Privacy, cookies and T&Cs
Outlined in this policy are full, and we hope transparent details of what personal data (information that can be used to identify a person be it name, address, email, IP address or credit card etc) we collect and store about our current customers, past customers and potential customers along with details on how we use that data and who we share it with.
Personal Information (the collection, purpose and legal grounds for processing)
This refers to any information capable of identifying an individual. It does not include anonymised data.
All personal information that we hold on you is treated as highly confidential and every effort is made to ensure it is securely stored and safeguarded under the new terms of the General Data Protection Regulation 2018 that replaces the UK Data Protection Act 1998.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at [email protected]
We will use any information we have on you, whether it has been collected through you having been a customer or signing up to our website or simply viewing our website (subject to the cookies you have consented to us storing on you), to do the following:
To contact you
To notify you of news, events and special offers by email if it is conserved to be of a legitimate interest
To monitor your use of our website with cookies that you will need to enable to access our website – further information on which cookies we use are outlined later, along with how you can disable these should you wish to.
We will never rent, sell or share your name or contact details with any other organisation. We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is also legitimate interests (namely to grow our business).
We need to collect potentially sensitive data about should you wish to book a spa treatment and for this we require your explicit consent for processing. This is done by providing you with an electronic form at the time of booking and on arrival at Spa 15 you will be presented with a hard copy of the form you completed electronically for you to sign.
Where we are required to collect sensitive personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract eg. provide you with the spa treatment you have booked and as a result may have to cancel your booking.
We will only use sensitive data for the sole purpose it was collected, or a reasonably compatible/re-occurring purpose if necessary, for so long as that information remains accurate and up-to-date.
How we collect your personal data
We may receive data from third parties such as analytics providers such as Google based outside the EU, advertising networks such as Facebook based outside the EU, as well as using third parties that provide us with a platform to offer our guests/customers additional services eg. gift voucher sales.
We have and will continue to review security measures that we have in place to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
Your legal rights
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
If you wish to exercise any of the rights set out above, please email us at [email protected]
Whilst the procedures we have in place are designed to protect and secure all personal information we have stored on our database system, we cannot be held liable for any unauthorised access to the data you provide via our website.