WHO WE ARE
Vintage Garden Spa is a day spa based in West Yorkshire. We provide holistic therapy treatments and services, along with spa day packages with hydrotherapy hot tub and afternoon tea.
Our website is: www.vintagegardenspa.co.uk
By registering or booking an appointment on this website, you consent to the collection, use and transfer of your information under the terms of this policy.
PERSONAL DATA WE COLLECT FROM YOU
- In relation to our clients, we will collect your name and contact details, including email address, and any other data you provide to us in relation to the booking of your treatment service – this may include special categories of data: Including basic health information. This allows us to ensure that the service booked is suitable for your needs, complies with any insurance requirements and enables us to follow best and safe practice in the interests of your health and well-being.
- In relation to visitors to www.vintagegardenspa.co.uk (our Website), we may collect your IP address, traffic data, location data, weblogs and other communication data, including your name, address and contact details when you make an enquiry through the Website. We also collect personal data from you if you inform us about a problem with our Website.
- Any personal data you provide to us when completing surveys that we use for research purposes and when you subscribe to our marketing newsletter.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name or surname, username or similar identifier, marital status, title, date of birth and gender.
- Special Category data – We are required to to collect certain information regarding your current/past health status.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products you have purchased from us.
- Technical Data includes internet protocol (IP) address, browsing activity and other technology on the devices you use to access this website.
- Profile Data includes your username and encrypted password, purchases or orders made by you, your interests, preferences, feedback and survey responses. This can also include demographic information, such as your post code and other interests.
- Usage Data includes information about how you use our website and products.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
- We do NOT collect any information regarding your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership. Nor do we collect any information about criminal convictions and offences.
- We do not collect data about children, in the event a child ( under 18 years old) should enter information via our website then this data will be deleted and destroyed at the earliest opportunity.
How we collect data from you:
We may collect data from and about you through the following methods:
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Book an appointment for a service or treatment with us;
- Purchase any of our products such as gift vouchers;
- Create an account on our website;
- Subscribe to our newsletter or publications;
- Request marketing to be sent to you;
- Enter a competition, promotion or survey; or
- Give us some feedback.
AUTOMATED TECHNOLOGIES OR INTERACTIONS.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal or regulatory obligation; or
- Where you consent.
Where you give your consent to any of our processing, you have the right to withdraw consent at any time by contacting us at firstname.lastname@example.org
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties only in the following circumstances:
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, in the event of an insurance claim or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety the Company, our customers, or others.
- Right of access – You have a right to access the personal information we hold about you and be told why we use it.
- Right of rectification – You can ask us to correct or update your information to ensure it is accurate and complete.
- Right to erasure and right to restrict processing – You can ask us to stop processing and to delete your data in certain circumstances (for example where it is processed with your consent, or it is no longer necessary for us to process it).
- Right to data portability – You have a right to ask us to provide you with information in a form that suits you, and/or to provide your information to a third party.
- Right to object – You have a right to object to our processing of your information.
- Profiling and automated decisions – You have a right not to be subject to automated decisions which have a legal effect and to be protected by safeguards in respect of any profiling.
- Right to object to direct marketing – Where you have consented to receive direct marketing, you can change your mind at any time by contacting us or following the directions in each message. Please allow a few days for us to action your request.
- You do not have to provide any of your personal information, however for the purpose of us being able to fulfil our contract with you, please be aware that no treatments or services can go ahead at Vintage Garden Spa if you choose not to share this information with us. You must fulfil your side of the contract (share your personal information) in order for us to fulfil ours (carry out treatment/service).
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
THIRD PARTIES OR PUBLICLY AVAILABLE SOURCES.
We may receive/share personal data about you from various third parties with whom we may partner with.
This information may include: Contact, Financial and Transaction Data from providers of technical and payment services based inside or outside the EEA.
We may use 3rd parties to allow online bookings to be made, for your ease of us and to provide a seamless and enhanced customer service. All third party partners have been selected on the basis they are compliant with current legislation and have systems in place to safeguard your data. They do not sell, distribute or lease your personal information. We would advise you to make yourself aware of each of our third party providers privacy policies before entering your personal data on our website and Vintage Garden Spa can not be held responsible for any data breaches relating to these services.
The third party suppliers we currently use are:
Stripe – for payment processing.
Acuity – for our online booking system.
Mailchimp – for our marketing newsletters and email campaigns.
Google – for our email accounts and website analytics.
Bloom (contact form) To allow visitors to email us via our website.
Please ask us if you would like to see a copy of these agreements. Any payment transactions will be encrypted. Vintage Garden Spa does not have access to your financial details and we do not see any of your bank account information.
WHERE WE STORE YOUR PERSONAL DATA
Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access to it. Our website is protected by an SSL security certificate from Commodo. You can check this by clicking the address bar on Google chrome where you will see details of our security certificate and the padlock on the left side of the website. Our payment processor and online booking also have their own additional security certificates for enhanced layered security.
Any paper documents (consultation forms) are stored in locked filing cabinet at Vintage Garden Spa and only Vintage Garden Spa employees/owner has access to this. Our computers are password protected, along with our internet connection.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to the Website; any transmission is at your own risk.
We will retain your personal data for no longer than is necessary for the purposes for which they are processed.
For insurance purposes anyone receiving treatment from Vintage garden Spa will have their personal data (name, address, contact information, date of birth, health status and consent) stored for 7 years in line with current insurance policy requirements.
Our website may include links to third-party websites, plug-ins and applications. We currently link to Facebook, Google, Instagram, and YouTube. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Vintage Garden Spa does not sell, distribute or lease your personal information to third parties.
CONTACT AND COMPLAINTS
If we are unable to resolve your complaint, you may contact the Information Commissioner’s Office at the Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire.