Privacy Policy for The Chelsea Spa Website

1. Introduction: Purpose of this Privacy Policy

This privacy policy outlines how The Chelsea Spa collects, uses, stores, and protects your personal data when you use our website, thechelseaspa.co.uk. The Chelsea Spa is committed to ensuring the privacy and security of your personal information in compliance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.1 This policy is designed to provide you with clear and comprehensive information about our data processing practices, ensuring transparency and empowering you to make informed decisions about your personal data. The principles of lawfulness, fairness, and transparency guide our approach to handling your information, as mandated by UK data protection law.1 We strive to process your data in a way that is fair, lawful, and in line with your reasonable expectations.4

2. Data Controller and Contact Information

2.1. Identity of the Data Controller:

The Chelsea Spa, located at 53 Hollywood Road, Chelsea, London, United Kingdom, SW10 9HX, is the data controller responsible for the personal data collected and processed through this website.6 As the data controller, The Chelsea Spa determines the purposes and means of processing your personal data and is accountable for ensuring that our processing activities comply with applicable data protection laws.6 It is a fundamental requirement under UK GDPR to clearly identify the data controller so that individuals know who is responsible for their personal information.6

2.2. Contact Details for The Chelsea Spa:

For any general inquiries regarding this privacy policy or our data processing practices, you can contact The Chelsea Spa via email at info@thechelseaspa.co.uk or by telephone at 020 7351 4555.8 We are committed to being accessible and responsive to your questions and concerns about your personal data.12 Providing clear contact information is a key aspect of transparency, allowing users to easily reach out for clarifications or to exercise their rights.6

2.3. Contact Information for the Data Protection Officer (DPO):

Nahad Ul Quasem has been appointed as the Data Protection Officer for The Chelsea Spa. If you have any specific questions or concerns regarding the processing of your personal data or wish to exercise your data protection rights, you can contact the Data Protection Officer directly at info@thechelseaspa.co.uk.13 While not all organizations are obligated to appoint a DPO, doing so demonstrates a commitment to data protection and provides a dedicated point of contact for privacy-related matters, as per the user’s request.13

3. What Personal Data We Collect

3.1. Information Collected Through Contact Forms:

When you use the contact forms on our website to get in touch with us, we collect personal data such as your name, email address, and any other information you voluntarily provide in the message field.1 This information is necessary to understand your inquiry and provide you with an appropriate response.1 Transparency regarding the data collected through contact forms is essential to ensure users are aware of what information they are submitting and how it will be used.1

3.2. Information Collected Through Newsletter Sign-ups:

If you choose to sign up for our newsletter, we will collect your email address for the purpose of sending you marketing communications about our treatments, special offers, and other relevant news.1 We will only send you these communications if you have provided your explicit consent to do so, as detailed in section 5.1 Users have a right to know what data is collected for newsletter subscriptions and the implications of providing this information.1

3.3. Information Collected for Booking Purposes (if applicable directly through the website):

Although the primary booking mechanism appears to be through the Treatwell platform 7, if The Chelsea Spa were to implement direct booking functionality on their website, we would collect personal data necessary to process your booking. This could include your name, contact details (phone number, email address), appointment preferences (date, time, treatment), and potentially payment information to secure your booking.1 Collecting this information is essential for fulfilling your service requests.1

3.4. Website Usage Data:

When you visit our website, we may automatically collect certain information about your visit. This includes your IP address, browser type, operating system, referring URLs, pages you visited on our site, and the duration of your browsing session.1 This information is often collected through the use of cookies and similar tracking technologies, as further explained in section 9. This data helps us to analyze how our website is used, improve its functionality, and ensure its security.1 The Treatwell privacy policy, which is relevant as The Chelsea Spa partners with them, also mentions the collection of data about users’ devices and technology.10

4. Purposes of Processing and Legal Bases

4.1. Processing for General Inquiries:

Personal data collected through our contact forms is processed to respond to your inquiries, provide you with information about our spa treatments and services, and address any requests you may have.6 The legal basis for this processing is our legitimate interest in providing customer service and responding to potential clients.1 Alternatively, if your inquiry is related to booking services, the legal basis may be taking steps at your request prior to entering into a contract.1 It is a fundamental principle of UK GDPR to ensure that every instance of data processing has a clearly defined lawful basis.1

4.2. Processing for Direct Marketing:

If you have explicitly consented to receive our newsletter or other marketing communications, we will use your email address to send you promotional emails about new treatments, special offers, and events at The Chelsea Spa.6 The legal basis for this processing is your consent.1 UK GDPR mandates that direct marketing via electronic means requires the recipient’s explicit consent.1 You have the right to withdraw your consent at any time, as detailed in section 5.

4.3. Processing for Service Bookings (if applicable directly through the website):

Should The Chelsea Spa offer direct online booking, the personal data collected during the booking process would be processed to manage and fulfill your appointment. This includes confirming your booking, sending you appointment reminders, and processing any payments, if applicable.6 The legal basis for this processing is performance of a contract – the contract between you and The Chelsea Spa for the provision of spa services.1 This processing is necessary to deliver the services you have requested.13

4.4. Other Potential Processing Purposes:

We may also process your personal data for other purposes, such as improving our website and services. This processing is based on our legitimate interest in understanding how users interact with our website and enhancing their experience.13 We may also process data to ensure the security of our website and prevent fraud, which is also based on our legitimate interest in maintaining a safe online environment.13 Furthermore, we may be required to process your personal data to comply with legal obligations to which The Chelsea Spa is subject, such as responding to requests from regulatory authorities.6 In such cases, the legal basis for processing is a legal obligation.6

Category of Personal Data	Purpose of Processing	Legal Basis for Processing
Name, Email Address	Respond to general inquiries submitted through contact forms	Legitimate Interest (The Chelsea Spa’s interest in responding to customer inquiries) or Taking steps at the request of the data subject prior to contract
Email Address	Send direct marketing communications (newsletter, special offers)	Consent
Name, Contact Details, etc. (if applicable)	Manage and fulfill service bookings (confirmations, reminders, payments)	Performance of a Contract
IP Address, Browser Type, etc.	Analyze website usage, improve website functionality, ensure website security	Legitimate Interest (The Chelsea Spa’s interest in improving their website and ensuring its security)

5. Consent for Direct Marketing

5.1. Explanation of Explicit Consent Requirement:

The Chelsea Spa will only use your personal data, specifically your email address, for direct marketing purposes if we have obtained your explicit consent to do so.1 Under UK GDPR, explicit consent requires a clear and specific affirmative action from you, indicating your unambiguous agreement to receive marketing communications from us.1 This means that pre-ticked boxes or inactivity will not be considered valid consent.1 You must actively indicate your willingness to receive marketing materials.

5.2. Mechanism for Users to Opt-in to Marketing Communications:

When you sign up for our newsletter or when we offer you the option to receive marketing communications through other forms on our website, you will be presented with a clear and separate opt-in mechanism, such as an unchecked checkbox.1 The language used will be straightforward and easy to understand, ensuring that you are fully informed about what you are consenting to.1 For example, the wording might be: “Yes, I would like to receive emails about special offers and news from The Chelsea Spa.” Your active selection of this option signifies your explicit consent to receive marketing communications.

5.3. Information on How Users Can Withdraw Their Consent (Opt-out):

You have the right to withdraw your consent to receive marketing communications at any time. We will provide you with easy and accessible ways to do so. Every marketing email we send will include an unsubscribe link that you can click to stop receiving future emails.4 Alternatively, you can withdraw your consent by contacting us directly via email at info@thechelseaspa.co.uk or by phone at 020 7351 4555.4 Withdrawing your consent will not affect the lawfulness of any processing that we carried out based on your consent before it was withdrawn.13

6. How We Store and Secure Your Data

6.1. Description of Security Measures Implemented:

The Chelsea Spa takes the security of your personal data very seriously and has implemented appropriate technical and organizational measures to protect it against unauthorized access, loss, or damage.1 These measures include the use of encryption to protect data transmitted over the internet 13, the implementation of firewalls to prevent unauthorized access to our systems, and the use of access controls to ensure that only authorized personnel can access your personal data. We also maintain secure servers and conduct regular security assessments to ensure the ongoing integrity and confidentiality of your data.25

6.2. Reference to Standard Security Practices for Online Platforms Under UK GDPR:

The security measures we have implemented are designed to align with standard industry practices and the requirements of UK GDPR.1 Our focus is on ensuring the ongoing confidentiality, integrity, and availability of your personal data.25 While no online platform can guarantee absolute security, we continuously strive to implement and maintain robust security measures that are appropriate to the risks involved in processing your personal data.25 Treatwell, our booking partner, also emphasizes the secure storage of personal data.28

7. Your Rights Under UK Data Protection Law

You have several rights under UK data protection law regarding your personal data.1 You can exercise these rights by contacting us using the contact details provided in section 2.

7.1. Right to be Informed: You have the right to be informed about the collection and use of your personal data. This privacy policy serves to provide you with this information.1

7.2. Right of Access: You have the right to request access to the personal data we hold about you and to receive a copy of it.1

7.3. Right to Rectification: You have the right to request that any inaccurate or incomplete personal data we hold about you is corrected.1

7.4. Right to Erasure (“Right to be Forgotten”): In certain circumstances, you have the right to request the deletion of your personal data.1

7.5. Right to Restrict Processing: You have the right to request the restriction of the processing of your personal data in specific situations.2

7.6. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.2

7.7. Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.2

7.8. Rights in Relation to Automated Decision Making and Profiling: Currently, The Chelsea Spa does not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. If our practices change in the future, we will update this privacy policy and inform you of your rights in this regard.2

8. Data Retention Periods

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.1

• Data collected through contact forms will typically be retained for 12 months for record-keeping purposes and to address any potential follow-up inquiries.
• Email addresses collected for direct marketing purposes will be retained until you withdraw your consent to receive such communications.
• Booking information (if collected directly) will be retained for a period of 7 years to comply with legal and accounting obligations.
• Website usage data is generally retained for 24 months for analytical purposes.

These retention periods may be extended if required by law or for the establishment, exercise, or defense of legal claims.20 The criteria we use to determine these periods include the purpose for which the data was collected, any relevant legal obligations, and our legitimate interests in maintaining records.1

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and personalize content.1 Cookies are small text files that are placed on your computer or mobile device when you visit a website. They help us to remember your preferences, understand how you use our site, and improve its functionality.7

We use the following types of cookies:

• Essential Cookies: These cookies are necessary for the website to function properly and cannot be disabled.
• Analytics Cookies: These cookies help us to understand how visitors interact with our website by collecting and reporting information anonymously.
• Marketing/Tracking Cookies: These cookies may be used to track your browsing activity across websites and to deliver targeted advertisements.

You can manage your cookie preferences through our cookie consent banner, which appears when you first visit our website.7 You can also adjust your browser settings to block or delete cookies, but please note that doing so may impact your experience of our website.7 As The Chelsea Spa partners with Treatwell for online bookings, their cookie policy, accessible at the bottom of the Treatwell website, also applies to users booking through that platform.7

10. International Data Transfers (If Applicable)

The personal data we collect is primarily stored and processed within the UK and the European Economic Area (EEA). However, if we engage third-party service providers who operate outside the UK or EEA, your personal data may be transferred to and processed in those countries.10 In such cases, we will ensure that appropriate safeguards are in place to protect your personal data in accordance with UK GDPR. These safeguards may include transferring data to countries that have been deemed to provide an adequate level of protection by the UK government, or by implementing standard contractual clauses or the International Data Transfer Agreement approved by the UK’s Information Commissioner’s Office.10 Treatwell’s privacy policy indicates that they may transfer data outside the UK/EEA and outlines the safeguards they have in place.10

11. How to Lodge a Complaint with the ICO

If you have any concerns about how The Chelsea Spa is handling your personal data, or if you believe that we have not complied with our data protection obligations, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues.1 You can contact the ICO using the following details:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Website: ico.org.uk

Telephone: 0303 123 1113

12. Updates to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in data protection laws or our data processing practices.20 Any significant changes to this policy will be communicated to you by posting a notice on our website or by other appropriate means, such as email notification. We encourage you to review this privacy policy periodically to stay informed about how we are protecting your personal data. This privacy policy was last updated on [Insert Date].

13. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or the way we handle your personal data, please do not hesitate to contact us at:

The Chelsea Spa

53 Hollywood Road

Chelsea

London

United Kingdom

SW10 9HX

Email: info@thechelseaspa.co.uk

Telephone: 020 7351 4555

We are committed to addressing any concerns you may have in a timely and appropriate manner.6

Conclusion

The Chelsea Spa is dedicated to protecting your privacy and ensuring the security of your personal data in accordance with UK data protection laws. This privacy policy provides a comprehensive overview of our data processing practices, reflecting our commitment to transparency and accountability. By understanding how we collect, use, store, and protect your information, you can have confidence in your interactions with our website and services. We encourage you to review this policy carefully and to contact us if you have any questions or concerns.