top of page

At Blue Diamond Body and Skin, we are committed to safeguarding your personal information and ensuring compliance with data protection regulations. This policy outlines how we manage, retain, and delete client data to balance privacy and legal requirements.

 

 

Data Retention Period

We retain client records for varying lengths of time based on the type of data and the nature of the client interaction.

 

  • Client Treatment Records: We retain treatment-related records (e.g., health intake forms, service records) as required by local, state, or professional regulations, such as for insurance, tax, or healthcare compliance.

    • For adults: 8+ years from the date of the last record entry

    • For minors: Until the client reaches the age of majority (21 in Arkansas), plus at least three years

 

  • Product and Gift Certificate Purchases: Records related to product sales or gift certificate purchases are retained for 3+ years or until the transaction is complete (e.g., gift certificates used). After this period, the records will be deleted unless required for legal or tax purposes.

 

  • Marketing and Communication Data: Client data related to marketing communications (e.g., email opt-ins) is retained as long as the client has opted in for such communication. If a client unsubscribes or requests data removal, we will delete their contact information within 10 business days.

 

 

Review Process

We perform regular data reviews to ensure that client information is only kept for as long as necessary. Our review schedule is as follows.

 

  • Annual Data Review: We will review all client data records annually to ensure compliance with retention periods and to identify data that can be deleted.

 

  • Ad-hoc Reviews: Data may be reviewed sooner if requested by a client or in response to any changes in legal or business needs.

 

 

Data Deletion

We delete or anonymize data when it is no longer needed, as outlined below.

 

  • Deletion Criteria: Data will be deleted once the retention period has expired or when there is no further legitimate business purpose for holding it.

 

  • How We Delete: When client data is deleted, we ensure it is thoroughly erased from all databases, files, backups, and any other systems in which it may reside.

 

  • Client Requests: Clients can request deletion of their data at any time by contacting us. We will take the appropriate steps to remove their information from our systems, provided there are no legal or operational obligations to retain it.

 

 

Legal and Tax Compliance

Certain records may need to be kept for longer periods due to legal, tax, or regulatory requirements. In these cases, we will retain the necessary records for the mandated period and will securely store them until the retention period expires.

 

 

Data Security

We employ industry-standard security measures to protect all client data during the retention period. This includes secure storage, encryption, and restricted access to authorized personnel only. When records are deleted, we take steps to ensure that the data is securely erased to prevent unauthorized access.

 

 

Changes to This Policy

We may update this Data Retention and Deletion Policy periodically. When this happens, we will publish any material changes on the policy page. Clients are encouraged to review this policy regularly to stay informed about how we manage their data.

​

If you have any questions about this Data Retention and Deletion Policy or wish to request the deletion of your personal information, please contact us.

DATA RETENTION & DELETION

bottom of page