Policy effective date 23rd May 2018

WHO WE ARE
Our contact details
Name: Vintage Garden Spa
Website address: www.vintagegardenspa.co.uk
Address: 152 Towngate, Ossett, West Yorkshire, WF5 0PN
Phone Number: 07889882103
The name of the person for data protection matters (The Data Controller and Data Processor): Sam Telford
Contact telephone number : 07889882103
Address: 152 Townagte, Ossett, WF5 0PN

For the purpose of this document the following terms apply:

  • ‘YOU’ refers to you, our clients and anyone who uses our services or visits our website and ‘US’ WE’ ‘OUR’ refers to Vintage Garden Spa.
  • ‘3rd party’ refers to any other company or business we partner with to help us run our day to day business activities to provide you with the best service we can. 
  • ‘Personal Data’ means any information that relates to a living, identifiable person and can include; names, contact details and any other other information that can be used together to identify a person. 
  • ‘Special category data’ means personal data about a person’s race, ethnicity, origin, political & religious views, trade union membership, genetics, biometrics, health or sexual orientation. 
  • ‘processing’ involves all and any activities that use personal data in some way. This is from the initial collection of it, to the storage of it and how it is used in-between, until it is destroyed. 
  • A ’Data subject’ is the persons who’s personal data is being processed. 
  • GDPR – General Data Protection Regulations (2018) The GDPR is a privacy law that set rules about about how personal data should be processed in the EU and provides rights to individuals regarding the use of their personal data. 

This privacy policy lets you know about any personal data we collect from you, or that you provide to us and how it will be treated by us. Please read the following information carefully to understand what we collect, how we collect it, what we collect it for and how we use and protect it.
Your information is very important to us and we take our role to look after the data you give us seriously. 

Vintage Garden Spa complies with the principles of GDPR in the following way:

  • We believe user privacy and data protection are human rights
  • We recognise we have a duty of care to protect your data and your privacy.
  • We will only collect and process personal data when it is absolutely necessary to run our business efficiently and effectively. When we do we will be open and transparent about our reasons for doing so.
  • We will not contact you unless you have requested us to: either through our contact form or via our booking form.
  • We will not send you regular email newsletter updates unless you have subscribed to them. We are against spam and find it as annoying as you do ! You will always have the chance to unsubscribe. 
  • We will never sell, lease or distribute your personal information and will only share it if you give us permission to do so. 

PERSONAL DATA WE COLLECT FROM YOU 
We collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Personal Data : Includes name, address, contact details 
  • Special Category data – We are obliged by our insurance company and as part of safe practice for our business to collect certain information regarding your current/past health status.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products you have purchased from us.
  • Technical Data includes internet protocol (IP) address, browsing activity and other technology on the devices you use to access this website.
  • Profile Data includes your username and encrypted password when you register an account with us. Purchases or orders made by you, your interests, preferences, feedback and survey responses. This can also include demographic information, such as your post code and other interests.
  • Usage Data includes information about how you use our website and products.
  • Marketing and Communications Data includes your preferences in receiving marketing from us.
  • We do not collect personal data about children on our website, in the event a child ( under 18 years old) should enter information via our website then this data will be deleted and destroyed at the earliest opportunity. If you become aware that a child under 18 has entered their details on our website then please inform us immediately so that we can take the appropriate action to delete the information. 

How do we collect data from you 
We collect data from and about you through the following methods:

DIRECT INTERACTIONS
You may give us your name, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • Book an appointment for a service or treatment with us;
  • Purchase any of our products such as gift vouchers;
  • Create an account on our website;
  • Subscribe to our newsletter or publications;
  • Request marketing to be sent to you;
  • Enter a competition, promotion or survey; or
  • Give us some feedback.
  • When you contact us with a query via our contact form or through one of our social channels.

AUTOMATED TECHNOLOGIES OR INTERACTIONS.

Cookies
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive to help enhance your experience on our website and to help deliver more personalised experiences for you. 

We use “cookies” to collect information. You can choose not to accept these cookies when visiting our website. You may prefer to ask us to block these instead, by indicating your preference in our pop up consent box when you first visit our website. However please be aware that your experience of our site and may be affected should you choose to block these. 

For more information about what cookies we use please see our cookie policy https://www.vintagegardenspa.co.uk/cookie-policy/

HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. 

Under the General Data Protection Regulation (GDPR), the lawful bases are as follows:

(a) Your consent. You are able to remove your consent at any time. 

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We need it to perform a public task.

(f) We have a legitimate interest.

The lawful bases we rely on for our data processing activities are:

  • CONTRACTUAL OBLIGATION – Where we need to perform the contract we are about to enter into or have entered into with you to provide you with our services.
  • LEGITIMATE INTERESTS – Where it is necessary for our legitimate interests in the course of running our day to day business activities and your interests and fundamental rights do not override those interests.
  • LEGAL OBLIGATION – Where we need to comply with a legal or regulatory obligation such as our insurers. 
  • CONSENT – Where you consent to receive information from us such as our newsletter or to enable us to respond to your enquiry. 

Where you give your consent to any of our processing, you have the right to withdraw consent at any time by contacting us.

How we store your information 
Your information is securely stored on our database at  www.vintagegardenspa.co.uk using SSL (Secure Sockets Layer). This is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private.

All our data systems are password protected and encrypted.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to the Website; any transmission is at your own risk.

We will retain your personal data for no longer than is necessary for the purposes for which they are processed.

We keep your information as follows. 

  • All the information you enter when you book an appointment with us (name, address, contact telephone number, email and a limited amount of information about your health status – We keep this information for a period of 7 years ( As required to fulfil our legal obligations with our professional indemnity insurers). 

       If you cancel or do not attend your appointment then all of your information is immediately destroyed. 

  • Contact details you enter when you are contacting us regarding a query about our business or services – We will only keep this information until we have dealt with your request and you are satisfied that no further correspondence is needed with us.  After this your email and contact details will be permanently deleted from our systems and that of our 3rd party providers.
  • Contact details when you sign up for our newsletter – we will keep and store this information until you ask us to remove it and unsubscribe you from our newsletter service ( this can be done by contacting us or clicking the unsubscribe button on our newsletter). 
  • Contact details when you purchase one of our gift vouchers – We will keep your information until the voucher has been used or has expired at which point it will then be permanently deleted from our files.

DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties only in the following circumstances:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, in the event of an insurance claim or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety the Company, our customers, or others.

YOUR RIGHTS

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information. 
  • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances. 
  • Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at 152 Towngate, Ossett, WF5 0PN or call us on 07889882103 if you wish to make a request.

YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

3rd Party Service Providers
We partner with a select number of third party companies to facilitate our Service, to provide the Service on our behalf, or to assist us in analysing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Some of these providers are based outside the EU and may transfer some or all of your data out of the EU to enable them to carry out the functions of their business. We choose 3rd party providers on the basis that they are also GDPR compliant and have certified their compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks.

Vintage Garden Spa is not responsible in any way  as to how our 3rd party partners use your information and we would strongly encourage you to read the privacy policies of our 3rd party partners as listed below.

We will always be open and honest about the companies we partner with and you will find our current partners and where they are based listed below. 

We also explain why we use them and have provided links to their privacy policies. (Please see our ‘Third Party links’ section of this policy before you make a decision to visit these websites. 

  • Acuityscheduling.com (Based in USA) To enable our online booking system and allow us to fulfil our contract with you, contact you regarding the service you have booked, to make sure we are able to provide the appropriate service for you and meet our professional insurance obligations. Privacy Policy 
  • Square.com (Based in the USA) To process payments on our online booking system. Privacy policy
  • Mailchimp.com ( Based in the USA) to enable us to send you our newsletter when you give consent. Privacy policy
  • Forminator.com ( Based in the USA) ( Based in the USA) to allow you to contact us through our contact form and give us your explicit consent to reply to your query. Privacy Policy 
  • Facebook (Based in the USA) The book now button on our facebook page allows you to access our online appointment calendar to schedule and manage your appointments for your ease of use. Data policy 
  • Namecheap (Based in the USA) provide us with our website hosting service to allow our website to function. Privacy policy
  • WordPress ( Based in the USA) The platform our website is built on. Privacy Policy 
  • Google ( Based in the USA) Allows us to use their fonts to present our website to you in a clear, legible & concise manner.       Privacy Policy

 

THIRD-PARTY LINKS
Our website may include links to third-party websites, plug-ins and applications. 

Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Vintage Garden Spa will never sell, distribute or lease your personal information to third parties.

CHANGES TO OUR PRIVACY POLICY
This policy may be reviewed and amended from time to time. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

How to complain
If you wish to exercise any of your rights detailed above, would like to make a complaint or have any questions regarding this privacy policy, please email us through our website contact form or write to us at Vintage Garden Spa, 152 Towngate, Ossett, West Yorkshire, WF5 0PN.

You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:            

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113

Policy updated 19.01.2020