Issue Date: 8th January 2019
Version Number: 1.00
Applicable Law(s): GDPR
Registration No: 61910
For simplicity we refer to the Data Protection (Jersey) Law 2018 as “Jersey-GDPR” and the European version of the GDPR (Regulation (EU) 2016/79 of the European Parliament and of the Council of 27 April 2016) as “EU-GDPR”.
Elizabeth Butler Aesthetics (EBA) regard your privacy with utmost importance – legally and professionally.
EBA may collect information about you via our website, www.eba.je, directly or indirectly by email, phone, social media or other means.
The information we collect about you, if you agree to provide it, will allow us to contact you and send information to you about products and/or services where you have registered an interest.
In providing us with your information you thereby consent to us processing it for this purpose.
We will not pass your information on to any third party without your express permission, except as defined herein for the provision of services that you have requested, other than provision of products on a named basis, the authorities and the police in the event of any investigation.
Email addresses and phone numbers are not shared with any other user of the site unless you have explicitly chosen to do so.
For the purposes of the Data Protection (Jersey) Law 2018 (“JERSEY-GDPR”); the data controller is Elizabeth Butler.
EBA may use third-party processors to deliver specific services that are requested by you from EBA (see Processors below).
– Information that we may collect from you
We may collect and/or process the following data about you:
Information you provide to us – by filling in forms on our website or by entering into a contract with us, or by correspondence with us by email, letter, phone or other methods, which includes data provided by you by registering to use our website, or by subscribing for newsletters or other information services, or by placing a request for products or services, and when reporting a problem with our site, or otherwise contacting us.
– Personal Data, the information you give us may include; your name, address, email address, IP address, phone number, together with financial and credit card (ie information gathered on paper receipt) information. All of which is Personal Data and subject to the JERSEY-GDPR.
Data protection – all Personal Data we hold is protected by us in accordance with the Principles of the JERSEY-GDPR.
– Data security – We endeavour to take all reasonable steps to protect your data. All the data collected by us is stored on a secure platform in a secure hosting facility and we take all reasonable steps to ensure all access is pre- authorised and recorded.
The information we hold about you is used as follows:
Information that you provide to us – this information is used to meet our obligations within any contracts between you and us, and/or our legal obligations, and/or;
◦ to meet your requests for information, and/or products and services, or
◦ to notify you of changes to our products or services, or make suggestions/
recommendations that may interest you, or
◦ to improve content of our site and ensure it is presented effectively for you and your device, or
◦ deal with investigations by the police or other regulatory bodies.
Information that we collect about you – we use this information:
◦ to manage our website as well as for our efficient operations, which includes analysis, research, statistical and survey uses, together with testing and troubleshooting;
◦ to improve our website and content for users and their devices;
◦ to allow you to interact with our website and take advantage of our online
services, whenever you may elect to do so;
◦ to ensure our site is safe and secure by monitoring activities within the context of continual process improvement, which is a best practice requirement of the JERSEY-GDPR;
◦ to monitor advertising and marketing effectiveness for users, and/or to fine- tune advertising by relevance to users;
◦ to enable targeted suggestions/recommendations to users about products and services that may be of interest.
Information we receive from other sources – we may use third-party information, which may be combined with information you provided to us and/or information collected by us, which may be used for the purposes we have defined above.
Under the JERSEY-GDPR all individuals, who are the owners of their Personal Data, have specific and clear rights, which are;
JERSEY-GDPR: Individual Rights Description
-Right to Erasure
Every individual has the right to be forgotten upon request. The data controller must remove your Personal Data from its systems and request the same of any third-party systems of that controller.
-Right to Access
Every individual has the right to access their Personal Data held about them upon request.
-Right to Portability
Every individual has the right to request their Personal Data and use it for other parties they wish to engage with.
-Right to be Informed
Every individual has the right to be informed about how their Personal Data is being used, which may be provided upon request of the individual, or before the controller changes any use of that data, giving the individual the right to consent or object.
-Right to Objection
Every individual has the right to object to the use of their Personal Data for any purpose proposed by a controller.
-Right to Rectification
Every individual has the right to have errors in their Personal Data to be corrected.
-Right to Restrict
Every individual has the right to restrict the uses of their Personal Data for any specific type of processing.
-Rights on automated decisions & profiling
Every individual has the right to restrict or object to automated decision-making processes or profiling based on their Personal Data.
-Revoke your consent – in accordance with the JERSEY-GDPR, to revoke consent for processing of your Personal Data send an email with the word “Revoke” in the subject field to the email address at the end of this document.
Data Subject Access Request (DSAR) – in accordance with the JERSEY-GDPR,
– you may request us to send you details about any Personal Data that we may hold about you, or
– you may request that we correct any errors, or you may request us to delete any/all Personal Data about you. However as a medical practice, we are obliged to keep records or your treatments with us for 7 years. After that time they will be securely disposed of.
DSAR Fee – In accordance with the JERSEY-GDPR, any DSAR is provided free of charge within 30 days, unless a particular DSAR is subject to other regulatory requirements as defined within the JERSEY-GDPR, in which case we will inform you as required by those specific regulations.
We may pass your data to other parties as follows:
1. Where relevant, we may pass your data to our suppliers and agents to administer the services provided to you by us or them; now or in the future.
2. We may disclose your data to the police, regulatory bodies or legal advisers in connection with any alleged criminal offence or otherwise where required by law.
We may use third-parties to process your data and deliver services you requested. Some of these processors have limited access to Personal Data as appropriate to perform the required service.
Please be aware that the EBA site may offer a link to other web sites that may be accessed by you through our site. We are not responsible for their data policies, content or security of these linked web sites. We do not have any control over the use to which third parties may put your data where you choose to purchase products or services or otherwise to contact them via our site.
User data is retained indefinitely to meet the legal obligations of EBA. However, we reserve the right to delete inactive user data older than 7 years.
E&OE: If you notice any errors (spelling, grammar or other) in this policy document please feel free to notify us via our contact details below.
For any questions relating to your Personal Data, or to submit a DSAR, please contact us:
Elizabeth Butler Aesthetics
Jersey Dental Care
La Rue des Fosses