You may have heard about the GDPR, but you may not be entirely sure how it will affect your relationship with Young Nails. So, here’s a quick run through of what it all means for you as a (Customer/Supplier/Employee) of ours.
1. What is the GDPR
The EU is introducing a regulation – the General Data Protection Regulation (GDPR) – to strengthen data protection for all within the European Union. GDPR is good news for you. It makes it easier for you to access your personal information and control how it is used.
2. When is it coming?
May 25th, 2018
3. Why do we collect and use this information in the first place?
There are several reasons why we collect and use this information. We have outlined some of these reasons below,
- To help administer our services
- To ensure we provide the best possible service
- To meet our regulatory and legal obligations
- To make business decisions which may impact you
4. Speaking of which, what is a Data Protection Notice?
A Data Protection Notice is a document that every organisation who processes personal information must produce and make available. It gives detailed, but simple, explanations of how your information is managed.
5. What are some of the key changes I will see as a customer/supplier/employee?
The GDPR will give you greater control over your personal information by setting our additional and more clearly defined privacy rights, which you can exercise.
Rights for customers/suppliers/employees under the GDPR include:
- The right to access personal information an organisation holds on you
- The right to have inaccuracies corrected
- The right to have information erased
- The right to object, including in relation to direct marketing
- To restrict processing
- The right to have your personal information sent directly to yourself or another organisation
- Rights in relation to automated decision making and profiling.
(You can find out about your privacy rights and how you can control the personal information we hold about you in our Data Protection Notice)
6. Do we share your personal information?
We sometimes need to share your personal information with trusted third parties who perform special functions for us. For example, we use third parties to help us process your examinations. We are also required to cooperate by law or otherwise through a legal process with Irish, EU regulatory or enforcement bodies.
7. How secure and confidential is your personal information?
Your hard copies of personal information is kept in locked filing cabinet or technologically transferred information is secured by a password only accessible by staff.
8. For how long do we retain your personal information?
This depends on the nature of the information we hold and the purposes for which it is processed. Sometimes that are statutory obligations (imposed by law). For example, we must retain some customer information for 6 years after the end of the customer relationship under the Consumer Protection Code. Some documents are required for 7 years after the service has ceased
9. Where do I get more information?
Kilkenny College of Beauty and Sports Therapy Data Protection notice
At Kilkenny College of Beauty and sports Therapy your privacy is very important to us.
It is one of our fundamental responsibilities as a business to ensure that we protect the information entrusted to us by you. This Data Protection Notice looks to answer your important questions about the processing of personal information by our organisation. Please take some time to read this Data Protection Notice carefully.
In this Data Protection Notice, we use the terms “Kilkenny College of Beauty and sports Therapy” or “we” to refer collectively to Kilkenny college of Beauty and sports Therapy and Beauty and Holistic workshops to you.
1.1. Our Training centre is located at No 4 Patrick Street Kilkenny
We provide a range of services to personal customers including Education and commercial salon.
1.2. How you can contact our training centre if you have any questions about your privacy rights or if you would like to change your privacy preferences, you can contact us in the following ways:
- By dropping in to or calling our Training centre
- By contacting us by phone or email
2. How can you control the personal information you have given to us?
When your personal information is handled in connection with our service, you are entitled to rely on a number of rights. These rights allow you to exercise meaningful control over the way in which your personal information is processed. You may execute any of these rights free of charge (in certain exceptional circumstances a reasonable fee may be charged, or we may refuse to act on the request) and we may ask you to verify your identity prior to proceeding with your instruction by way of requesting additional information/documentation from you. Once we are satisfied that we have effectively verified your identity, we will respond to the majority of requests
without undue delay and within a one-month period i.e. 30 calendar days of receipt of the request. We will action your request to have your personal information corrected within 10 calendar days. These periods may be extended in exceptional circumstances and we will inform you where the extended period applies to you along with an explanation of the reasons for the extension. Further information in relation to how you may execute these rights is outlined in the Data Protection section of our notice or alternatively by contacting us using the channels outlined in this document.
For example, you are entitled to:
2.1. Access your personal information
You can look to access the personal information we hold about you by contacting us with a data access request using the channels outlined. We will endeavour to provide you with as complete a list of personal information as possible.
2.2. Correct/ restrict /delete your personal information
If you believe that certain personal information we hold about you is inaccurate or out of date, you can look for the information to be corrected at any time using the channels outlined after we have verified the information. If you dispute the accuracy of information held, you can request that we restrict processing this information while your complaint is being examined. If you suspect that we are processing certain information without a legitimate reason or that we are no longer entitled to use your personal information, you can also ask for that personal information to be deleted.
We are not under an obligation to rectify or delete your personal information where to do so would prevent us from meeting our contractual obligations to you or where, our college is required or permitted to process your personal information for legal purposes or otherwise in accordance with our legal obligations.
We ask that you keep us informed of any relevant change in your personal circumstances to enable us to keep the information on our systems up to date and accurate.
2.3. Withdraw your consent
Whenever you have provided us with your consent to process your personal information, for example, so that we can contact you about services, you have the right to withdraw that consent at any time through one of the channels identified. If you withdraw consent to processing (and if there is no other justification for continuing to process your information), you are also entitled to request that your personal information is deleted. Withdrawing consent does not affect the lawfulness of any processing undertaken by us based on your consent before its withdrawal.
2.4. Object to your personal information being used for certain purposes
If you disagree with the way in which we process certain information based on its legitimate interest, you can object to this through one of the channels identified. In such cases we will provide you with details regarding the rationale for processing your personal information and we will stop processing
the personal information under dispute if we cannot legitimately justify the reasons for processing within the agreed timeframe.
2.5. How to exercise your rights. You can exercise the rights outlined above free of charge by contacting us using any of the channels mentioned in this document.
3. Why do we collect and use your personal information?
We gather and process your personal information for a variety of reasons and rely on a number of different legal bases to use that information, for example, we use your personal information to process your applications, to help administer your services, to ensure we provide you with the best service possible, and to meet our legal and regulatory obligations. We use your information for exam registration.
3.1. To comply with legal obligations
We are required to process your personal information to comply with certain legal obligations, for example:
3.1.1. to report and respond to queries raised by regulatory authorities, law enforcement and other government agencies such as the Central Bank of Ireland, the European Central Bank and relevant policing authorities
3.1.2. to respond to requests from Irish Revenue in accordance with relevant tax legislation including queries relating to Foreign Account Tax Compliance Act (FATCA), stamp duty and Common Reporting Standard (CRS) and under Notices of Attachment issued by Irish Revenue;
3.1.3. to pass details of the originator or the payee to the receiving or transferring financial institution;
3.1.4. to gather information about our customers’ knowledge and experience.
3.1.5. to meet Insurance regulations and retain relevant documents ie consultation,consent forms for relevant durations.
3.1.6. to cooperate and provide information requested in the context of legal 3.1.5. and/or regulatory investigations or proceedings;
3.1.7. To investigate allegations of fraud and prevent fraud by third parties or customers.
3.2. To enter into and perform a contract for a product or service
3.2.1. Before we provide you with products or services, we have to gather some personal information to process your application and to assess the terms upon which we can enter into the contract with you.
3.2.2. To manage your accounts, policies and any other banking products or services, we have to process your personal information. Examples of processing include the administration of accounts, payments, deposits, credit decisions. As part of this process, we may be required to pass some personal information to an intermediary or counterparty (e.g. if you perform a payment transaction, we pass information on the progress of the transaction to the payee concerned). 3.3. To enable us to function as a business
3.3.1. In certain circumstances, we process your personal information on the basis of the legitimate interests of our business.
In doing so, we ensure that the impact of the processing on your privacy is minimised and that there is a fair balance between the legitimate interests of our business and your privacy rights. If you disagree with your information being processed in this manner, you are entitled to exercise your right to object.
Examples of situations in which your personal information is processed based on our legitimate interests, include:
- to enable us to manage, on a holistic basis, our relationship with you by maintaining a single view of your accounts and any products or services that we provide to you and any interaction with us. This enables us to create a profile for you and to assess your needs better;
3.4. Where you have provided consent
3.4.1. Marketing Consent:
We use your personal information to make you aware of products and services which may be of interest to you. You can find out more about how we would like to provide you with customised offers and personalised customer service. To be able to do this, we will ask you for your consent. You can at any time withdraw that consent through the contact channels set out.
3.4.2. Sensitive Information Consent:
We sometimes collect and process information on your health and other sensitive information which you share with us while applying for a product or service or when requesting a change to an existing product and service. The staff member you are dealing with will ask for your consent to process this type of personal information and will follow strict procedures when processing this information.
4. What kind of personal information do we collect and how it is used?
The information we hold about you can vary depending on the products and services you use. This includes personal information which you give to us when you are looking for a quote for a product or service, personal information we collect automatically, for instance, the date and time you accessed our services when you visit our websites or apps; and personal information we receive from other sources.
Here is a more detailed look at the information we hold about you and how it is used by us
Types of information
Examples of how the information is used by us
Name, sex, date of birth, nationality, address, PPSN, NI number, driving licence, passport, a self portrait picture- Shared with relevant examining bodies for exam registration and to confirm candidates identity.
We use this type of information to identify you and to help us combat fraud and other illegal activity.
Telephone number, e-mail address -for direct contact purposes for service information.
Your contact information is needed to manage and administer your services; to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you; and to notify you about either important changes or developments to the features and operation of those services. We also use this information to respond to your enquiries and complaints.
Types of information
Examples of how the information is used by us
Information to help us service your needs
Information gathered from simulations, applications, competition entries etc
When you look for a quote, enter a competition or fill out an application with us, the personal information which you provide is processed and assessed by us to fulfil that purpose. That information will also be stored and may be used to pre-populate any form or documentation if you are interrupted during the process and/ or wish to start again at a later point. We may also contact you where your application is incomplete or interrupted to support you to complete that application or to answer any queries you may have. Where you contact us in relation to a particular service we will use this information to let you know about that particular service or ones which may suit your requirements.
Interactions with our staff at our training centre, by phone, email or through our digital channels,
Whenever a staff member meets with you or contacts you this interaction is often logged to retain a note of the interaction so that staff can deal with your queries and satisfy your requests. We may record phone conversations with you to train staff, improve security, resolve complaints and to improve our services generally. We do not record phone calls.
Significant life events like moving business, birthdays etc. We may use these life events to determine which services or products are most relevant to you.
TYPES OF INFORMATION EXAMPLES OF HOW THE INFORMATION IS USED BY US
Your comments and suggestions, past complaints
We collect this information to analyse, assess and improve our services to customers, and also for training and quality control purposes. For example, we may monitor or communictions between you and us.
Information made available by another party or in a public domain
Publicly available information including information on your social media profile where it is publicly accessible.
Information about you which is obtained from other parties, for example, people appointed to act on your behalf.
We sometimes use this type of information to verify that the information we hold on our databases is correct.
We also use this information to help us understand our relationship with you and to help us to offer you products and services we believe will be of interest to you.
Information about your location
Images from security cameras.
We may use CCTV (outside of treatment rooms) to monitor and collect images. , may be used to provide evidence to the Police for investigations for criminal proceedings.
TYPES OF INFORMATION EXAMPLES OF HOW THE INFORMATION IS USED BY US5. How do we use personal information for direct marketing?
We would like to make you aware of products and services which may be of interest to you. We can do this by using some of the personal information we hold about you to better understand your needs.
Based on your behaviour and/or the type of transactions, we might offer you an alternative product that better suits your needs; and
Based on your demographic or other personal information we may offer you products or services which are widely used by others in the same demographic group.
5.2. You can review and make changes to your marketing preferences at any time through the options outlined in this document.6. What about Security and Conﬁdentiality? We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure. We also take steps to ensure that only persons with appropriate authorisation can access your personal information.
6.1. Who can access your personal information within our Group?
6.1.1. Only staff members who are suitably authorised can access your personal information if that information is relevant to the performance of their duties, whether it be in connection with the delivery of products or services or in accordance with legal or regulatory obligations.
6.2. Security measures to safeguard your personal information
All personal data is kept in locked filing cabinet.
6.3. Other restrictions on use of your personal information
We do not collect personal information on children aged under 16, unless a parent or legal guardian has given his/her consent for this. We will not sell or hire your personal information to third parties for their own use.7. Who do we share your personal information with?
Our Group sometimes shares your personal information with trusted third parties who perform important functions for us based on our instructions and applying appropriate confidentiality and security measures. For example, we send your information to examining bodies for registration, examination and certification purposes. We may also share your information with third party training bodies We go into more detail below about the reasons we share personal information with third parties.8. How long will we retain your personal information?
How long certain personal information is stored depends on the nature of the information we hold and the purposes for which they are processed. We determine appropriate retention periods having regard to any statutory obligations imposed on us by law. For example, we are required to retain some customer information for 6 years after the end of the customer relationship in accordance the Consumer Protection Code. If the purpose for which the information was obtained has ceased and the personal information is no longer required, the personal information will be deleted or anonymised which means that your personal information is stripped of all possible identifying characteristics. We have put in place procedures to ensure that files are regularly purged and that personal information is not retained any longer than is necessary. We retain some information for 7 years after the service has ceased for insurance purposes.