0 Shortlist Search
Enter your keyword, course, subject or interest
EC Default Banner

Hairdressing and Beauty Therapy Client Registration

Who is collecting the information?

Edinburgh College is the Data Controller. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: DataProtection@edinburghcollege.ac.uk.

Why are we collecting it, and what are we doing with it (Purpose)?

  • Create and manage your client file, compile a case study and individualised treatment plan. This information helps students learn to assess their clients' needs through discussion and skin analysis, enabling them to provide accurate advice and treatment. This treatment plan also forms part of students’ coursework and will be used to assess their performance.
  • Communicate with you about your appointments.
  • To ensure any treatments are being delivered safely and that there are no contraindications which would prevent or restrict the treatments, as some treatments could exacerbate medical conditions or cause an adverse reaction, and whether we need to ask you to obtain the permission of your GP before undertaking a treatment.
  • We may use your images and anonymised client notes to evidence student work and assessments.
  • Send you marketing information. If you opt to receive marketing communication, we will contact you with details of special offers or events at the salon.

What personal data do we collect?

Personal data

  • Name
  • Address
  • Telephone number
  • Date of birth
  • Name and address of GP
  • Email
  • Photographs

Special Category Data

  • Health data (including mental health)
  • Pregnancy and maternity information

How are we collecting this information? What is the source?

The information is collected from you using the College’s client registration form and medical questionnaire.

The lawful basis for the processing

The lawful basis for processing your information under the UK General Data Protection Regulation (UK GDPR) is:

  • Article 6(1)(b) ‘contract’ as we cannot carry out your treatment without this information.
  • Where we are required to share information with external examining bodies (see section below), the lawful basis is 6(1)(e) ‘public task’
  • We also require the information for our health and safety legislation and insurance responsibilities, so Article 6(1)(c) ‘legal obligation’ also applies.
  • Where we wish to send you marketing communications, Article 6(1)(a) ‘consent’ is the lawful basis. You can withdraw your consent at any time.
  • For the special category data, e.g. health information, the lawful basis for processing is UK GDPR Article 9(2)(g) ‘reasons of substantial public interest’ along with the Data Protection Act

2018, Schedule 1, Part 2, 6. Statutory, etc., and government purposes (Health and Safety legislation), and also 20. Insurance (Public liability/Indemnity insurance).

Who we share the information with

The information you provide will be used by our students and read by external assessors from awarding bodies who verify our students’ work (e.g., the Scottish Qualifications Authority or VTCT). Information may also be shared with our insurance providers and the Health and Safety Executive in the event of an incident.

How long do we hold the personal data?

We will keep your information for three years before securely disposing of it; this is required by awarding bodies who verify our students' work and also for health and safety purposes. The College may need to retain the information for longer in the event of a health and safety incident.

Individuals’ rights in relation to this processing

Under data protection law, individuals have a number of rights in relation to organisations processing personal data. The rights that apply here are:

  • Right to be informed – this privacy notice meets this right
  • Right of access – you have the right to request a copy of the information held about you
  • Right to rectification –you can correct inaccurate or incomplete data
  • Right to erasure–you can request that your data be deleted and no longer held by the organisation
  • Right to data portability –you can request that your data be provided in a machine-readable format (e.g., .csv file) and transferred to you or another organisation
  • Right of restriction –you can request that the processing of your data be restricted while an issue related to another right is addressed
  • Right to object – you have the right to object to how your data is processed

Please note that not all of these rights are absolute and only apply in certain circumstances. To exercise any of your rights or if you would like to know more, please contact the data protection team at DataProtection@edinburghcollege.ac.uk

You can withdraw your consent to receive marketing communications at any time. Please email or telephone:

Granton Campus:- janice.howard@edinburghcollege.ac.uk 0131 297 8050

Milton Road Campus:- morag.marshall@edinburghcollege.ac.uk 0131 344 7348

Complaints to the UK Information Commissioner’s Office (ICO)

If you are concerned about how your personal data is being used by the College, in the first instance, please contact the College Data Protection Officer (DPO) at DataProtection@edinburghcollege.ac.uk. If you are not satisfied with the outcome, then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO guides on the ICO website.

You can email them at casework@ico.org.uk, call them on 0303-123-113, or you can send a letter to them at the following address:

Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF