Privacy Policy for ThistleGlow Wellness

Introduction

At ThistleGlow Wellness, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our site, use our services, or interact with us. Our practices are designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the United Kingdom.

Information We Collect

We collect various types of information to provide and improve our spa and salon services.

• Personal Identification Information: This includes your name, email address, phone number, and physical address, collected when you book an appointment, sign up for our newsletter, or fill out a contact form.
• Health and Wellness Information: For certain services like therapeutic massages, skincare treatments, and holistic wellness consultations, we may collect relevant health information (e.g., allergies, skin conditions, medical history) to ensure your safety and tailor treatments appropriately. This is considered sensitive personal data and is handled with extreme care and only with your explicit consent.
• Payment Information: When you make a booking or purchase, we collect payment details. However, we do not store sensitive payment information (like full credit card numbers) on our servers. This is processed securely by third-party payment processors.
• Usage Data: Information about how you interact with our site, such as pages visited, time spent on pages, and referring URLs. This helps us understand site performance and user preferences.
• Communication Data: Records of your communications with us, including emails, phone calls, and messages through our online platform.

How We Use Your Information

We use the collected information for various purposes, primarily to provide and improve our services to you:

• Service Provision: To schedule and manage your appointments for therapeutic massages, skincare treatments, aromatherapy, holistic wellness consultations, beauty salons, manicure and pedicure, facial therapies, body wraps, and relaxation sessions.
• Personalisation: To tailor our services and treatments to your specific needs, particularly for health-related information provided for sensitive treatments.
• Communication: To send you appointment confirmations, reminders, updates about our services, and respond to your inquiries.
• Marketing: With your consent, to send you promotional offers, newsletters, and information about new services or special events. You can opt-out of marketing communications at any time.
• Improvement of Services: To understand how our services are used and to make improvements to our offerings and the functionality of our online platform.
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements.

Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

• Consent: For specific purposes, particularly when processing sensitive personal data (e.g., health information) or for direct marketing. You have the right to withdraw your consent at any time.
• Contractual Necessity: To fulfill our obligations arising from any contracts entered into between you and us (e.g., booking and providing a service).
• Legal Obligation: When required to comply with a legal obligation, such as tax or health and safety regulations.
• Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes improving our services, preventing fraud, and ensuring network security.

Disclosure of Your Information

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties without your explicit consent, except in the following situations:

• Service Providers: We may share your data with trusted third-party service providers who assist us in operating our online platform, conducting our business, or serving you (e.g., payment processors, appointment scheduling systems, email marketing services). These parties are obligated to keep your information confidential and use it only for the purposes for which we disclose it to them.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as part of the business assets.

Data Security

We implement a variety of security measures to maintain the safety of your personal data when you place an order or enter, submit, or access your personal information. These measures include encryption, firewalls, and secure server hosting. We also ensure that our staff are trained in data protection best practices.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. When processing sensitive health information, this data is retained for a period necessary for the provision of safe and effective services and to comply with professional and legal obligations.

Your Data Protection Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• The Right to Access: You have the right to request copies of your personal data.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the contact details provided below. We will respond to your request within one month.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We encourage you to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

ThistleGlow Wellness

1290 Lavender Lane

Suite 3A

Bath, Somerset

BA1 6LX

United Kingdom