Overview
Leaf Lifestyle and Beauty, (“we” “us” or “our”) takes the data security of every customer (“you” or “your” ) very seriously and we totally respect your privacy rights. We pledge to handle your data fairly and legally. This policy, which applies whether you visit our spa or go online, provides you with information about:
- how we use your data
- what personal data we collect
- how we ensure your privacy is maintained
- your legal rights relating to your personal data
How we use your data
We (and trusted partners acting on our behalf) use your personal data:
- to provide goods and services to you
- to manage any registered account(s) that you hold with us
- to remind you of appointments you have booked with us
- to verify your identity
- for crime and fraud prevention, detection and related purposes
- with your agreement, to contact you electronically about special offers and events we think may interest you. You have the right to opt out of receiving these promotional communications at any time
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
- to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery and marketing service providers
- we only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. They can only use your data to provide services to us and to you, and for no other purposes
- we will never sell or rent our customer data to other organisations for marketing purposes
- we may share your data with the bodies set out below where we are required to do so to comply with our legal obligations; to exercise our legal rights (for example in court cases); for the prevention, detection, investigation of crime or prosecution of offenders; for the protection of our employees and customers:
- credit reference agencies and payment card issuers (such as Visa and Mastercard) where necessary for card payments
- a business which acquires all or part of our business, as set out further below
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers
- in the event that a separate business acquires all or part of our business or its assets, for example in the context of a takeover or sale, we may need to disclose your personal data to that company, so they can continue to provide services to you. In this situation, your data will only be used by the other business for the purposes set out in this Policy.
- in certain circumstances, it is possible that your personal data could be transferred to a company with whom we’re discussing selling or transferring all or part of our business, but only where strictly necessary for the evaluation of the transaction. If this happens, the data will be kept secure and confidential and will be deleted if the business sale does not go ahead.
- to deliver products and services to you, it is sometimes necessary for us to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this policy. The longest we will normally hold any personal data is 6 years.
What personal data do we collect?
We may collect the following information about you:
- your name, date of birth and gender
- details of any medical conditions, (for example pregnancy, pacemaker, recent operations, cancer treatments) and medications, treatments and therapies you are receiving so we may assess whether it is advisable to proceed with the treatments you have booked
- your contact details: postal address including billing and delivery addresses, telephone/mobile numbers and e-mail address
- purchases and orders made by you
- when you make a purchase or place an order with us, your payment card details;
- your communication and marketing preferences
- your interests, preferences, feedback and survey responses;
- your correspondence and communications with us
- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page)
Our websites are not intended for children under the age of 18 and we do not knowingly collect data about children
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, send an email to us or visit our premises. Other personal data is collected indirectly, for example, we may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
How we protect your data
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information including encryption using SSL technology. The personal information we hold will be held securely in accordance with our internal security policies and the law. All staff receive training on our internal policies on data security and have a contractual obligation to maintain customer confidentiality
Your rights
You have the right to:
- access and obtain a copy of your data on request
- ask us to change incorrect or incomplete data
- ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing
- request a copy of the data you have provided to us in an agreed format, so that you can reuse it or transfer it to another data controller if you wish
- ask us whether we use automated decision making or profiling when processing your data.
Please note that none of these rights are absolute and we reserve the right to refuse your request where exceptions apply. If you wish to exercise any of the above rights, please contact. We reserve the right to make an administrative charge of £20 to provide the data you request.
Legal basis for using data
We are required to set out the legal basis for our ‘processing’ of personal data. We collect and use customers’ personal data because it is necessary for:
- the pursuit of our legitimate interests (as set out below)
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer
- complying with our legal obligations.
In general, we only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email or text message and appointment reminders. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Our legitimate interests
The normal legal basis for processing customer data, is that it is necessary for our legitimate interests, including:
- selling and supplying goods and services to our customers
- protecting customers’, employees’ and other individuals’ safety, health and welfare
- promoting, marketing and advertising our products and services
- sending promotional communications to individual customers (including administering the leaf loyalty scheme)
- improving existing products and services and developing new products and services
- complying with our legal and regulatory obligations
- preventing, investigating and detecting crime and fraud, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes
- managing insurance claims by customers
- protecting our employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of their legal obligations to us
- effectively handling any legal claims or regulatory enforcement actions taken against us
- fulfilling our duties to our customers and employees
- managing transactions, including selling or transferring any parts of our business to third parties or acquiring new businesses
Reviews and Testimonials
We may use testimonials and/or product reviews in whole or in part together with the name and town of the person submitting it. Testimonials may be used for any form of activity relating to our products and services, in printed and online media, as we in our absolute discretion think fit. We reserve the right to review and to correct grammatical and typing errors prior to use. We shall be under no obligation to use any or any part of any testimonial or review submitted. By submitting a testimonial or review under this policy, you agree, give permission for and grant any necessary licence so that we may publish and/or reproduce any part of the testimonial or review on the Site and/or in any other of our printed and online media.
Cookie Policy
Like most websites, Leaf Lifestyle and Beauty’s website (“Site”) uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smart ‘phones or ‘tablets’) as you browse this Site. They are essential for the effective operation of our Site and to help you shop with us online. They also enable us to meet our contractual obligations to make payments to third parties when a product is purchased by someone who has visited our Site from a website operated by those parties.
The cookies stored on your computer or other device when you access our websites are designed by third parties who participate with us in marketing programmes.
If you want to disable cookies you need to change your website browser settings. If you choose to switch off cookies, the Site may not operate properly and you may be unable to complete a purchase on our Site.
Cookies we use:
Cookie Name | Cookie Owner | Cookie Description |
PHPSESSID | Unknown | Used by multiple companies, but usually this cookie is necessary to provide you with access to secure areas. |
NID | Unknown | Used by multiple companies, The NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on. |
__utma | Google Analytics | Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. |
__utmz | Google Analytics | Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. |
__utmc | Google Analytics | Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit. |
__utmb | Google Analytics | Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. |
__utmt | Google Analytics | Used to throttle request rate. |
_ga | Google Analytics | Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in. |
_gid | Google Analytics | Used to distinguish users. |
_gat_UA-6409345-3 | Google Analytics | This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites. |
wp-settings-time- | WordPress | WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. |
wp-setting- | WordPress | WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. |
wordpress_test_cookie | WordPress | WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies. |
wordpress_sec | WordPress | Essential WordPress session management cookies for logged in users. |
wordpress_logged_in | WordPress | After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use. |
Changes to this privacy policy
Please check frequently to view any changes to this policy. It was last updated in June 2019.
How to contact us
If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by
- telephone: 01244 671071
- e-mail: mail@leaf-lifestyleandbeauty.com OR
- write to: Leaf Lifestyle and Beauty, The Old Rectory, Handley, Chester, Cheshire CH3 9DT
- Further information, including contact details, is available at https://ico.org.uk