Bloom Clinic and Spa GDPR Compliance Statement /
Privacy Policy
​
Introduction
Bloom Clinic and Spa is committed to protecting and respecting your privacy. This GDPR Compliance Statement outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).
​
Data Controller
​
OFFICE ADDRESS
Hazel end, Redbourn road, HP2 7BA
​
​
Personal Data We Collect
We may collect and process the following personal data about you:
-
Identity Data: Name, title, date of birth, gender.
-
Contact Data: Address, email address, phone numbers.
-
Health Data: Medical history, treatment details, health records (only with explicit consent).
-
Financial Data: Payment card details, bank account information.
-
Transaction Data: Details of services provided to you.
-
Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.
-
Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
You also have the right:
• To be informed of how your personal data will be used before it is collected.
• To access your personal data personal data and to information on how your information is used after it has been gathered.
• To have personal data corrected if it is incomplete, inaccurate or out-of-date.
• To request the removal or deletion of personal data where there is no compelling reason for its continued processing.
• To restrict processing, to ‘block’ processing of your personal data.
• To data portability, having your data moved, copied or transferred from Tony Hairdressing to another organisation in an easily readable format.
• To object to direct marketing from us.
Purpose and Legal Basis
for Processing Your Data Bloom Medi Spa takes your privacy seriously and we will never sell or rent your personal data to any third-party. Sharing of your data and direct marketing activities are only carried out with your express consent, which you are free to withdraw at any time. We need to obtain and process your personal data to provide you with our products, services and treatments and to fulfil our business and legal obligations. We will never collect any personal information from you that we do not need or retain any data that is no longer necessary for the purposes specified in this notice. Where we request sensitive personal data from you (i.e. health or medical data), the reason(s) for the request will be clearly given along with the purposes of the processing. Explicit consent through a signature will always be required for us to obtain and process your health information
Children’s Privacy Bloom Medi Spa does not collect the personal data of children under the age of 16 without parental or guardian consent. If you believe that we hold any information from or about a child under age 16, please contact Bloom Medi Spa and if we cannot immediately obtain appropriate parental or guardian consent, will remove the personal data from storage.
​
How We Use Your Personal Data
We use your personal data for the following purposes:
-
To provide you with our services.
-
To manage our relationship with you.
-
To process payments.
-
To send you service-related communications.
-
To improve our services.
-
To comply with legal obligations.
-
​
Legal Basis for Processing
We will only process your personal data when the law allows us to. Most commonly, we will process your data in the following circumstances:
-
With your consent.
-
Where we need to perform the contract we
OFFICE ADDRESS
Hazel end, Redbourn road, HP2 7BA
Appointments Only
OPENING HOURS
Mon - Fri: 9am - 3pm; 5-8pm Sat: 10.30am - 12.30 pm, 4-7pm
Sun: Closed