Fair Processing Notice
How we use your personal information & Why
This fair processing notice explains why Purple Aura Aesthetics Health and Well-Being Ltd collects information about you and how that information will be used.
Holly Price is controller and Hannah Wood is the processor of your information for Purple Aura aesthetics health and well-being Ltd.
For Arbonne I Holly Price am both the controller and processor of your information though there is an element of which Arbonne is also the controller.
1. Vital Interests
I Holly Price, your health care professional, Aesthetics and Well-Being practitioner maintain records about your health and any treatment or care that you have had previously that specifically relates to the care I provide you and this must be relevant. No consent is needed for me to hold this data as its partly assumed that you provide consent when entering into the contract of care and providing me with only your relevant information. Secondly this information is required to provide you safe and effective health care and legally should be held for a minimum of eight years securely (details can be found in Purple Aura Aesthetics Health and Well-Being Ltd GDPR data protection policy).
This information will include name, address, date of birth, next of kin, GP practice and your health details as filled out in your consultation that you will sign.
For all other information including communication and marketing, consent from you the client is required - this will stipulate what information I hold, what information you would like to receive and how you would like to receive it.
Elective treatments are not considered vital, so a contract is required, and consent needs to be ascertained.
This must be gained by opting in and details of which will be explained explicitly on the data consent for that you will complete during your consultation.
This data I will hold for 7 years in alignment with my insurance policy unless otherwise instructed by you the customer.
You have rights about your data, and these will be sited below.
Information obtained that is necessary to complete the contract can be held for as long as required to complete that contract. This includes details required to complete any payment or service.
4. Legal Obligations
Purple Aura Aesthetics Health and Well-Being Ltd is committed to protecting your data and privacy and will use your information lawfully in accordance with
Data Protection Act 1998
Human Rights Act 1998
Common Law Duty of Confidentiality
Set out below briefly outlines your rights regarding your personal information that I control and process.
Right to be informed
Purple Aura Aesthetics Health and Well-Being Ltd is notifying you of how your data will be processed and your rights via this fair processing notice.
Right of access
You have the right to request access to any data that I hold about you. This should be requested in writing Via email or handwritten. You have a right to receive that data within 30 days of that request, Free of charge.
Right to rectification
If you believe that your data being held is incorrect, you have the right to request that this is rectified by providing a written request. Note: this request can be rejected if the request is not truthful.
Right to erasure
You have the right to request that data your data held may be erased. This only applies for data which you have provided consent I.e. marketing, communication, promotions, and treatments. This does not apply for information held for vital interests or that necessary to complete the contract. Again, requests should be written, and you should have your issue dealt with within 30 days free of charge.
Right to restrict processing
You as the client have the right to limit how your data is processed. You will be asked to consent to how your data is processed via opting in. you have the right to change this at any time. Again, requests should be written, and you should have your issue dealt with within 30 days free of charge.
Right to data portability
Requests should be written, and you should have a response within 30 days, free of charge.
Right to Object
You have the right to request via writing that your data be sent in a common format to either you yourself or a specified 3rd party, free of charge
Right not to be subject to automated decision-making including profiling
At Purple Aura Aesthetics Health and Well-Being Ltd all information will be processed individually. The exception to this is if you opt in to being part of a group WhatsApp. You have the right to remove yourself immediately from the group. If you are part of a group social media page again you can either remove yourself or request that you be removed, and this will be processed on receipt of the request.
How your data will be stored & processed
Purple Aura Aesthetics Health and Well-Being Ltd is paper light - as a result your information will be gathered and stored electronically. On the rare occasion that paper is used it will be scanned saved and destroyed immediately.
Purple Aura stores information on encrypted cloud and uses encrypted emails to send client information. Please see Purple Aura Aesthetics Health and Well-Being Ltd GDPR policy for full details.
The type of recipients that the organisation may have to disclose the data to particularly those based in third parties:
I will not disclose any of your information to a 3rd party without your permission. Examples of such cases where this may be required would be a further referral for care (with consent) or to discuss a practice case at a peer support forum (with consent and every effort to hide your identity made).
Exceptions to this rule would be in a life or death situation for emergency lifesaving treatment if I was unable to obtain your consent due to your condition; or if data is had to be disclosed to insurance companies in the result of a claim being made against Purple Aura.
In the event of using photographs on social media, consent will be obtained prior to use and every effort will be made to maintain client anonymity unless specified by the client. Occasionally there may also be an event where information of a picture maybe shared amongst peer practitioners in a closed forum to enable best practice. Again, consent will be obtained, and anonymity maintained where possible. If a whole face need be shown this will be discussed with the client first. The closed group contains medical practitioners only all of whom are bound by their governing body and the Data Protection Act.
Objections and Complaints
Should you have any concerns about how your data is managed by, please feel Purple Aura Aesthetics Health and Well-Being Ltd free to raise your concern and we at purple aura will endeavor to rectify this at the earliest instance. If you are still unhappy following this review then you can complain to the Information’s Commissioners Office (ICO) via their website www.ico.org.uk
Change of details
it is important that you inform me if you have any change of details such as your name address, telephone number or changes to your health (that may affect your treatment) to ensure your information is up to date and correct. This is your responsibility and will ensure the data we hold are up to date and accurate for you.
The Data Protection Act 1998 requires organisation’s to register a notification with the information commissioner to describe the purpose for which they process personal data and sensitive information.
This information is publicly available on the Information Commissioners Office website www.ico.org.uk
Purple Aura Aesthetics Health and Well-Being Ltd is registered with the information Commissioners Office (ICO)
Who is the data Controller?
The data controller, responsible for keeping your information secure and confidential is:
10 Cross Lane
Hannah Wood- Personal Assistant
29 George Gallimore Drive