Knowle Grange Health SpaKnowle Grange Health Spa
Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: November 2024

1. Introduction

Knowle Grange Health Spa (“we”, “us”, or “our”) is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you visit our spa or use our website.

2. Information We Collect

2.1 Information You Provide

We may collect the following information when you make a booking or enquiry:

  • Name and contact details (email address, phone number, postal address)
  • Date of birth (where required for treatment eligibility)
  • Payment information
  • Health information relevant to your treatments
  • Treatment preferences and history
  • Communications with us

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and browser type
  • Pages visited and time spent on our website
  • Referring website addresses
  • Device information

3. How We Use Your Information

We use your personal information to:

  • Process and manage your bookings
  • Provide spa treatments and services
  • Send booking confirmations and reminders
  • Process payments
  • Respond to your enquiries
  • Send marketing communications (with your consent)
  • Improve our services and website
  • Comply with legal obligations

4. Legal Basis for Processing

We process your personal information based on:

  • Contract: To fulfil bookings and provide services
  • Consent: For marketing communications and non-essential cookies
  • Legitimate interests: To improve our services and protect our business
  • Legal obligation: To comply with applicable laws

5. Sharing Your Information

We do not sell your personal information. We may share your information with:

  • Service providers who assist with our operations (e.g., payment processors, booking systems)
  • Professional advisers (e.g., accountants, legal advisers)
  • Regulatory authorities when required by law

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes encrypted connections, secure servers, and restricted access to personal data.

7. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Treatment records are retained for 7 years after your last visit.

8. Your Rights

Under data protection law, you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your information
  • Object to processing of your information
  • Request restriction of processing
  • Data portability
  • Withdraw consent at any time

To exercise any of these rights, please contact us using the details below.

9. Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device. We use:

  • Essential cookies: Required for the website to function
  • Analytics cookies: Help us understand how visitors use our website
  • Marketing cookies: Used to deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites and encourage you to read their privacy policies.

11. Children's Privacy

Our spa services are intended for guests aged 16 and over. We do not knowingly collect personal information from children under 16.

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

13. Contact Us

If you have any questions about this privacy policy or how we handle your personal information, please contact us:

14. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached. Visit ico.org.uk for more information.

Contact Us