Overview
Leaf Lifestyle and Beauty, (“we” “us” or “our”) takes the data security of every customer (“you” or “your” ) very seriously and we totally respect your privacy rights. We pledge to handle your data fairly and legally. This policy, which applies whether you visit our spa or go online, provides you with information about:

How we use your data
We (and trusted partners acting on our behalf) use your personal data:

How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this policy. The longest we will normally hold any personal data is 6 years.

What personal data do we collect?
We may collect the following information about you:

Our websites are not intended for children under the age of 18 and we do not knowingly collect data about children

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, send an email to us or visit our premises. Other personal data is collected indirectly, for example, we may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

How we protect your data
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information including encryption using SSL technology. The personal information we hold will be held securely in accordance with our internal security policies and the law. All staff receive training on our internal policies on data security and have a contractual obligation to maintain customer confidentiality

Your rights
You have the right to:

Please note that none of these rights are absolute and we reserve the right to refuse your request where exceptions apply. If you wish to exercise any of the above rights, please contact. We reserve the right to make an administrative charge of £20 to provide the data you request.

Legal basis for using data

We are required to set out the legal basis for our ‘processing’ of personal data. We collect and use customers’ personal data because it is necessary for:

In general, we only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email or text message and appointment reminders. Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Our legitimate interests
The normal legal basis for processing customer data, is that it is necessary for our legitimate interests, including:

Reviews and Testimonials
We may use testimonials and/or product reviews in whole or in part together with the name and town of the person submitting it. Testimonials may be used for any form of activity relating to our products and services, in printed and online media, as we in our absolute discretion think fit. We reserve the right to review and to correct grammatical and typing errors prior to use. We shall be under no obligation to use any or any part of any testimonial or review submitted. By submitting a testimonial or review under this policy, you agree, give permission for and grant any necessary licence so that we may publish and/or reproduce any part of the testimonial or review on the Site and/or in any other of our printed and online media.

Cookie Policy
Like most websites, Leaf Lifestyle and Beauty’s website (“Site”) uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smart ‘phones or ‘tablets’) as you browse this Site. They are essential for the effective operation of our Site and to help you shop with us online. They also enable us to meet our contractual obligations to make payments to third parties when a product is purchased by someone who has visited our Site from a website operated by those parties.

The cookies stored on your computer or other device when you access our websites are designed by third parties who participate with us in marketing programmes.

If you want to disable cookies you need to change your website browser settings. If you choose to switch off cookies, the Site may not operate properly and you may be unable to complete a purchase on our Site.

Cookies we use:

Cookie Name Cookie Owner Cookie Description
PHPSESSID Unknown Used by multiple companies, but usually this cookie is necessary to provide you with access to secure areas.
NID Unknown Used by multiple companies, The NID cookie contains a unique ID Google uses to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on.
__utma Google Analytics Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmz Google Analytics Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.
__utmc Google Analytics Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
__utmb Google Analytics Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmt Google Analytics Used to throttle request rate.
_ga Google Analytics Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.
_gid Google Analytics Used to distinguish users.
_gat_UA-6409345-3 Google Analytics This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
wp-settings-time- WordPress WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wp-setting- WordPress WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wordpress_test_cookie WordPress WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
wordpress_sec WordPress Essential WordPress session management cookies for logged in users.
wordpress_logged_in WordPress After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.

Changes to this privacy policy
Please check frequently to view any changes to this policy. It was last updated in June 2019.

How to contact us
If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk