GDPR Policy

The General Data Protection Regulation (GDPR) is an EU measure which became law in May 2018. This regulation means that companies can only take and store your information with your permission and knowledge and they cannot share it with anyone without your prior consent. If a company does this without your permission, they are breaking the law.

Prior to GDPR we followed the Data Protection Act 1998. The Data Protection Act 1998 governs the collection, storage, use and disclosure of personal data, whether held electronically (e.g., in emails, on computer) or in paper/microfiche records. It applies to all staff who create, store, handle or view personal information that relates to any living individual who can be identified from that data or other information held by the Centre. An employer’s first priority is to comply with the law and to inform staff that they can in some cases be held responsible if any personal data are improperly disclosed or collected. 

At Whitstable Beauty School we will:

  • be open about the reasons why there is a need to collect personal data; 
  • ensure that any personal data collected are relevant, adequate and not excessive, accurate and held for no longer than necessary; 
  • ensure that personal data are only used for the purposes needed; 
  • ensure the security of the personal data held; 
  • have measures in place to provide subject access allowing individuals to reassure themselves that everything operates properly to protect the confidentiality and accuracy of personal data



This policy is reviewed regularly and updated as required.

Last reviewed: 13/01/21

At Whitstable Beauty School we believe in transparency so many of our policies are available to download from our website including Complaints Policy, Health and Safety policy, Safeguarding Policy, E&D policy, Appeals Policy, Whitstable Beauty School Code of Conduct and the GDPR policy