PRIVACY POLICY
We would like to thank you for visiting www.buffdayspa.co.uk (the "Website").
PRIVACY ASSURANCE
We are firmly committed to protecting your privacy and we will not collect any personal information about you as a visitor unless you provide it voluntarily. This privacy policy (the "Policy") is designed to tell you about our practices regarding collection, use, disclosure and transfer of personal information that (i) you may provide, or (ii) Buff Urban Day Spa Ltd and its affiliates from time to time ("we" or "us") may collect, via this Website or at our properties.
Please read this Privacy Policy before using or submitting your information to us.
1 WHAT IS PERSONAL INFORMATION?
1.1 This section of the Privacy Policy explains what "personal information" is.
1.2 Personal information is any information that can be used to identify you, such as your name, birth date, address, email address and telephone number ("Personal Information").
1.3 Other categories of Personal Information may include:
Contact details including email and telephone number, gender, name of guests attending with guests receiving a treatment, medical conditions, payment details, address, bank address and details, next of kin
2 INFORMATION COLLECTED
2.1 This section of the Privacy Policy explains how we collect your Personal Information.
2.2 Active information collection: We actively collect information from our guests. Examples where we actively collect your information include when you communicate directly with us via email, by filling in online forms on our Website (or via third party websites). You may also provide us with Personal Information before a treatment.
2.3 Other examples of where we actively collect your information include: (i) when you register your interest in booking a treatment or other experience with us; and (ii) for sales enquiries and transactions.
2.4 Passive information collection: In some circumstances we may process information on the basis of (i) your related interactions with us (for example, the web page from which you navigated to the Website), or (ii) Personal Information that we have received or obtained from a third party (for example, publicly available information sources). In these circumstances, your Personal Information may be said to have been passively collected (that is, gathered without you actively providing the information).
2.5 An example of where your Personal Information may be passively collected is when you use the Website. Each time you use the Website, we will automatically collect the following information:
• details of your use of the Website including your user name, city, country, page views, searches, downloads (file names)
• technical information, including your device model, operating system of the machine running your web browser, type and version of your web browser, IP address, date and time when you accessed the Website
• web page download information
• general Website usage information
2.6 Like many Spas, we value your safety and security. We may therefore record or capture images of our visitors and guests in public areas and certain location-based data (e.g. entry passes). We may also process your Personal Information by using CCTV principally for the purposes of protecting you, our visitors, other guests and our staff.
3 PURPOSES AND USE OF INFORMATION
3.1 This section of the Privacy Policy explains why we process, collect and use your Personal Information.
3.2 We may collect, process and otherwise use your Personal Information for purposes that are required by applicable law, regulation or other contracts or to allow us to fulfil our business needs and legal obligations. These purposes include:
• to administer, improve and develop the Website
• for administration and completion of bookings, and consultations
• to manage our relationship with you and (if relevant) the organisation that you represent, including providing information regarding our products and services
• to administer membership, rewards programmes, promotional offers and related offers
• to personalise your user experience (e.g. by tailoring the content delivered to you on our Website)
• for legal disputes, regulatory investigations and compliance purposes
3.3 We may rely on third party service providers to help deliver our products and services to you, including when you visit our Website. Sometimes we partner with other businesses to provide you with services, products and other offers (for example, package offers). We may need to share your Personal Information with our business partners in order to provide you with those services.
4 COOKIES
4.1 The Website creates "cookies" when you visit it.
4.2 A cookie is a small piece of data that a website can send to your browser for storage (i.e. so it can later be read back from that browser). The purpose of cookies includes providing more tailored communications from websites.
4.3 Cookies may collect information (including Personal Information), such as user preferences, general usage information, membership information and unique identifiers. Cookies may in some circumstances also remain on your device after you leave the Website.
4.4 Your browser will return the cookie information only to the domain from where the cookie originated, i.e., the Website, and no other website can request this information. When you return to the Website, the cookie is sent back to the web server, along with your new request.
4.5 Your browser may provide settings where you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or reject the cookie altogether.
4.6 The Website uses cookies to keep track of your booking cart. We also use cookies to deliver content specific to your interests.
5 DISCLOSURE OF INFORMATION
5.1 In some circumstances, we may need to process or disclose your Personal Information in connection with the purposes listed in this Privacy Policy (including those set out in section 3), or as otherwise permitted by law.
5.2 We may disclose your Personal Information:
(a) to our affiliates in the O’Brien Investments Ltd group;
(b) to our agents, consultants and subcontractors who assist us in running our business, including our properties, reservation systems, booking systems and who are subject to appropriate security and confidentiality obligations;
(c) if the whole or a substantial part of our business is to be sold or integrated with another business, to our advisers and any prospective purchasers (and their advisers); and
(d) where we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request.
5.3 Some of these disclosures may involve transfers of your Personal Information to a country outside of the European Union or the wider European Economic Area (EEA) ("International Transfers"). The EEA is comprised of the member states of the European Union, and Norway, Iceland and Liechtenstein.
5.4 In some cases, International Transfers may be made to countries which do not have similar data protection laws to those of the European Union. In those circumstances, we will only disclose your Personal Information:
• where the recipient of the Personal Information is located within a country which has been assessed by the European Commission as ensuring an adequate level of protection for personal information
• with your explicit consent
• on the basis of an agreement, designed to protect your information, in the appropriate form approved for this purpose by the European Commission (or an equivalent body)
• where we remain in control of the information; or
• where otherwise permitted under applicable law
5.5 We will make sure that adequate safeguards are in place to protect your Personal Information where disclosure of your information requires an International Transfer.
6 LINKS TO OTHER WEBSITES
6.1 This Privacy Policy applies to the Website and Personal Information that we collect when you visit our properties. Our Website has a number of links or references to other websites, other agencies, local and international organisations .
6.2 It is important for you to note that upon linking to or visiting another website, you are no longer on our Website, and you become subject to the privacy policy (if any) of the new website. We do not control such websites and are not responsible for their data practices. This Privacy Policy does not apply to such third party websites.
7 SECURITY
7.1 We will take appropriate measures to keep your information confidential and secure in accordance with our internal procedures covering the storage, access and disclosure of information.
7.2 Please note that messages you send to us by e-mail or via any internet connection may not be secure. If you choose to send any confidential information or Personal Information to us by such means you do so at your own risk with the knowledge that a third party may intercept this information. We are not responsible for the security or integrity of such information. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8 INFORMATION ABOUT RELATED PERSONS
If you provide us with Personal Information about members of your family, friends, dependents, or other third parties (e.g. for the purposes of making a booking), it is your responsibility to inform them of their rights in connection with this Privacy Policy with respect to such information. You may, for example, provide such individuals with a copy of this Privacy Policy for these purposes.
The collection of personal data relating to persons under the age of 16 years is not within our interests. Should it come to our attention that such data has been passed to us without the approval of the parents or legal guardian, this data will be deleted immediately.
Thereby we are reliant on the parents or legal guardians providing us with the appropriate information.’
9 RETENTION OF INFORMATION
We intend to keep your Personal Information accurate and up-to-date. We will retain your data for no longer than required. From time to time we may delete or anonymise your personal information if you have not stayed with us for a certain period of time.
10 YOUR RIGHTS
10.1 If any of the Personal Information that you have provided to us changes, please contact us and let us know the correct details.
10.2 Under applicable law, you have the right to:
• request a copy of the personal information about you that we hold
• request correction or deletion of Personal Information about you that is inaccurate
• withdraw any applicable consent for processing and transfer
• object to our using your personal information for marketing purposes
• object to profiling and automated decision making
In some circumstances, you may also have a "data portability" right to require us to transfer your personal data to you or to a new service provider.
10.3 We will ask your consent if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes.
10.4 To exercise any of these rights at any time, please contact us.
11 COMPLAINTS
You can also raise complaints or concerns about our use or other processing of your Personal Information with the body regulating data protection in your country.
12 Changes to this Privacy Policy
12.1 If there are any changes to this Privacy Policy, we will replace this page with an updated version. The new terms may be displayed on-screen and you may be required to acknowledge that you have read them before you continue to use the Website.
12.2 It is therefore important that you check the "Privacy Policy" page when you access our Website so as to be aware of any changes which may occur from time to time.
13 CONTACT US
13.1 If you have any questions about this Privacy Policy or our data protection practices, please contact us at:
(a) email: info@buffdayspa.co.uk
(b) address: 22-24 Station Road, Taunton, Somerset TA11NL
(c) telephone: 01823 257445