The Rejuvenation Room AESTHETIC NURSE
Privacy Policy
For the purpose of this privacy policy; 'We' or 'Us' refers to The Rejuvenation Room and 'You' refers to yourself, the prospective or actual client.
1) The type of personal information we collect
The Rejuvenation Room collects and process the following information:
-
Personal data such as name, date of birth, address, email address, telephone number, registered GP, and emergency contact information
-
Sensitive data such as medical history, medications and aesthetic history
-
Protected characteristics (race, religion, sexual orientation, gender, age, disability, pregnancy and maternity status)
We will refer to personal, sensitive and protected data collectively as ‘personal information’ throughout this privacy policy.
2) How we get the personal information and why we have it
The personal information processed by The Rejuvenation Room is provided directly by you the client, for one of the following purposes;
To open and maintain channels of communication between yourself and The Rejuvenation Room (such as to respond to any requests for call back or enquiry)
To assess suitability for the requested treatment
To form a record of care ensuring continuity, and to monitor effectiveness of any treatment
To ensure all legal and regulating body requirements are met
For internal auditing, to ensure high standards of care are met and maintained and,
To provide an accurate record of care for informing any future investigations following adverse incident or complaint
We may share this information only with your permission, unless required to do so by law.
3) Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are;
Your consent; you may withdraw consent at any time. You can do this by contacting The Rejuvenation Room directly on the contact details above
Contractual basis; we provide your requested service in exchange for a fee. The requested service requires processing and storage of your personal information for the purposes listed in section 2).
Legal and professional obligation; as found here
And
4) How we store your personal information
All personal information is securely stored within your client record.
We keep your client record containing all of the collected personal information for a period of 6 years.
Disposal of your personal information is carried out securely through cross-cut shredding and specialist uplift.
5) Your data protection rights
Under data protection law, you have rights including:
Right of access; you may ask us for copies of your personal information.
Right to rectification; should you suspect that information we hold in your record is inaccurate or incomplete, you may ask us to rectify this information.
Right to erasure; you may ask us to erase your personal information in certain circumstances.
Right to restriction of processing ; you may ask us to restrict the processing of your personal information in certain circumstances.
Right to object to processing: you have the the right to object to the processing of your personal information in certain circumstances.
Right to data portability; you may ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us if you wish to make a request.
6) How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us directly.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk