At Daleswood Aesthetics we strive to ensure your data is kept safe and that we comply with the legal obligations of the Data Protection Act 2018 (the \u20182018 Act\u2019) and the EU General Data Protection Regulation (\u2018GDPR\u2019). The clinic gathers and uses data about workers, employees and consultants, both to manage our relationships with these individuals and in the course of conducting our business.<\/p>\n
This Data Protection Policy applies to current and former employees, workers, volunteers, consultants and apprentices (\u2018data subjects\u2019).<\/p>\n
The Clinic is a \u2018data controller\u2019 for the purposes of these individuals\u2019 personal data and is responsible for determining the purpose and means of the processing of that data.<\/p>\n
In line with our Records Retention Policy [*]and Computer and Data Security Procedure [*],the Clinic has measures in place to protect the security of individuals\u2019 data. A copy of this can be obtained from Ann-Lynn Neary, our Clinic Manager.<\/p>\n
The Clinic will retain data in accordance with our Records Retention Policy [*]. A copy of this can be obtained from Ann-Lynn Neary, Clinic Manager. This data will only be held for as long as is necessary for the purposes it has been collected.<\/p>\n
This policy has been created to be fully compliant with GDPR and the 2018 Act. Where any conflict arises between those laws and this policy, the Clinic will comply with the 2018 Act and the GDPR.<\/p>\n
This policy is separate from data subjects\u2019 contracts of employment (or contract for services) and can be amended by the Clinic at any time.<\/p>\n
The Clinic processes personal data in accordance with the six Data Protection Principles for GDPR identified by the ICO, which means it will:<\/p>\n
\u2018Personal data\u2019 is defined as information relating to a living person (\u2018data subject\u2019) that can be used to identify them on its own, OR in combination with other information likely to be collected by the Clinic. This applies whether the information is stored physically, electronically, or in any other format.<\/p>\n
It does not include anonymised data, but does include any expression of opinion about the person, or any indication of the intentions of the Clinic or others, in respect to that individual.<\/p>\n
Personal data might be provided to the Clinic by the individual, or someone else, or it could be created by the Clinic. It could be provided or created as part of the recruitment process; in the course of the contract of employment (or services); or after its termination.<\/p>\n
The Clinic will collect and use the following types of personal data about staff:<\/p>\n
These comprise personal data consisting of information relating to:<\/p>\n
The Clinic may hold and use any of these special categories of your personal data in accordance with the law.<\/p>\n
\u2018Processing\u2019 means any operation which is performed on personal data such as:<\/p>\n
The Clinic will process individuals\u2019 personal data (including special categories of personal data) in accordance with the obligations prescribed under the 2018 Act, including:<\/p>\n
The Clinic may process individuals\u2019 personal data for these purposes without your knowledge or consent. The Clinic will not use your personal data for an unrelated purpose without informing you about it and the legal basis for processing it.<\/p>\n
Please note that if individuals opt not to provide the Clinic with some personal data, the Clinic may be unable to carry out certain parts of the contract between us, e.g. the Clinic needs staff members\u2019 bank account details in order to pay them.<\/p>\n
The Clinic is required to process individuals\u2019 personal data in various situations during their recruitment, employment (or engagement) and even following termination of their employment (or engagement) for reasons including but not limited to:<\/p>\n
The Clinic may process special categories of personal data to use information in relation to your:<\/p>\n
The Clinic does not take automated decisions about you using your personal data or use profiling in relation to you.<\/p>\n
The Clinic will only process special categories of individuals\u2019 personal data in certain situations in accordance with the law e.g. with their explicit consent. If the Clinic requests consent to process a special category of an individuals\u2019 personal data, the reasons for the request will be explained. Individuals do not need to consent and can withdraw consent later if they choose by contacting Ann-Lynn Neary, Clinic Manager<\/p>\n
The Clinic does not need consent to process special categories of individuals\u2019 personal data when it is processed it for the following purposes:<\/p>\n
All employment checks, including those for criminal records, will be carried out in line with the Employer\u2019s Guide \u2018Right to Work Check\u2019 at: https:\/\/www.gov.uk\/government\/publications\/right-to-work-checks-employers-guide<\/a><\/p>\n The Clinic does not share your personal data with any contractors or agents for contracting obligations or legitimate interests.<\/p>\n The Clinic does not send your personal data outside the European Economic Area. If this changes you will be notified and the protections in place to protect the security of your data will be explained.<\/p>\n All staff who work for, or on behalf of, the Clinic has some responsibility for ensuring data is collected, stored and handled appropriately, in line with this Data Protection policy and the Practice\u2019s Records Retention Policy[*]and Computer and Data Security Procedure[*].<\/p>\n The Clinic Manager is responsible for reviewing this policy and updating the Directors on the Clinic\u2019s responsibilities for data protection, and any risks in relation to the processing of data. Any questions related to this policy or data protection should be directed to Ann-Lynn Neary, Clinic Manager.<\/p>\n All members of staff must follow these rules:<\/p>\n Please contact our Clinic Manager, Ann-Lynn Neary, if you have any questions about data protection, or if you become aware of any potential improvements or vulnerabilities in data protection or data security that the Clinic can improve upon.<\/p>\n Any deliberate or negligent breach of this policy may result in disciplinary action being taken in accordance with the Clinic\u2019s Disciplinary Procedure [*].<\/p>\n It is a criminal offence to conceal or destroy personal data which is part of a Subject Access Request. This conduct would be regarded as gross misconduct under the Clinic\u2019s Disciplinary Procedure [*], which could result in dismissal.<\/p>\n The Clinic has robust measures in place to minimise and prevent data breaches from occurring. Should a breach of personal data occur, the Clinic will make note of the relevant details and circumstances, and keep evidence related to that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals, then the Clinic will notify the Information Commissioner\u2019s Office within 72 hours.<\/p>\n If you are aware of a data breach you must contact the Clinic Manager, Ann-Lynn Neary immediately and retain any related evidence to the breach that you may have.<\/p>\n Data subjects can make a Subject Access Request (\u2018SAR\u2019) to access the information the Clinic holds about them. This request must be made in writing. If you receive a SAR you should forward it immediately to the Clinic Manager, who will prepare a response.<\/p>\n If you wish to make a SAR in relation to your own personal data this should be made in writing to \u2018The Clinic Manager\u2019 will respond within one month unless the request is complex or numerous \u2013 if this is the case, then the Clinic will need more time to complete the request, and can extend the response period by a further two months.<\/p>\n A Subject Access Request does not incur a fee, however, if the request is deemed to be manifestly unfounded or excessive then the Clinic is entitled to charge a reasonable administrative fee, or refuse to respond to the request.<\/p>\n In most situations the Clinic will not rely on your consent as a lawful ground to process your data. If the Clinic does request your consent to the processing of your personal data for a specific purpose, you have the right to decline or withdraw your consent at a later time. To withdraw consent, you should contact Ann-Lynn Neary, Clinic Manager.<\/p>\n Data subjects have the right to information about what personal data the Clinic processes, how it is processed and on what basis. They have the right to:<\/p>\n If you have a complaint about how your data is processed that cannot be resolved with the Clinic, you have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner\u2019s Office at www.ico.org.uk<\/a>.<\/p>\n Where your personal data is being corrected or erased, or the Clinic is contesting the lawfulness of the processing, you can apply for its use to be restricted while the application is made. In this case please contact Ann-Lynn Neary, Clinic Manager.<\/p>\n Information Commissioner\u2019s Office website www.ico.org.uk<\/a><\/p>\n Employers guidance on criminal checks<\/p>\n Records Retention Policy [*]<\/p>\n Computer and Data Security Procedure [*]<\/p>\n Our site uses Cookies from Google Analytics. This helps our website know who is visiting for the first time, who is returning and what device you are using. This information helps us develop this site to provide you with a better experience.<\/p>\n Cookies do not contain personal information but do uniquely identify your web browser. Google – https:\/\/business.safety.google\/compliance\/<\/a>\u00a0<\/p>\nSharing Your Personal Data<\/h3>\n
Processing Personal Data for the Clinic\u00a0<\/h3>\n
\n
Handling Data Breaches\u00a0<\/h3>\n
Subject Access Requests\u00a0<\/h3>\n
Data Subjects\u2019 Rights\u00a0<\/h3>\n
\n
Resources\u00a0<\/h3>\n
Cookies\u00a0<\/h3>\n
If you would like to know more about Google Analytics or what Cookies are please follow these links:<\/p>\n