Reviewed May 2018
- What data we have and why we have it.
- How we manage our data.
- Who is responsible for our data.
- How we train our team.
- What we will do if the worst happens
What Data we have and why we have it?
In order to carry out our services we need to acquire and store data or information about our stakeholders (Customer, Sub contractors, Suppliers and Employees). With out this information we would not be able to create a working relationship with our stakeholder or provide a service to the best of our ability’s. This personal / sensitive information is collected and dealt with as set out in the GDPR. Some examples of this are laid out below.
|Collection||Purpose||How is it stored||Who uses it||Is it shared|
|Full name and Title||To address you personally in our communications and so that we can differentiate who is who using last names.||This is stored on a CRM system with the office premises.||Every employee of the company||Never without notification.|
|Email Address||To correspond when possible. Email if a very efficient, cost effective and environmental friendly way to correspond with our stakeholders||This is stored on our computer system with in the salon premises.||Management Team.Administration Team||Never without notification|
|Physical Addresses||To Correspond when email is no applicable or convenient.||This is stored on our computer system with in the salon premises Physical copies of these correspondents may be stored with in the premise of the salon when appropriate the physical location of these copy’s is secure and in line with GDPR guidelines.||Management teamAdministration team||Never without notification|
|Telephone Number||To Correspond||This is stored on our computer system with in the salon premises.||Management teamAdministration teamStaff||Never without notification|
Please be aware that the above are example as we deal with a variety of different people and situations the most effective way to be aware of all information held about yourself it to get in contact with us.
Hair Secrets does not share data with other agencies apart from those outlined in the document notes and ensure that personal information is treated lawfully and correctly We will adhere to the Principles of Data Protection, as detailed in the Data Protection Act 1998.Specifically, the Principles require that personal information:
- Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met,
- Shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with that purpose or those purposes,
- Shall be adequate, relevant and not excessive in relation to those purpose(s)
- Shall be accurate and kept up to date,
- Shall not be kept for longer than is necessary,
- Shall be processed in accordance with the rights of data subjects under the Act,
- Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information,
- Shall not be transferred to a country or territory outside the UK.
Through appropriate management and strict application of criteria and control Hair Secrets:
- Ensure the correct condition are in place to only collect and use any Data in a fair and professional manner.
- To meet our legal obligation and clearly specify which information in requires and how it is used. Only extending the information collected and stored if it is needed to fulfil its operational needs or to comply with any legal requirements
- Ensure that the correct technical and organisational security measures are in place to protect personal information.
- Ensure that the rights of people about whom information is held, can be fully exercised under the Act. These include:
- The right to be informed that processing is being undertaken,
- The right of access to one’s personal information
- The right to prevent processing in certain circumstances and
- The right to correct, rectify, block or erase information which is regarded as wrong information
Informed consent is achieved with a good working relationship with out stakeholder
- Ensuring they are aware of what information we hold/ collect, and the uses of this information is clear.
- Restricting the use of information that they may not wish for us to hold or share and explaining the possible consequences of refusing the proposed use of information.
- Lastly and simply them giving their consent.
Information, data and records relating to our stakeholder will be stored securely and will only be accessible to authorised staff or accredited subcontractors. Any information that is stored will only be kept for as long as require and destroyed appropriate and in line with the rules/ regulations and guidelines of GDPR and the Data Protection act 1998.
Data access and accuracy
All Hair Secrets stakeholders have the right to access and review the information/ Data that we hold on them. Hair Secrets will also strive to keep our information up to date by making reasonable contact with our stake holder and asking them if any think has changed.
- In addition will ensure that:
- We deals efficiently and effectively with any enquiries about handling personal information
- We clearly define and explain how we handle Personal information.
- Every staff member of staff that has excess to and handles information surround our stakeholders will;
- Be aware that they are contractually responsible for following good data protection practice
- Be trained to do so
- be appropriately motored and supervised.
- aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them
- Will carry out regular reviews and audit of the information stored, how it is managed and how it is stored.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.
In case of any queries or questions in relation to this policy please contact us.