Secret Oasis Spa Privacy Notice
At SOS we are committed to protecting your privacy under the GDPR
The Secret Oasis Spa DPO/ GDPR Owner ensures that this notice is made available to data subjects prior to collecting/processing their personal data. All Employees of Secret Oasis Spa who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
This Notice may change over time and we advise our customers to check back and review the current Privacy Notice.
Last Updated : 11/06/2018
Who we are: Secret Oasis Spa
Secret Oasis Spa is a Beauty Salon offering a range of high quality beauty treatments located in Fulham Road, West London.
Our DPO/ GDPR Owner and data protection representatives can be contacted directly here: email@example.com
The personal data we would like to collect from/process on you is: Personal data type
You the individual, data source companies to whom you have given consent, your company who have provided consent for you to be contacted.
The personal data we collect will be used for the following purposes: Processing of bookings, the provision of relevant information, marketing and promotion of beauty treatments relevant to you the individual and for charging purposes.
Our legal basis for processing for the personal data: You are a client or potential client of Secret Oasis Spa; you have expressed interest in receiving information from Secret Oasis Spa in respect of beauty treatments; you have subscribed to our third party data partners for the supply to you of information relevant to beauty treatments including Treatwell; you have contacted us requesting information relevant to our products, services and facilities; or you have completed a in-salon registration form for our treatments in which you have provided your written consent.
Any legitimate interests pursued by us, or third parties we use, are as follows: The processing of bookings that you have made with us and the marketing and promotion of Secret Oasis Spa.
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
Consent is required for Secret Oasis Spa to process personal data, but it must be explicitly given. When we need consent to process your personal data we will ensure that we obtain it in an unambiguous way. Where we are asking you for personal data we will always tell you why and how the information will be used. If we need to process data which is special category of PII then we will do so only with explicit consent. Read Secret Oasis Spa Consent Policy.
You may withdraw consent at any time by notifying Secret Oasis Spa in writing via email to firstname.lastname@example.org stating in the title ‘UNSUBSCRIBE’ and providing your name and email address or by clicking ‘UNSUBSCRIBE’ or ‘OPT-OUT’ in any correspondence received from Secret Oasis Spa in line with Secret Oasis Spa Withdrawal of Consent Procedure.
Secret Oasis Spa will not pass on or share your personal data with third parties under any circumstances whatsoever. Your data will always remain confidential
Safeguards in place to protect your personal data from loss, misuse or alteration.
These measures include:
We lock doors and file cabinets, control access to our facilities, implement a clean desk policy, and apply secure destruction to media containing your Personal Data.
We use network and information security technologies such as anti-virus and endpoint protection software, encryption, intrusion detection and data loss prevention, and we monitor our systems and data storage.
Personal Data Breaches
Secret Oasis Spa takes every reasonable measure to prevent Personal Data breaches. If these do occur, we have a process in place to take swift action within our responsibilities. These actions will be consistent with the role we have in relation to the products, services or processes affected by the breach. In all cases, we will work together with affected parties to minimize effects, to make all notifications and disclosures that are required by applicable law or otherwise warranted, and to take action to prevent future breaches.
Storage of Your Personal Data
The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house as well as third-party servers in the EU.
Links to Other Websites
Our websites may contain links to other websites, which are owned or operated by other companies. If you choose to visit any linked websites, we encourage you to review their privacy statements carefully, as they may differ from ours. We are not responsible for the content or privacy practices of websites that are owned by companies that are not within Secret Oasis Spa.
We will process personal data within 6 months and will store the personal data for no more than 6 months after the usage date unless you are a client of Secret Oasis Spa, in which case, your data will be retained until such time as you are no longer a client of Secret Oasis Spa i.e. not having used Secret Oasis Spa within the previous 2 years. Verification of opt-in for data retention for all our clients will be sent to our clients annually. However, Secret Oasis Spa are required to retain information in accordance with the law, such as information needed for income tax and audit purposes under which case, data will be retained in compliance with English Law for the stipulated period. Read Secret Oasis Spa Data Retention Policy.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review
in the event that Secret Oasis Spa refuse your request under rights of access, Secret Oasis Spa will provide you with a reason as to why. You have the right to complain as outlined below.
In the event that you wish to make a complaint about how your personal data is being processed by Secret Oasis Spa or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our DPO/ GDPR Owner.
The details for each of these contacts are:
Phone: +44 303 123 1113
Live chat: https://ico.org.uk/global/contact-us/live-chat/
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Secret Oasis Spa DPO
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
This privacy notice tells you how Secret Oasis Spa collect and use your personal data.
Why do we need to collect and store personal data?
1. You are a client or potential client of Secret Oasis Spa, therefore we need to obtain and hold your data for business and charging purposes
- You have expressed interest in receiving information from Secret Oasis Spa in respect of receiving beauty treatments and products or you have contacted us requesting information relevant to our products, services and facilities, therefore, we will send you the relevant information that you have requested
- You have subscribed to our third party data partners for the supply to you of information relevant to the beauty industry. As a client of those data companies, we have the right to use that data to which you have opted in, providing in each and every correspondence sent to you, the option to ‘UNSUBSCRIBE’ or ‘OPT-OUT’ is clearly included in the correspondence
Secret Oasis Spa are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. The above conditions of consent include using your data for relevant marketing and promotional purposes, which Secret Oasis Spa believe, are of interest to you as our client or as a potential client
Will Secret Oasis Spa share personal data with anyone else?
We will never pass your personal data on to third-party service providers or anyone else in the course of dealing with you.
How Secret Oasis Spa use the personal data it collects
Secret Oasis Spa will process the information you provide in compliance with the EU’s General Data Protection Regulation (GDPR). Secret Oasis Spa will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Secret Oasis Spa are required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances we contact you
Secret Oasis Spa’s aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
How can you find out about the personal data that Secret Oasis Spa holds about you
At your request, Secret Oasis Spa can confirm what information we hold about you and how it is processed. If we hold any personal data about you, you can request the following information:
Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
Contact details of the data protection officer, email@example.com
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of Secret Oasis Spa, information about those interests.
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
Secret Oasis Spa will never transfer personal data to a third country or international organisation.
How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority.
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID you need to provide in order to access this?
We accept the following forms of ID when information on your personal data is requested:
1 Form of Photo ID, & 1 Utility Bill (from within the last 3 montths)
These will be destroyed after your Complaint has been concluded.
Contact details of the data protection officer firstname.lastname@example.org
Secret Oasis Spa DPO, PO Box 16, Essex, IG9 5LU.
The fact that any communications with you relating to processing will be “in a concise, transparent, intelligible and easily accessible form, using clear and plain language”.
Secret Oasis Spa are clear about how we use your data and the consequences/risks to you of consenting for us to process your data.
The legal basis for holding your data is contractual, business obligations as a client of Secret Oasis Spa.
Wherever possible Secret Oasis Spa will never request or hold any of the following information under ‘Special categories’ of personal data GDPR compliance which is classified under the Regulation:
- Ethnic origin
- Political opinions
- Religious beliefs
- Philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health data
- Data concerning a natural person’s sex life
- Sexual orientation