in compliance with the new GDPR act that is to be implemented from the 25th May 2018.
Information That I Hold
I hold records of your personal data which includes:
-
Name
-
Address
-
Date of birth
-
Gender
-
Contact details, including telephone numbers and email address
-
Treatment information. skin test, date of treatment, treatment carried out, products used, and any contradictions or allergies.
Why Do I Hold This data?
It is a legal requirement in accordance of the Laws of England and Wales that I must collect, use and retain this personal data from you, my client. I also use this data as a way of contacting you to book, rebook or cancel appointments.
-
Address: I supply my services to you at home or at your chosen venue so an account of your contact details, address or venue address will be stored for future reference.
-
Telephone: Confirmation and appointment reminders, offers, updates to prices and changes to my working schedule.
-
Email: For appointment purposes only if that is your preferred contact method.
How Do I Collect This Information?
I collect this information from you, the client when we enter a client/therapist agreement and when you make an enquiry or a booking, cancellation via a telephone conversation, email, or text message.
During the consultation/treatment, all records will be noted afterwards. This personal data moves around with me from my office to your house in paper form and then the consultation and treatment notes are written up after each appointment and securely stored.
Who Can Access This Information?
This information is solely used by Hayley Laws and no other third party. Your data will only be passed on to my insurance company in the event of a claim against Hayley Laws to protect you, the client and Hayley Laws.
This data is kept private and confidential by Hayley Laws. It is a private agreement by you, the client and Hayley Laws.
Where Is This Data Held?
A digital copy of your data is securely stored in Google Drive with encryption in transit and at rest. All hard copies are stored in a secure locked unit. Hard copy's will leave the business premises in transit to you the client and returned to the secure unit. Telephone numbers are stored on a mobile device that is secured with a password.
Individual Rights
-
It is your right to be informed of how I collect, use and retain your personal information. It is your right to be informed of these recent changes to this Privacy Notice in compliance with the new GDPR law, and how it affects you as an individual and your rights.
-
It is your right to request access to any of your personal information I store and any treatment that has taken place in the past 7 years.
-
It is your right for you to opt out from Haley Laws using your telephone number for purposes other than booking appointments. You will no longer receive: confirmation and appointment reminders, offers, updates to prices and changes to my working schedule.
-
It is your right to opt out from using your email for purposes other than booking an appointment.
Access Request
It is your right to obtain access to, and copies of the personal information that I hold about you. To request a copy of these records, please email Hayley Laws personally at haylaws@gmail.com.
I, Hayley laws will have a month to comply to this request and a copy of your records will be sent over to you securely. This copy will be sent solely by Hayley laws and no other third party.
Your Consent
This is a contract between you as the client and Hayley Laws when you agree to purchase a product or a service from me. Therefore, I can legally process your personal data for me to deliver that service or product as long as I process and store it in compliance with GDPR. It is with your consent that I can collect this data, use and retain it for 7 years in accordance with the Laws of England and Wales. Changes to your personal details will be updated as changes occur, and the old details shredded and securely destroyed solely by Hayley Laws and no other third party.
For Under 18s
Consent must be obtained by the parent or guardian or any persons holding “parental responsibility” for said child.
Records will be saved for 7 years after the reach the age of 18.
The privacy policy will apply as usual.
Data Breaches
In the event of a breach, a full investigation will take place in how and why this breach happened. In an event of this happening, those concerned will be notified directly by Hayley laws. The Breach will be reported to the Information Commissioners Office within 72 hours.
These records will be stored for up to 7 years under the new data protection act. After 7 years from the last appointment date recorded paper copies will be securely shredded and all computer copies will be deleted. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice because of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact Hayley laws.
Website Policy
This company is hosted on the Wix.com platform. Wix.com provides me with the online platform that allows me to sell my products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
I receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. I also collect personally identifiable information (including name, email) when you send an enquiry.
We collect such Non-personal and Personal Information for the following purposes:
-
To provide and operate the Services;
-
To provide our Users with ongoing customer assistance and technical support;
-
To be able to contact our Visitors and Users with general or personalized service-related notices andpromotional messages;
-
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
-
To comply with any applicable laws and regulations.
Online store.
When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements. We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.edit card information by our store and its service providers. The above is kept on record to allow a quicker delivery process should you order from the store again. I do not hold any credit/debit card details as PayPal is my method of payment. Please refer to PayPal for credit/debit card private policy.
Information and data collected online through this website or otherwise supplied to Hayley Laws will only be used for its intended purpose. No information will be given by Hayley Laws to any third parties or agencies.
No personal information will be stored on this site. All and any data received from applicants will be deleted when they are no longer required.
We confirm that where you give us confidential information we shall at all times keep it confidential, except as required by law or as provided for in regulatory, ethical or other professional pronouncements applicable to our engagement.
You agree that it will be sufficient compliance with our duty of confidence for us to take such steps as we in good faith think fit to preserve confidential information both during and after termination of this engagement
Cookie Policy
What is a cookie?
A cookie is a small file which is sent to your computer, phone or tablet (or any other web access device) by a website These files can then be accessed by that website as and when you visit it. Find out more about the use of cookies on AboutCookies.org and cookiecentral.com.
Why do we use cookies?
We use cookies to ensure that certain aspects of our website and its functionality work efficiently and correctly.
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact Hayley Laws at haylaws@gmail.com
This data will not be shared with any third-party companies.