Data Safeguarding Policy

 This notice explains our commitment meet the requirements of the General Data Protection Regulation effective 25th May 2018.


The categories of personal information we process are:

  • Special category data including health information for healthcare delivery.
  • Client information for direct marketing by mail/email/text messaging.
  • Staff records for contracted/self-contracted personnel management.
  • Special category data including health records and CRB checks for contracted/self-contracted personnel management.

Data Collection

  • The law requires us to have a legal basis for processing personal data.
  • ‘Processing’ entails collection, creation, storage, amendment, erasure and disposal of information including contact details and ‘special category data’ relating to health information.
  • From 25th May 2018 Patient/Client/Personnel personal information must only be obtained by us with the consent, or in the case of health related information, with ‘explicit’ consent and a privacy policy is provided for this purpose.
  • Any information we obtain is considered the minimum necessary for us to provide the treatments requested and also for insurance purposes.
  • Our lawful basis for processing ‘special category data’ is ‘contract’ and this means that we have a legal reason to ask for the data because we need it for contractual reasons.
  • If personal data is not shared with us, we cannot offer a treatment. Patients/Clients must fulfil their side of the contract (share their personal information) in order for us to fulfil ours (carry out treatment).
  • Our lawful basis for processing personal information for marketing purposes is ‘consent’.
  • Information is never passed on to a third party unless we have been given permission to do so.
  • There are no mandatory periods for retaining personal data but retention should be no longer than necessary.
  • Consensus and/or regulation indicates that the minimum retention period for special data (medical, CRB information) is 7 years……the minimum retention period for staff/client data is 6 years…… payroll data should be retained for a minimum of 3 years.
  • Generally all Clients/patients/personnel have the following rights and they can usually be exercised free of charge. Reasons will be given if we are unable to comply with a request concerning personal data.

    The right to be informed – in a concise, transparent, intelligible and easily accessible way.
    The right of access – to have information held on file supplied within a month of request.
    The right of rectification – correcting inaccurate information or updating incomplete data.
    The right to erasure – but there may be an overriding contractual/legal requirement.
    The right to restrict processing – to place limits on how the information is used.
    The right to data portability – information provided may be forwarded to a third party.
    The right to object – particularly with respect to direct marketing.
    The right to complain – preferably to us in the first instance.

Our Website

  • We don’t collect personal data from individuals browsing our website. However, general information about visitor behaviour patterns is obtained using cookies.
  • No attempt is made to discover the identities of those browsing our website.
  • Our Data protection policy may be subject to change from time to time and updates will be posted on this website.
  • Like many websites, we use Google Analytics (GA) to track visitor interaction. This data is used to determine the number of people visiting our website so we can monitor how they find and use our web pages, and which pages they visit. Whilst GA does record data such as your geographical location, IP address, what device/internet browser you're using and your operating system, none of this information can personally identify you to us. GA also uses cookies and you can disable them in your internet browser.
  • If you contact us using the contact form on our website, or via an email link on one of our website pages, none of the data you provide will be stored in our website's database. Email enquiries we receive via the website are stored on a UK based server. Our office staff retrieve these emails and may store them on (or delete them from) the server, or their office computers in order to carry out their normal day-to-day activities efficiently. When contacting us via email, we recommend that you only provide us with information that you consider necessary for us to give you an accurate response. In other words, please avoid sending us confidential or otherwise sensitive information in your email.

More about cookies

A cookie is a small file which is placed on your computer's hard drive when you visit a website. We use cookies on this website to remember information about your browsing session but they aren't used to gather any personally identifiable information about you. In general, cookies help us provide you with a better website by enabling us to monitor which pages you visit and find useful. A cookie does NOT give us access to your computer.

You can choose to accept or decline cookies by altering the setting in your web browser e.g Chrome, Firefox etc. Although most web browsers automatically accept cookies, you can usually modify your browser setting to decline cookies to suit your preferences. However, this may affect your browsing experience. If you wish to prevent cookies from this website being stored on your computer, please disable them in your browser or navigate away and clear any cookies that have been set.

In general, cookies on this website are used for:

  • Analytical/performance purposes which allow us to recognise and calculate the number of visitors and to see how visitors navigate around the website when they are using it.
  • Sharing purposes – this allows you to share pages with social networks such as Facebook and Twitter.

Website hosting

This website is maintained by Smart Digital Solutions who use 34SP to provide a managed VPS (Virtual Private Server) hosting environment. The server is based in Manchester, UK. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

Data breaches

We take data breaches seriously. In accordance with the ICO's guidelines on this, we will report any unlawful personal data breach stored in an identifiable manner to the relevant individuals within 72 hours of becoming aware of it. This is dependent on whether or not it is deemed to be a 'high risk to the rights and freedoms of individuals'.

Changes to this Privacy Policy

This page may change from time to time to take into account an errors, omissions or changes of legislation. As it's not practical to notify all clients or website users of these changes, we recommend that you check this page occasionally for any changes.

Security

  • At this clinic, the vast majority of information retained is in hard copy format and held under lock and key. Authorised personnel have access only to the aspect of our service that they are personally involved in.
  • Appointments are stored on a computer and contact details are obtained to enable us to notify patients/clients in the event of a change of circumstance that prevents us from honouring the appointment.
  • In all cases a request is made prior to storing any personal information.
  • Computers are put into password protected mode if left unattended for any period of time.
  • Currently, address details are retained on computer only for those who have attended for treatments at this clinic, not for the slimming clinic.
  • Access to ‘special category data’ is available only to those who have undergone a Criminal Records Bureau check.
  • Awareness at all times is required to ensure others cannot overhear discussion about confidential information.
  • All person identifiable or confidential information is stored in locked storage places when access is not directly controlled or supervised.
  • Advice from the Data Controller should be obtained if there is a request to share patient/client/personnel identifiable information with any third party without the consent of the individual concerned.
  • We participate in training and awareness sessions on confidentiality issues.
  • Disposal of hard copy data is carried out by shredding or incineration as soon as the information is no longer required.

Complaints

In the first instance complaints about the way in which your data is processed should be directed to:

The Data Protection Officer
Briarswood Clinic
Hilton Road
Canvey Island
Essex, SS8 9XD                     or calling 01268 694065

If a satisfactory solution is not found the supervisory authority can be contacted at: https://ico.org.uk

Or by post to:              

The Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF                 or by calling:  0303 123 1113

               

Last reviewed 21/05/18

Our Reputation

Most new clients/patients find out about our Canvey Island salon through recommendation and therefore the safe, successful completion of your treatment is always our priority. Situated in a quiet residential area with easy, free parking, consider us if you prefer to avoid a busy high street after your treatment.

Qualified Team

It usually takes 2 years practical and academic training to qualify for NVQ level 2 and 3 or equivalent and this is the minimum standard required to be a therapist at this clinic. In addition, all salon team members currently have at least 12 years practical experience and ongoing academic training.

Your Appointment

Ever been let down by another salon? Our computerised system keeps track of your booking and can send an email reminder if required. Enjoy the chilled ambience and generous appointment times, especially for luxury treatments, but please aim to arrive 10 minutes early to relax and unwind.

Contact Us

In business for over 30 years

Briarswood Clinic

Hilton Road
Canvey Island
Essex SS8 9XD
Tel: 01268 694065
This email address is being protected from spambots. You need JavaScript enabled to view it.