Privacy Policy

We, The Guild of Professional Beauty Therapists Ltd (also referred to as “we”, “us”, or “our”) are a registered company in England (Company no. 2949953). Our registered address is Synergy House, 7 Acorn Business Park, Commercial Gate, Mansfield, NG18 1EX. We also operate under the brands Beautyguild.com, Guild Gazette, Guild Training International (GTi) and My Time To Book. The Guild of Professional Beauty Therapists Ltd is authorised and regulated by the Financial Conduct Authority (FCA) under firm reference number 918721.

Please read this Privacy Policy carefully which explains how we will use personal information about you and the steps we take to ensure your personal information is kept secure and confidential. It should be read together with our Terms of Business. You must not use this website or our other services if you do not accept this Privacy Policy or our Terms of Business.

We take your privacy very seriously. This Notice is designed to help you understand what kind of information we collect in connection with our products and services and how we will process and use this information. In the course of providing you with products and services, we will collect and process information that is commonly known as personal data.

This Notice describes how we collect, use, share, retain and safeguard personal data.

This Notice sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.

We will process your personal data in line with:

• The UK’s updated Data Protection Act 2018, which was initially the UK’s enactment of the EU GDPR.
• The UK retained provisions of the EU’s General Data Protection Regulation (‘UK GDPR’) (retained by virtue of the European Union (Withdrawal) Act 2018).
• Regulations based on wider EU legislation such as the Privacy and Electronic Communications Regulations (EC Directive) 2003 (PECR) and future updates.
• Wider guidance from the Information Commissioners Office – www.ico.org.uk

Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, their gender and contact details.

Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to or sexual orientation.

Personal data may also contain data relating to criminal convictions and offences.

For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.

In order for us to arrange and administer insurance for you, we will collect and process personal data about you. We will also collect your personal data where you request information about our services, customer events, promotions and campaigns.

We may also need to collect personal data relating to others in order to arrange and administer insurance. In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are entitled to do so. We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16, please get your parent or guardian’s permission before you provide any personal information to us.

In order to ensure the services we provide to you continue to meet your needs, we may ask you for feedback on your experience of using the website. Any feedback you provide will only be used as part of our programme of continuous improvement and will not be published on the website.

You may provide us with personal data when completing online quote or contact forms, when you contact us via the telephone, when writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you.

We will share your personal data within our firm and with business partners. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure and to process claims. It is also necessary to determine the premium payable and to administer our business.

We also share personal data with authorised third parties; this is necessary where we are required to do so by law, where we need to administer our business, to quote for, source, place and administer your insurances including arranging insurance premium finance, to perform underwriting activities and to process claims. Some examples are:

• Insurers
• Underwriters
• Premium finance providers
• Credit reference agencies
• Debt recovery agencies
• Claims handling companies
• Loss adjusters
• Insurance brokers
• Reinsurers
• Regulators

We will collect your personal data when you visit our website, where we will collect your unique online electronic identifier; this is commonly known as an IP address.

We will also collect electronic personal data when you first visit our website where we will place a small text file that is commonly known as a cookie on your computer. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website and when using features. For more information please see our Cookie Policy.

We may record your communications with us when contacting our customer care, complaints and other customer focused functions. We also collect personal data through the use of telematics or similar locational tracking services, where you have agreed to the use of this particular service.

Where we collect data directly from you, we are considered to be the controller of that data, i.e., we are the Data Controller. Where we use third parties to process your data, these parties are known as ‘processors’ of your personal data. Where formal arrangements exist between us and those processors for them to process data purely under our instruction and not on their own behalf, they will be Data Processors. Where there are other parties involved in underwriting or administering your insurance they may also process your data in which circumstance we will be a joint data controller of your personal data.

A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.

As a provider of insurance services, we will process the following categories of data:

• Personal data such as an individual’s name, address, date of birth, gender, contact details and details of historic claims
• Special categories of personal data such as health and details on historic claims resulting in injury (physical and physiological)
• Data relating to criminal convictions and offences such as details of criminal offences or insurance fraud

If you object to the collection, sharing and use of your personal data we may be unable to provide you with our products and services.

For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.

Your personal data’s security is very important to us. This is why, where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure. Certain information, for example, your credit card details, is encrypted to minimise the risk of interception during transit. You may complete a registration process when you sign up to use parts of the website. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone. Where you do disclose any of these details, you are solely responsible for all activities undertaken on the website where they are used. To protect your account, we ask you to choose a strong password to access your information on our website. A strong password should be lengthy and include a mixture of letters and numbers. Your password can only be reset with access to the email address registered in our system. We do our best to keep the information you disclose to us secure. However, we can't guarantee or warrant the security of any information which you send to us, and you do so at your own risk. By using our website you accept the inherent risks of providing information online and will not hold us responsible for any breach of security.

If you require more information about our insurance processes or further details on how we collect personal data and with whom we share data with, please contact our Data Protection Officer by e-mailing paul.archer@beautyguild.com.

We will use your personal data for the performance of our contract with you, to quote for and provide you with insurance products and services, to process claims and renewals, to administer your policy and our business, to respond to any requests from you about services we provide and to process complaints. We will also use your personal data to manage your account, perform statistical analysis on the data we collect, for financial planning and business forecasting purposes and to develop new and market existing products and services. We may send you information about products and services which we think may be of interest to you - if you agree, we will contact you (depending on your contact preferences) via email, post, telephone, SMS, or by other electronic means such as via social and digital media this may include new product launches, newsletters and opportunities to participate in market research.

We will use any special category and criminal conviction data we collect about you for the performance of our contract with you which is deemed to be necessary for reasons of substantial public interest. This allows us to quote for and provide you with insurance products and services, to process claims and renewals and to administer your policy.

We may contact you to enable you to share our content with others, e.g. by using any 'Email a friend' or 'Share this' functionality on our website. We will store the personal information you provide and may use it to pre-populate fields on the website and to make it easier for you to use the website when making return visits. If you do not want us to store and use your personal information in this way, you may amend your preferences at any time by logging into your account on Beauityguild.com. We may monitor or record your calls, emails, SMS or other communications but we will do so in accordance with GDPR legislation and other applicable law. Monitoring or recording will always be for business purposes, such as for quality control and training (e.g. where you call our customer services help line), to prevent unauthorised use of our telecommunication systems and website, to ensure effective systems operation, to meet any legal obligation and/or to prevent or detect crime.

In purchasing our products and services you should understand that you are forming a contract with us. If you contact us for a quote or request details on the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our services.

In some situations we may request your consent to market our products and services to you, to share your data or to transfer your data outside the European Economic Area. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our Data Protection Officer.

We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this notice. We are also required to keep certain information in order to comply with our legal and regulatory obligations. The exact time period will depend on your relationship with us and the type of personal information we hold.

The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests for statistical analysis (profiling) and product development and marketing purposes.

Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.

Please contact our data protection officer if you object to the use of, or you have any questions relating to the use of, your data, the retention of your personal data. Any electronic marketing communications we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time. You may also amend your marketing preferences by accessing your personal details by logging into your account on Beautyguild.com or by emailing the Data Protection Officer.

It might sometimes be necessary for us to transfer your personal information outside of the European Economic Area (EEA) to locations that may not provide the same level of protection as the UK. However, we will only transfer your personal information out of the EEA if we have put in place appropriate safeguards and protections as stated under UK law for example by the use of a data-transfer agreement incorporating certain standard model protection clauses.

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:

• The right to be informed about the personal data being processed
• The right of access to your personal data
• The right to object to the processing of your personal data
• The right to restrict the processing of your personal data
• The right to rectification of your personal data
• The right to erasure of your personal data
• The right to data portability (to receive an electronic copy of your personal data)
• Rights relating to automated decision making including profiling

Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.

In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.

You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.

The flow of data within the insurance sector is complex and we ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.

If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact our data protection officer by e-mailing paul.archer@beautyguild.com or by writing to Guild House, 320 Burton Road, Derby, DE23 6AF.

We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our firm and authorised third parties.

To comply with our legal obligations and to ensure data privacy and protection has appropriate focus within our organisation we have a Data Protection Officer who reports to our senior management team. The Data Protection Officer’s contact details are as follows: paul.archer@beautyguild.com.

If you are dissatisfied with any aspect of the way in which we process your personal data please contact paul.archer@beautyguild.com. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office(ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.

If you have any questions regarding this Notice, the use of your data or your Individual Rights please contact our data protection officer at Guild House, 320 Burton Road, Derby, DE23 6AF or by e-mailing paul.archer@beautyguild.com or by telephoning 01332 224830.

We reserve the right to amend or modify this Privacy Policy at any time and any changes will be published on the website. The date of the most recent revision will appear on this page. If we make significant changes to this policy, we may also notify you by other means such as sending an email. Where required by law we will obtain your consent to make these changes. If you do not agree with any changes please do not continue to use the website.