What the new privacy laws mean for you as an individual – from the official GDPR website:
General Data Protection Regulation (GDPR) from 25th May 2018 replaced previous data protection laws
in the European Union.The new law gives individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations. The GDPR also imposes corresponding and greatly increased obligations on organisations that collect this data. Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
The GDPR is based on the core principles of data protection which exist under the current law. These principles require organisations and businesses to:
- collect no more data than is necessary from an individual for the purpose for which it will be used;
- obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose;
- retain the data for no longer than is necessary for that specified purpose;
- to keep data safe and secure; and
- Provide an individual with a copy of his or her personal data if they request it.
Under the GDPR individuals have the significantly strengthened rights to:
- obtain details about how their data is processed by an organisation or business;
- obtain copies of personal data that an organisation holds on them;
- have incorrect or incomplete data corrected;
- have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data;
- obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability);
- object to the processing of their data by an organisation in certain circumstances;
- not to be subject to (with some exceptions) automated decision making, including profiling.
Organisations and businesses collecting and processing personal data will be required to meet a very high standard in how they collect, use and protect data. Very importantly, organisations must always be fully transparent to individuals about how they are using and safeguarding personal data, including by providing this information in easily accessible, concise, easy to understand and clear language.
For organisations and businesses who breach the law, the Data Protection Commissioner is being given more robust powers to impose very substantial sanctions including the power to impose fines. Under the new law, the DPC will be able to fine organisations up to €20 million (or 4% of total global turnover) for the most serious infringements.
The GDPR will also permit individuals to seek compensation through the courts for breaches of their data privacy rights, including in circumstances where no material damage or financial loss has been suffered.
It is our policy to collect, process and share your Data provided to us by you in order to carry out the services requested by you and any contact in relation to those services only. Your Data will not be used for any other purposes other than those explicitly stated in this policy or requested by you in your dealings with us.
This Privacy Policy describes how we collect, use, protect, process and share your personal data (Data) when you book appointments online with us, directly with us and avail of treatments with us or otherwise interact with us.
This Calm Beauty Privacy Policy does not apply to the information processed by third parties on behalf of Calm Beauty, however we have reviewed their Privacy Policy’s and are happy they meet General Data Protection Regulations 2018 (GDPR) standards.
We may update this Privacy Policy at any time to ensure we can carry out the services we provide in the most effective and efficient way possible. If we make changes we will notify you by revising the date on our published document on our website and in clinic, or for more substantial changes by contracting you via email or text to seek consent.
You are hereby informed that the Data that you provide is collected, used, protected, processed and shared by the clinic directors/owners, Jenny Faison and Jenny Fitzpatrick.
We may collect Data about our clients, prospects and visitors. Your Data are collected when you browse our website, contact us via email, phone or in person or through our website.
Data we collect fall into the following categories:
These Data are gathered directly from you via online booking and from direct communication with us, i.e. client intake form, emails, phone calls, transactions. Browsing history is collected via automated methods.
We process Data you provide directly to us, in particular when you complete a client intake form or book online.
For example, we collect Data when you create a booking, participate in a contest or promotion, register for an event or an online course, apply for a job, request customer support or otherwise communicate with us.
The Data may include the following data as well as any other type of information that we specifically request you to provide to us through our client intake forms, such as:
When you access or use our online services, we automatically collect the following information about you via Google Analytics:
We may use cookies, web beacon and other similar technologies on our online Services to collect information and provide you with the services or products that you have requested.
A “cookie” is a small text file that is placed onto an Internet user’s web browser or device and which is used to record information related to the navigation or the use of a device or a website. A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. They are also sometimes referred to as pixels and tags (also known as “tracking pixels”). It may be used in Our Services or emails and help deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.
We use cookies and other similar technologies to collect information for the purposes described in this Privacy Policy. We may also combine the information collected by these technologies with information we have collected about you by other means that are described in this Privacy Policy.
Some of the cookies are used for the exclusive purpose of enabling or facilitating communication or are strictly necessary for the provision of our online services.
These are essentially of session cookies for authenticating and connecting to our online services, as well as memorizing navigation items during a session.
You have the ability to decline cookies by changing the settings on your browser but this might prevent you from benefiting from some elements of our online services. You can also consult or destroy cookies if you wish, since they are stored on your hard disk.
We may also use these technologies for other purposes than our online service operation such as:
We inform you, in particular, that We use Google Analytics to collect information about use of our online services. We do not combine the information collected through the use of Google Analytics with personally identifiable information. We inform you that Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit our site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser. For more information on Google Analytics, please visit Google Analytics.
When you access or use our online services, one or more cookies from third party are likely to be placed on your equipment.
We inform you that we have no access and cannot exercise any control over third party cookies. However, we shall ensure that the partner companies agree to process the information collected on our online services in compliance with the GDPR and undertake to implement appropriate measures for securing and protecting the confidentiality of the Data.
We may use information about you for the following purposes:
According to the GDPR, each Data processing is performed on one of the following legal basis:
Our insurance providers require us to retain all records for a period of 7 years after the last appointment, or in the case of minors, for 7 years after their 18th birthday. We work off this for all data.
Card details when card payments are taken over the phone. The card number is input directly to the terminal and is never written or stored anywhere.
We hold transaction data indefinitely on our online system to provide best customer service.
Upon receiving a written request from you seeking Data transfer, we will provide a hardcopy copy of your original treatment notes with no alterations from the original. These will be handed in person or send by registered post within 30 days of receiving your request.
Upon receiving a request from you in regards to updating Data held by us, we will seek to correct our records at the earliest possible time.
We are committed to taking appropriate measures designed to keep your Data secure. Our technical, administrative and physical procedures are designed to protect Data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
Under the General Data Protection Regulations 2018 (GDPR) individuals have the significantly strengthened rights to:
Every precaution will be taken to avoid a breach of your Data, but if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Data Protection Commissioner will be informed, An Garda Siochana and financial institutions will be contacted for assistance and you will be contacted to help you take steps to mitigate the risks to yourself, if it is deemed a severe enough breach as to put you, your identity, your financial means etc. at risk.