Policies

THE INTRODUCTION
Vibe Beauty Clinic Ltd registered number SC469520 (Scotland). Vibe Beauty Clinic Ltd is a Data Controller for the purposes of Data Protection Law (the Data Protection Act 2018, the General Protection Regulation (EU) 2016/679 and any legislation that, in respect of the United Kingdom, replaces, or enacts into United Kingdom domestic law, the General Data Protection Union (EU) 2016/679, the proposed Regulation on Privacy and Electronic Communications or any other law relating to data protection), which means it determines how an individual’s personal data is processed and for what purposes.

OUR COMPANY PURPOSE
Vibe beauty clinic is a boutique health and beauty clinic based within David Lloyd Club, Corstorphine. Vibe beauty clinic’s philosophy is based on offering a personalised and trusted range of professional lifestyle health and beauty treatments.

VIBE’S PRIVACY PROMISE
Transparency: We will always tell you what data we are collecting about you and how we wish to use it. We will only share your data with our trusted partners and guarantee that we will never sell your data under any circumstances.
You have control: You will always have control whether on not you wish to receive any marketing information from us.
Your data is secure: We respect and protect your confidentiality by using best practice when storing your data.

THE PURPOSE OF OUR PRIVACY NOTICE
Our Privacy Notice provides information on how Vibe beauty clinic will use or process your personal data about including: its staff, contractors, suppliers, guests and its current, past and prospective clients.

The information within this Policy is provided in accordance with the rights of individuals under Data Protection Law to understand how their data is processed used. Vibe beauty clinics staff contractors, clients, suppliers and guests are all advised to read his Privacy Notice.
Our Privacy Notice also applies to Vibe beauty clinics other relevant policies which include;

• Any contract between the Vibe beauty clinic and its clients, suppliers or third parties
• Vibe beauty clinics policy on taking, storing and using images
• Vibe beauty clinics policy on the use of CCTV (managed by David Lloyd Corstorphine)
• Vibe beauty clinics retention of records policy
• Vibe beauty clinics Health and Safety policy, including how concerns or incidents are recorded

WHO’S DATA WE COLLECT
Data is collected on the below list of individuals who form part of each category.
• Clients
• Staff / Contractors
• Suppliers
• Guests

WHAT INFORMATION WE COLLECT ABOUT YOU
We collect information about you when you make an enquiry, book an appointment for a treatment, visit the salon for a treatment, buy a product, apply for a job, or enter into a contract with Vibe beauty clinic, whether you contact us online, on paper, by email or by phone. We only collect relevant information to fulfil the purpose of our business.
Information may include your name, date of birth, age, address, email address, phone number, emergency contact information (their contact information in case of an emergency) relevant, lifestyle information, medical history and conditions which may suggest that a treatment should not go ahead or certain products not be used (eg allergies, pregnancy, skin conditions, medical conditions), payment and transaction information, IP address, bank details and financial transactions, correspondence, attendance at meetings or events, meeting notes, and CVs. Additional data is collected during an individual’s relationship with Vibe beauty clinic.
Images and video footage of clients and staff (and occasionally other individuals) may be collected engaging in treatments or at events organised by Vibe beauty clinic. David Lloyd Club Corstorphine operates CCTV in their grounds and club. Images will also be captured by David Lloyd Club Corstorphine CCTV system (in accordance with the their policies on CCTV and Taking, Storing and Using Images of guests, members, staff, contractors, suppliers and the general public)
For clients under the age of 16, we will only keep and use their personal information with the consent of a parent, carer or guardian.

PURPOSE OF PROCESSING PERSONAL DATA
In order to carry out its ordinary duties to staff, contractors, clients, suppliers and guests, Vibe beauty clinic may process a wide range of personal data about individuals (including current, past and prospective staff, contractors, clients, suppliers and guests) as part of its daily operation.

Some of this activity Vibe beauty clinic will need to carry out in order to fulfil its legal rights, duties or obligations – including those under a contract with its staff, contractors, clients, suppliers and guests. Other uses of personal data will be made in accordance with the Vibe beauty clinic’s legitimate interests, or the legitimate interests of another, provided that these are not outweighed by the impact on data subjects and provided it does not involve special or sensitive types of data. Examples of such interests are included below under “Examples of how we might use your personal information”.

EXAMPLES OF HOW WE MAY USE YOUR PERSONAL INFORMATION
The below is a list of Vibe beauty clinics processing activities that may fall within its, or a third party’s legitimate interest. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

How we might use your information to manage your contract with Vibe beauty clinic
• To provide access to facilities and services offered by Vibe beauty clinic
• To enable relevant authorities to monitor Vibe beauty clinic’s performance and assist with incidents as appropriate
• To process financial transactions to ensure the efficient and timely management of payment to use our facilities;
• Where otherwise reasonably necessary for Vibe beauty clinic’s purposes, including to obtain appropriate professional advice and insurance for Vibe beauty clinic LTD
• For security purposes, including CCTV in accordance with David Lloyd Corstorphine’s policy;
• To send updates or invites to clients about the Vibe beauty clinic’s activities and events that clients can get involved in or any other relevant news about Vibe beauty clinic
• To market Vibe beauty clinic to former clients or prospective clients where we have consent to do so

How we might use your information if you are a prospective, existing or former employee
• To manage the recruitment process
• Paying salaries, pension contributions and tax
• For the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as diversity or gender pay gap analysis and taxation records);
• Managing leave, disciplinary actions, grievance procedures
• To provide a safe and secure working environment
Employees in our salon may be self-employed. Where software systems and reception facilities are shared, our self-employed colleagues will have access to your information.

WHERE YOUR PERSONAL INFORMATION IS STORED
Data is stored both electronically and in hard copy format where necessary. There are strict access policies in place where only authorised personnel can access the information they require. Data storage locations may include:
• Centralised administration databases
• Shared internal hard drive
• Individual hard drives
• Icloud, Google, Roslin Design (web hosting company)
• Emails (hosted by Roslin design)
• Text message
• Personal laptops, phones and iPads – may contain temporary notes or images that will be transferred to a central location or deleted
• Filing cabinets
• Third parties (See below for more information on data that is shared with third parties)

HOW WE KEEP YOUR INFORMATION SECURE
All those who have access to, and are associated with the processing of, personal data are legally obliged to respect the confidentiality of any data they need to access in order to carry out their work and are obliged to process data in accordance with our internal policies outlined above.

HOW LONG WE KEEP YOUR PERSONAL DATA
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you may be entitled to ask us to delete your data. Please see ‘Your Rights’ below for more information.

SHARING DATA WITH THRID PARTIES
From time to time, we may need to share some of your data with a trusted third-party provider to fulfil our purposes. When we share data with a third party we will always ensure that we have the necessary contracts in place to ensure the security of your data. We will only share special category data, securely, with a third party if it is our legal obligation or in order to provide onsite medical care. Examples of third party processors may include:

• Administrative databases
• Email marketing providers
• Direct mail service providers
• HMRC
• Local authorities
• Pension providers
• IT services including cloud storage providers
• Appointed GP practice
• Professional advisors

TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF THE EEA
Certain restrictions of data leaving the EEA are in place to ensure that the level of data protection available to individuals within the EEA is not compromised. Some of our processes may require us to transfer data outside of the EEA. Generally, this occurs when we use a third-party processor who have servers based outside of the EEA. Where your personal data is transferred outside of the EEA, we require that the appropriate safeguards are in place to ensure an individual’s data protection rights are met.

MARKETING
We would like to send you information about products, services, events and special offers which may be of interest to you. We will ask for your consent to receive marketing information.
If you have consented to receiving marketing, you may opt out at any point.
You have the right at any time to stop us from contacting you for marketing purposes or giving your information to third party suppliers of products or services. If you no longer wish to be contacted for marketing purposes, please contact via the information in the ‘Contacting Us’ section.

COMPLAINTS PROCEDURE
If you feel your data has not been used in accordance with this policy, please notify us by using the contact details outlined below. We do hope that any matters of complaint may be resolved between the complainant and Fettes Enterprises Ltd, however, if you feel the need to leverage any complaint where there has been no satisfactory resolution in dealing directly with Fettes Enterprises Ltd, you may contact the ICO ico.org.uk/, who are the governing body for data protection information in the UK.

YOUR RIGHTS
How to find out if we are processing your data and request a copy of your information
You have the right to ask if your data is being processed by us and the right to ask for a copy of the data related to you that we are processing. Requests for data that are excessive or repetitive will be subject to a fee.

How to have your data amended or deleted
You have the right to have inaccurate data rectified or completed (if it is incomplete), or have your data erased. Some exceptions may apply where we have another lawful reason to continue to process your data.

How to stop us using your data for certain purposes
You have the right to object to certain processes as long as it does not interfere with contractual or lawful obligations that we still may need to fulfil.

How to transfer data
You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Any requests should be made by contacting us on the methods below. Requests can be made verbally or in writing. We will aim to respond to any requests within one month of the initial . We may need to take steps to confirm the identity of the requestor depending on the method in which the request was made. Some requests (or part thereof) may be refused and in such cases, we will respond outlining the reason for refusal.

CONTACTING US
If you would like to to update any of your information, amend your preferences, change the way we process your information or for any general data protection enquiries, feel free on the details below:

Email: [email protected]

 Post: Vibe beauty clinic 89b Glasgow Road, Edinburgh, EH12 8GZ 

Phone: +44 (0) 131 334 6407

CHANGES TO OUR PRIVACY NOTICE
Our Privacy Policy under regular review and we will note any updates within this document. This Privacy Policy was last updated on 23 May 2018.

Cookie	Duration	Description
_grecaptcha	session	Google reCAPTCHA uses this cookie to help identify bots and prevent abuse of the website
_lscache_vary	2 days	This cookie is used to store whether you are logged into the site and what your user role is. It us used to help improve site performance for logged in users.
comment_author_[hash]	347 days	Used to tracked comment author name, if “Save my name, email, and website in this browser for the next time I comment.” is checked.
comment_author_email_[hash]	347 days	Used to tracked comment author email, if “Save my name, email, and website in this browser for the next time I comment.” is checked
comment_author_url_[hash]	347 days	Used to track comment author URL, if “Save my name, email, and website in this browser for the next time I comment.” checkbox is checked.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
ls_smartpush	2 months	This cookie is set by Litespeed Server and allows the server to store settings to help improve performance of the site.
PHPSESSID	1 year	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_[hash]	1 year	This cookie is used to store your authentication details when logging in.
wordpress_logged_in_[hash]	14 days	This cookie stores whether or not you are logged into the site.
wordpress_test_cookie	1 year	This cookie tests if cookies are enabled on your browser, so we can provide you with the appropriate user experience.
wp-settings-{time}-[UID]	1 year	This is used to customise the view of the website for logged in users.