The General Data Protection Regulation (GDPR) regulates the processing of data relating to individuals. This includes the obtaining, holding, using or disclosing of such data and covers computerised records as well as manual filing systems and card indexes. Glow Clinics shall hold the minimum personal data necessary to enable it to perform its treatments safely and efficiently. All such data is confidential and needs to be treated with care in order to comply with the law. We recognise that the lawful and correct treatment of personal data is very important to successful operations and to maintaining customers’ and employees’ confidence in ourselves. Any personal data which we collect, record or use in any way whether it is held on paper, on computer or other media shall have appropriate safeguards applied to it to ensure that we comply with the GDPR. This policy will cover the rules and also the implementation of best practice around data acquisition, usage, storage and protection.
Data Protection Principles
The Company (Glow Clinics) is fully committed to adhering to the Principles of Data Protection, as
set out in the GDPR.
In summary, the Principles state that personal data shall
• Be obtained and processed fairly and lawfully and shall not be processed unless certain conditions
• Be obtained for a specified and lawful purpose and shall not be processed in any manner
incompatible with that purpose.
• Be obtained for legitimate interests which cover the following
• Be adequate, relevant and not excessive for that purpose.
• Be accurate and kept up to date annually.
• Not be kept for longer than is necessary for that purpose.
• Be processed in accordance with the data subject’s rights
• Be kept safe from unauthorised access, accidental loss or destruction
• Not be transferred to a country outside the European Economic Area, unless that country has
equivalent levels of protection for personal data
To comply with the law, information shall be collected and used fairly, stored safely and not disclosed
to any other person unlawfully.
Compliance and accountability
It is the responsibility of Glow Clinics to:
• Assess the understanding of the obligations of Image Beauty Salon under the GDPR
• Identify and monitor problem areas and risks and recommend solutions
• Promote clear and effective procedures and offer guidance to staff on Data Protection issues
• Review business changes and determine whether registration under the GDPR is required
Your personal data;
1:1 When do we collect your personal data?
We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website
(including your IP address, geographical location, browser type and version, operating
system, referral source, length of visit, page views and website navigation.
(b) information relating to any transactions carried out between you and us on or in
relation to this website, including information relating to any purchases you make of our
goods or services and contact details relative to said goods or services.
(c) information that you provide to us for the purpose of registering with us.
(d) information that you provide to us for the purpose of subscribing to our website
services, email, notifications and/or newsletters. You have the option to remove yourself
from our database at any time. In such circumstances please email Sue Adams at
(e) any other information that you choose to send to us
1.2 How we use your data
We may use your personal information to:
(a) administer the website
(b) improve your browsing experience by personalising the website
(c) enable your use of the services available on the website
(d) send to you goods purchased via the website, and supply to you services purchased
via the website
(e) send statements and invoices to you, and collect payments from you
(g) send you email notifications which you have specifically requested
(h) send to you our newsletter and other marketing communications relating to our
business by post or, where you have specifically agreed to this, that is relevent to you,
by email or similar technology (you can inform us at any time if you no longer require
(i) provide third parties with statistical information about our users – but this information
will not be used to identify any individual user
(j) deal with enquiries and complaints made by or about you relating to the website
Where you submit personal information for publication on our website, we will publish
and otherwise use that information in accordance with the licence you grant to us.
We will not without your express consent provide your personal information to any third
parties for the purpose of direct marketing.
Our website financial transactions are handled through our payment services provider,
information with PayPal only to the extent necessary for the purposes of processing
payments you make via our website and dealing with complaints and queries relating to
Our website online booking functionality are handled by Shedul,You can view their
Security of your personal information
We will take the up-most technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website).
Security of your personal information
In the event of a breach (an incident where data is lost, either through the loss or theft of the laptop/ memory stick/ hard drive it is stored on, a breach in the security of the platform it is stored in, or the hard copies being lost or stolen), employees must inform the Data Protection Officer (DPO) immediately. Your DPO will then escalate this to the appropriate team members. The nominated team members will then assess the severity of the breach and work to ascertain the correct response. In all instances, if clients have had their customer data compromised, either through actions or a breach on the employee’s part or on the part of a third party, clients shall be alerted to the fact by Sue Adams at Glow Clinic as soon as possible. This should take the form of a telephone call, but if this is not possible, an email. Follow-up calls with the individuals responsible for data storage and security may be arranged. If it is found that the breach has occurred through negligence (loss of device/ documentation with data stored on it, poor password practices, storing data in a way which contravenes the Data Protection Policy), disciplinary or criminal action may be taken. If a complaint is raised against Glow Clinic due to breach of procedure this will be dealt in accordance with the company’s complaints procedure
You may instruct us to provide you with any personal information we hold about you at any time. Provision of such information will be subject to: (a) the payment of a fee (currently fixed at £10.00); and (b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address). We may withhold such personal information to the extent permitted by law. You may instruct us not to process your personal information for marketing purposes. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes. Under the GDPR there could be some very rare situations where we would not disclose information in your file. For example if there is a document that also contains personal information about someone else. Under the GDPR you have a right to request for your data to be removed from our database, with the exception of data we require for legal, statistical compliant and legitimate purposes i.e Company information.
Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
Please let us know if the personal information which we hold about you needs to be corrected or updated.