Private Policy

  1. Introduction

This Privacy Notice outlines how Bliss Spa & Massage collects and processes your personal data through your use of our site and services.

By providing us with your personal data, you warrant to us that you are over 13 years of age.

Bliss Spa & Massage is the data controller and is responsible for your personal data (referred to as “we,” “us,” or “our” in this notice).

We have appointed a Data Protection Officer (DPO) who manages all privacy-related matters. If you have any questions about this notice, please contact our DPO using the details below.

Contact Details

Our full details are:

  • Full name of legal entity: Bliss Spa & Massage
  • Name or title of Data Protection Officer: Susan Mulasa
  • Email address: info@blissspamassage.co.uk
  • Postal address: 5 Hale Lane NW7 3NU Mill Hill London

It is vital that the information we hold about you is accurate and current. Please notify us immediately if your personal information changes by emailing us at info@blissspamassage.co.uk

  1. What Data We Collect and Our Purpose for Processing It

Personal data refers to any information that can identify an individual; it does not include anonymized data. We may process several categories of personal data about you based on how you interact with us:

  • Communication Data: This includes any messages you send us via email, contact forms, social media, or other communication methods. We process this data to respond to your queries, maintain internal records, and for the establishment, pursuit, or defence of legal claims. Our legal basis for this is our legitimate interests in running our business effectively.
  • Customer Data: This includes details related to purchases, such as your name, title, contact information (email, phone, address), purchase details, and card details. We process this data to supply the goods and services you have purchased and to keep accurate records of these transactions. Our legal basis for this is the performance of a contract we have with you (or steps taken to enter one).
  • User Data: This covers information about how you use our website and online services, as well as any content you post for publication. We process this to properly operate and secure our website, ensure relevant content is displayed, and manage our online business. Our legal basis for this is our legitimate interests in administering our website and business.
  • Technical Data: This includes data about your devices and online activity, such as your IP address, browser details, time zone settings, and website navigation paths. We collect this data from our analytics tracking systems to analyse your website usage, administer and protect our website, deliver relevant advertisements to you, and assess the effectiveness of our marketing. Our legal basis is our legitimate interests in administering our website, growing our business, and defining our marketing strategy.
  • Marketing Data: This includes your preferences for receiving marketing from us and third parties, and your overall communication choices. We process this data to enable your participation in promotions, deliver relevant website content and advertising, and measure its effectiveness. Our legal basis is our legitimate interests in studying how customers use our services, developing them, growing our business, and refining our marketing strategy.

We may also combine and use Customer, User, Technical, and Marketing Data to deliver targeted advertisements to you (e.g., through platforms like Facebook) and measure their success. Our lawful ground for this is our legitimate interests in growing our business.

Sensitive Data

We do not collect any Sensitive Data (e.g., race, religion, sex life, political opinions, criminal convictions) through our website.

HOWEVER: To safely and effectively perform any treatment, we must collect sensitive health data from you. This information will be collected during your appointment with the therapist, based on verbal information you provide.

  • Examples of sensitive health data: Medical information relevant to your treatment (e.g., allergies, conditions, recent injuries, pregnancy status).

We require your explicit consent for processing this sensitive health data. You will be asked to provide this consent directly to your therapist at the time of your appointment.

Consequences of Not Providing Data

Where we are required to collect personal data (including sensitive health data) by law or under the terms of a contract, and you fail to provide that data when requested, we may be unable to perform the contract (e.g., provide the service). If this results in a cancellation, we will notify you at the time.

We only use your personal data for the purpose it was collected for or a reasonably compatible purpose. We do not carry out automated decision-making or profiling.

  1. How We Collect Your Personal Data

We collect data through the following methods:

  • Directly from you: When you fill in forms on our site, send us emails, or provide information to your therapist during an appointment.
  • Automated technologies: As you use our website, we automatically collect certain data using cookies and similar technologies. Please see our dedicated Cookie Policy for details: http://www.blissspamassage.co.uk/cookie-policy
  • Third parties: We may receive data from analytics providers (e.g., Google, based outside the EU), advertising networks (e.g., Facebook, based outside the EU), and providers of technical, payment, and delivery services.
  • Publicly available sources: We may receive data from sources such as Companies House and the Electoral Register (based inside the EU).
  1. Marketing Communications

Our lawful ground for processing your data to send you marketing communications is either your consent or our legitimate interests (to grow our business).

We will always seek your express consent before sharing your personal data with any third party for their own marketing purposes.

Opting Out: You can ask us or third parties to stop sending you marketing messages at any time by:

  • Following the opt-out links on any marketing message sent to you.
  • Emailing us at info@blissspamassage.co.uk

Note that opting out of marketing does not apply to personal data provided as a result of other transactions, such as purchases or appointments.

  1. Disclosures of Your Personal Data

We may need to share your personal data with the following parties:

  • Service Providers: Who provide essential IT and system administration services.
  • Professional Advisers: Including lawyers, bankers, auditors, and insurers.
  • Government Bodies: That require us to report processing activities.
  • Third Parties: To whom we may sell, transfer, or merge parts of our business or assets.

We require all third parties to respect the security of your personal data and use it only for specified purposes and in accordance with our instructions.

  1. International Transfers

We share your personal data within our group of companies, which may involve transferring your data outside the European Economic Area (EEA).

We comply with the General Data Protection Regulations (GDPR) to protect your data. Where we transfer your data outside the EEA, we ensure similar security safeguards are in place by using mechanisms such as:

  • Transferring data to countries the European Commission has approved as providing an adequate level of protection.
  • Using US-based providers who are part of the EU-US Privacy Shield (where applicable), which offers equivalent safeguards.
  • Using specific contracts, codes of conduct, or certification mechanisms approved by the European Commission.

If none of these safeguards are available, we will request your explicit consent to the specific transfer, which you have the right to withdraw at any time.

  1. Data Security

We have implemented robust security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization.

We limit access to your personal data only to employees and partners who have a genuine business need to know that data. They are instructed to process your data only on our instructions and must keep it strictly confidential.

We have procedures in place to manage any suspected data breach and will notify you and any applicable regulator if we are legally required to do so.

  1. Data Retention

We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including meeting any legal, accounting, or reporting requirements.

  • Tax Purposes: The law requires us to keep basic customer information (Contact, Identity, Financial, and Transaction Data) for six years after they stop being customers.
  • Anonymisation: In certain circumstances, we may anonymise your personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
  1. Your Legal Rights

Under data protection laws, you have specific rights concerning your personal data, including the right to request:

  • Access to your data.
  • Correction of your data.
  • Erasure of your data.
  • Restriction of processing.
  • Transfer of your data.
  • To object to processing.
  • To withdraw consent (where consent is the lawful ground for processing).

You can find more details about these rights at the Information Commissioner’s Office (ICO) website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

To exercise any of these rights, please email us at info@blissspamassage.co.uk

We respond to all legitimate requests within one month. You will not have to pay a fee unless your request is clearly unfounded, repetitive, or excessive.

Complaints

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the ICO. However, we would be grateful if you contacted us first so we can try to resolve your concern directly.

  1. Third-Party Links

This website may contain links to third-party websites, plug-ins, and applications. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit after leaving ours.

  1. Cookies

You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. Please be aware that if you disable or refuse cookies, some parts of this website may become inaccessible or not function properly. For detailed information about the cookies we use, please see our dedicated policy: https://www.blissspamassage.co.uk/cookie-policy/

WhatsApp