top of page
Privacy Policy

Purpose

Aurum Beauty is committed to protecting the privacy and confidentiality of all clients, staff, and partners. This policy explains how we collect, use, store, and share personal information in accordance with the Data Protection (Jersey) Law 2018 and best practice under the Jersey Office of the Information Commissioner (JOIC).

Scope

This policy applies to:

  • All personal data processed by Aurum Beauty, including information relating to clients, staff, contractors, and business partners.

  • All services provided in clients’ homes, care settings, and community locations.

  • All staff and contractors who represent Aurum Beauty.

Who We Are

Aurum Beauty is part of the Aurum Group, providing mobile beauty, hair, and wellbeing services across Jersey to individuals who may be less mobile or unable to attend external appointments.

Data Controller:
Aurum Beauty

First Floor Office

No8 Hill Street

St Helier

JE2 4UA

Email: info@aurumbeauty.je]
Phone: 07797799880

The company is registered with the Jersey Office of the Information Commissioner (JOIC) for data protection purposes.

Personal Data We Collect

Depending on your relationship with us, we may collect and process the following types of personal data:

Clients

  • Basic details: name, address, phone number, email.

  • Appointment details: date, time, service type, preferences.

  • Health and wellbeing information relevant to treatments (e.g., allergies, medical conditions, skin or nail conditions, medication that may affect treatment).

  • Payment information (for invoicing or card payments).

  • Feedback, testimonials, or complaints.

  • Photos (only with written consent, e.g., for treatment records or marketing).

Staff and Contractors

  • Employment and vetting information (e.g., DBS checks, right to work, references).

  • Training records, health and safety records, and contact details.

  • Payroll and HR data.

How We Collect Your Data

We collect personal information through:

  • Direct communication (phone, email, text, in person).

  • Client registration and consent forms.

  • Appointment bookings and payment systems.

  • Job applications and employment processes.

  • Professional referrals (with your consent or lawful basis).

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Consent – where you agree to us using your information for a specific purpose (e.g., marketing, photographs).

  • Contract – to provide agreed services or employment.

  • Legal obligation – to meet requirements under Jersey law (e.g., safeguarding, tax, employment).

  • Vital interests – where necessary to protect someone’s life or health.

  • Legitimate interests – for business operations, such as scheduling, quality monitoring, and training, where this does not override your rights.

How We Use Your Information

We use personal data to:

  • Deliver and manage appointments safely and effectively.

  • Identify and manage allergies, medical conditions, or treatment contraindications.

  • Process payments and maintain accurate records.

  • Manage staff and contractor compliance.

  • Communicate updates, appointment reminders, and feedback requests.

  • Fulfil legal and safeguarding obligations.

  • Improve the quality and safety of our services.

Information Sharing

We only share information when necessary and lawful, for example:

  • With health professionals or care providers involved in your wellbeing (with your consent where possible).

  • With law enforcement or safeguarding agencies if there is a risk of serious harm or crime.

  • With regulatory or inspection bodies (e.g., Jersey Care Commission or JOIC).

  • With our insurers or legal representatives where required.

We do not sell or share personal data for marketing purposes.

Data Security

We apply robust security controls to protect personal data:

  • Encrypted devices and password protection on all company systems.

  • Secure cloud storage and encrypted backup.

  • Confidential waste destruction for paper records.

  • Restricted access to sensitive information (staff only on a need-to-know basis).

  • Lone-working devices and call logs maintained for safety and accountability.

Data Retention

We retain personal information only as long as necessary:

  • Client records: 7 years after the last treatment (or longer if required for insurance).

  • Financial records: 10 years.

  • Employee/contractor records: 7 years after employment ends.

  • Safeguarding records: minimum 7 years from case closure or longer if required by law.

After this period, information is securely destroyed or anonymised.

Your Rights

Under the Data Protection (Jersey) Law 2018, you have the right to:

  • Access a copy of your personal data (“Subject Access Request”).

  • Request correction of inaccurate data.

  • Request deletion (“right to be forgotten”), subject to legal obligations.

  • Object to or restrict certain processing.

  • Withdraw consent at any time (where consent is the basis for processing).

To exercise these rights, contact:
Data Protection Lead
Email: info@aurumbeauty.je

We will respond within one calendar month.

Marketing

We may occasionally send updates about new services or offers.
You will only receive marketing communications if you have given explicit consent, which can be withdrawn at any time by emailing unsubscribe@aurumbeauty.je or using the opt-out link in our messages.

Website and Social Media

Our website and social media pages may collect limited analytics data (e.g., number of visits, browser type) for performance monitoring.
If we post client images or testimonials, written consent will always be obtained first.
Cookies are used only to improve functionality and user experience – no personal profiling is undertaken.

Data Breaches

In the event of a data breach involving personal information:

  • The Data Protection Lead will assess the risk and take immediate containment measures.

  • Serious breaches will be reported to the Jersey Office of the Information Commissioner (JOIC) within 72 hours where required.

  • Affected individuals will be notified if there is a high risk to their rights and freedoms.

Complaints

If you have a concern about how your data is handled:

  1. Contact the Data Protection Lead at Aurum Beauty first.

  2. If unresolved, you can contact the Jersey Office of the Information Commissioner (JOIC):

Policy Review

This policy will be reviewed annually or earlier if there are changes in law, guidance, or business practice.
All staff will be trained on this policy during induction and refresher training.

bottom of page