Information that we collect from you
When you visit, register or access services on the Website you may be asked to provide certain information about yourself including your name and contact details. We may also collect information about your usage of our Website as well as information about you from messages you post to the website and e-mails or letters you send to us.
Use of your information
Your information will enable us to provide you with access to all parts of our Website and to supply the services you require. We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
In particular, we may use your information to contact you for your views on our treatments and to notify you occasionally about important changes or developments to the Website or our treatments. Further, where you have consented, we might also use your information to let you know about other products and treatments which we offer which may be of interest to you and we may contact you by post, as well as by e-mail. If you change your mind about being contacted in the future, please let us know. Every email newsletter we send includes a link to unsubscribe.
Disclosure of your information.
The information you provide to us will be held on our computers and may be accessed by or given to our staff for the purposes set out in this policy or for other purposes approved by you. Those parties process information and provide support services on our behalf. We may also pass aggregate information on the usage of our site to third parties but this will not include information that can be used to identify you.
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
Cookies are small amounts of information which we store on your computer. Unless you have indicated your objection when disclosing your details to us, our system will issue cookies to your computer when you log on to the site. They also allow us to monitor website traffic and to personalise the content of the site for you. You may set up the browser on your computer to reject cookies although, in that case, you may not be able to use certain features on our Website. For further details please review our separate Cookies Policy
Security and Data Retention
As required by the Data Protection Act 1998, we follow strict security procedures in the storage and disclosure of information which you have given to us to prevent unauthorised access.
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We will retain your information for a reasonable period or as long as the law requires. We do not keep your personal information any longer than is necessary.
We will take all reasonable steps to protect your personal information but cannot guarantee the security of any data you provide online. By using our Website and not advising us to the contrary, you agree to our using data in the way set out above and to accept the inherent security risks of providing information online without holding us responsible for any breach of security unless due to our negligence or willful default. Should we find out that your data has become compromised we will notify you of this within 72 hours of finding out.
We reserve the right to appoint an Internet Service Provider to host our website on our behalf which may be situated outside the European Economic Area. By agreeing to our terms and conditions of use of our website you consent to any transfer of your personal information outside the European Economic Area. You should be aware that countries outside the European Union may have a lower standard of protection for personal information than that required by the Data Protection Act 1998.
Accessing and Updating
You are entitled to see the information held about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date. If you wish to do this, please contact us. You have the right change your personal data or opt out of our marketing at any point by notifying us in writing. You can request a Subject Access Request (SAR) at anytime. If submitted, we must provide all the information we hold free of charge within 30 days.. You may notify us of any amendments and corrections to previously collected information by e-mailing email@example.com.
What data do we collect:
· Your Name
· Your Telephone Number
· Your Email Address
· Your Address
· Your Date of Birth
· How you heard about us
· Medical information
· Bank account information for Direct Debit instructions
Why we are collecting your data:
· We need to make sure we are looking after you and that it is safe to perform treatments on you.
· We need the information to contact you about your booking.
· We use the information to tell you about certain services and promotions.
· To collect money from you via direct debit. Only if you have signed up to one of our memberships.
How we got access to it:
Either via our website or you came in to the spa and gave the data directly to us. The majority of the data we use is provided on site when you come in for a spa day or treatment.
Where it is stored:
On our Premier Core CRM System (They are also fully compliant with GDPR) if you wish we can give you their contact details. Just email us on firstname.lastname@example.org and we can freely share this information with you.
We also hold some data on "Nobby” our carrier pigeon email marketing suit. This was developed by Hattrick Media who again are fully GDPR compliant. We only store your Name, Email Address and Date of Birth on Nobby. If you require any further information on Hattrick Media please ask us and we will only be too happy to provide you with this information.
We also hold information on site in a secure filling cabinet.
How it is used:
· We need to make sure we are looking after you and that it is safe to perform treatments on you. As a result we need to know about certain medical information.
· We might need to contact you about your booking.
· We will send you information on promotions, new services, updates on how we operate, offers and special events in the spa.
· We would like to wish you a happy birthday.
Who has access to it:
· Just us, Premier Software and Hattrick Media.
· You can have access specifically to your data.
How long we will hold it for:
In house we will hold your information for 1 year. Each year we will ask you to fill in a new form. We might need to do this sooner depending on your circumstances.
On our Premier Core CRM system, we will keep your information indefinitely unless you tell us that you no longer wish to be a customer of ours in which case we will delete your information in its entirety from our system.
With regards to our email marketing system we will keep your information indefinitely unless you tell us otherwise or you unsubscribe. In which case we might keep your data but you will be added to our unsubscribe list and we will not bother you again. If you would like us to we will be happy to delete your data completely from "Nobby”. If you would like us to delete your data completely from "Nobby” you will need to inform us in writing by emailing email@example.com.
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to The Grange Spa, Millthorpe Road, Pointon, Lincolnshire, NG34 0NF.