Privacy and Information Policy
Here at The Secret Spa your data protection is very important to us, and under the new GDPR law you have the right to be informed about how your data is used and processed.
Why we need your information
On your first visit to The Secret Spa you will will be required to complete a consultation form. This form will collect information that is required by our insurance for your treatment, failure to complete the form will result in refusal of treatment. Information collected will inable us to carry out a suitable and safe treatment.
How we use your data
We do not share any of your information with any third parties. If we have any incorrect data you can ask us to change it for you.
We have done an audit of client’s information, all paper consultation forms are held in a locked document file and access is strictly controlled.
We use a GDPR compliant booking system which is strictly controlled and password protected. Your first and last name, mobile and landline number, email, date of birth and any relevant health information is held on it. Each treatment you have and any products you have purchased are also held on it.
How do you request to view the information we keep about you?
If you would like access to the data we hold on you, we will aim to provide that to you as soon as we can, the regulations say within one month.
How do you request your information to be removed?
To remove all your information or just restrict what we use, please write to the attention of Rebecca Griffths and your request will be completed within 30 days.
What happens in the case of a data breach?
If we discover a data breach we will contact those affected as soon as we discover this breach so you can act accordingly. The phones and computer that we use are all protected by Norton and regular scans are run to detect any issues. If one of the phones is lost or stolen, we will inform you as soon as we can and of course let our service provider know so they can act immediately to protect your data.