Privacy Notice / Use of personal data
This Privacy Notice outlines the types of personal data we may collect about you when you interact with us. It also explains how we store, handle and protect your personal data, and ensures that you, as a customer of Banya No.1, are fully informed of your rights.
The sections outlined below should answer any questions you may have. However, if you do have further queries, then please do contact us at: firstname.lastname@example.org
In using our website and receiving our services, you consent to the collection, use, disclosure, transfer and other processing of your personal data as set out in this privacy notice, subject to your rights set out below and in particular your rights to withdraw or modify your consent as described in paragraph 10 of this Privacy Notice.
- Who is Banya No.1?
Banya No.1 is the “controller” of any personal data for the purposes of the Data Protection Act 2018 (the “Act”) and to the extent applicable the General Data Protection Regulation (“GDPR”) that you provide to us in the course of purchasing products from us, using our services or otherwise interacting with us.
We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with the Act and the GDPR.
- Fair and Lawful Processing
We will only process your personal data where:
- you have given your consent to such processing;
- the processing is necessary to provide our services otherwise perform our contract with you or to enter into a contract with you.
By processing, we mean the collection, storage, recording, use, disclosure and any other form of operations or dealings with your personal data.
- What personal data do we collect about you?
We process personal data of our customers or visitors to our websites for a number of different purposes, which are explained below.
“Personal data” means any information about an individual from which that person can be identified, such as your name and contact details.
In certain circumstances, as we set out below, it will be necessary for you to provide us with your personal data, to enable us to manage our operations or to provide services to you.
We do not generally collect special categories of personal data unless it is volunteered by you or unless we are required to do so pursuant to applicable laws and jurisdictions. We may require data about allergies, in order to protect your vital interests and health data provided by you to improve your stay or to safely provide you with our services.
Banya No.1 Bookings
The following personal data is required in order for us to make a booking for your visit:
- Booking Name
- Telephone Number
- Email Address
In order to provide exceptional customer service and to improve your dining experience, or in order to comply with our statutory obligations or to protect your vital interests, we may also collect and process additional personal data, including the following:
- Date of birth
- Special occasions – birthdays, anniversaries and that of your guest(s)
- Allergies or food intolerances
- Food preferences
- Personal connections to other customers or staff
- General preferences
- Previous booking history
- Specific health data
Sometimes we want to know more about our customers and may ask:
- Post code
- How did you find out about us
- Preferred language
For online bookings, we use the third-party booking engine Appointedd when making a booking online. Please refer to the section below “Who do we share your data with?” for more information.
We need the following personal data in order for you to make a booking:
- Email address
- Telephone number
- Encrypted credit card information (third-party – Appointedd only)
- Booking date and time
- Special notes (optional and volunteered by Customer)
When you attend the Banya for your appointment, you will be asked to complete our “Registration / Health Assessment Form” (it is possible to complete this online before the visit). The information you provide on that form, which includes special categories of personal data (in particular, information about your health and Covid-19 questions). It is entirely up to you whether to complete the Registration / Health Assessment Form, however, in the event that you choose not to do so we will not be able to offer and provide you with the spa services. We require the information on that form to conduct the spa services safely (i.e. to protect your vital interests). The information you provide will only be used for that purpose, will be stored as is set out in section 9 of this Privacy Notice and will not be provided to any third parties.
e-vouchers and printed vouchers
We use the third-party system Vouchercart.com to sell e-vouchers and printed vouchers.
The following personal data is collected and processed by us and Vouchercart in order to provide vouchers selling to you:
- Telephone number
- Email address
- Credit/Debit Card details (third-party – Vouchercart.com only)
- Name of recipient (if a gift)
- Delivery address, telephone number and email address of recipient (if a gift and if applicable)
This personal data may be shared with trusted third parties as processors (as detailed in the Act and GDPR) in order to carry out any necessary services for us, including shipping, fulfilment, and personalisation for a given order transaction. Please refer to the section below “Who do we share your data with?” for more information.
Banya No.1 do not collect and store any Credit/Debit Card details.
Data That is Collected Automatically
To the extent that you access the Website, we will collect your Data automatically, for example:
- we automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your approximate location, the date, times and frequency with which you access the Website and the way you use and interact with its content.
- we will collect your Data automatically via cookies, in line with the cookie settings on your browser. Examples of the types of personal data we collect include IP address, device ID, location data, computer and connection information such as browser type and version, time zone setting, browser plug-in types and versions, operating system. For more information about cookies, and how we use them on the Website, see the section below, headed “Cookies”.
- How do we capture your personal data?
We usually collect personal data from the information you submit during the course of your relationship with us. We use different methods to collect data from and about you, including through:
You may give us your identity, contact data by filling in forms or by communicating with us by phone, email or otherwise. This includes personal data you provide when you make bookings. Such bookings can be made in the following ways:
- In person
- Via a third party (person or company), such as a spa and wellness classes and experiences (apps)
- Through social media – if you choose to interact with us
You may also give us your personal data when you request marketing to be sent to you, enter a competition, promotion or survey, or give us feedback or contact us.
We do not knowingly collect personal data from children under the age of 13 without parental consent.
- What is your personal data used for?
We will only use your personal data for purposes for which the law allows us. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you (please refer to the “Business Services” section below for more information).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (please refer to the “Marketing and Communications” section below for more information).
- Where we need to comply with a legal or regulatory obligation.
We use the personal data you have provided us in order to:
- Confirm, amend or cancel bookings you have placed;
- Communicate with you in regards to future or past bookings you have placed, send invoices;
- Provide exceptional customer service and to improve your and your guests’ experiences at Banya No.1;
- Understand and assess the interests, wants, and changing needs of consumers, to improve our website, our current products and services, and/or developing new products and services;
- Provide personalized services, communications and targeted advertising as well as product recommendations to you.
We use personal data so that our employees can familiarise themselves with you and your guests in order to provide better services to you. The data you provide allows us to ensure that this can be achieved in the best possible way.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Marketing and communications
We would like to send you marketing communications from time to time to check the quality of our services to you or to inform you about Banya No.1 news, special offers or birthday specials; including new openings, developments, events and partnerships, and other services we think may be of interest to you, in the form of email newsletters.
We will send you such communications either because you are a recent customer of ours or because we have obtained your consent to do so. You have the right to unsubscribe from these marketing communications from us at any time by clicking on the unsubscribe link which will be made available to you in each communication, or by emailing us at any time.
Commercial advertising communications
We would like to send you commercial marketing communications from time to time by SMS, MMS, social communities and any other electronic or physical means, present or future, that enables commercial communications. These communications will be carried out by the Data Controller in relation to its products and services, or its collaborators or suppliers with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data.
- Who do we share your data with?
We work with a number of trusted and contracted third parties in order to be able to provide our services to you. These third parties include (but are not limited to) those who provide services to us for the delivery of spa bookings and business systems providers.
We do not share, rent, trade or sell your personal data to third parties for marketing purposes or for any purposes other than those explained in this Privacy Notice, without your prior consent. We do not purchase personal data from third parties.
We may transfer your personal data in the ways set out in this notice, and, in particular, to the following third parties:
- any group company of Banya No.1;
- suppliers and service providers (including information technology providers, such as website and mailing list hosts, marketing service providers, booking systems, and payment processing companies);
- any buyers of our business or any of our assets, or any of the advisors or representatives of the above;
We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law (including the Act and the GDPR). We do not allow our third-party service providers to process your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our written instructions.
- How do we protect your personal data?
The security of your personal data is equally as important to us as it is to you. With this in mind we will treat your data with the utmost care and take all necessary steps to protect it. We will implement and maintain appropriate technical and organisational measures to ensure a level of security commensurate with the risks involved and appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
Our websites use encrypted ‘https’ technology and access to your personal data is password protected, and sensitive data (such as payment card information) is secured by SSL encryption and tokenisation.
We carry out vulnerabilities assessments and penetration testing to identify ways to further strengthen our information security.
Our measures include implementing appropriate access controls, investing in the latest Information Security Capabilities to protect the IT environments we leverage, and ensuring we encrypt, pseudonymize and anonymize personal data wherever possible.
Access to your personal data is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third-parties.
- How long do we keep your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- Your rights as a customer of Banya No.1
In accordance with the Act and the GDPR, you have the right to:
- require us to rectify the personal data we hold about you, where that data is incorrect or incomplete;
- require that we restrict the processing of your personal data in certain circumstances;
- request access to the personal data that we hold about you;
- require that, in certain circumstances, we erase the personal data we hold about you;
- object to certain types of processing such as direct marketing; and/or
We endeavour to respond to such requests within 2 weeks, although we reserve the right to extend this period for complex requests.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
You can set your browser to stop cookies or to let you know when cookies are being sent, however this may disable some or all of the functions of the site and may prevent you from being able to use it as you would like.
Depending on their purpose, cookies can be:
- Technical cookies: Enable the user to browse a website and use the different options or services that exist there, such as controlling traffic and the communication of data, identifying the session, accessing restricted areas, remembering the items that make up an order, completing the purchase process of an order, filling out registration forms or requests to take part in an event, using security features while browsing, storing content for the dissemination of videos or sound files or sharing content over social networks.
- Functionality cookies: Enable the user to access the service with certain general features predefined on the user’s device, based on a series of criteria, such as language, type of browser used to access the service, or the regional configuration from which the service is accessed.
- Analytical cookies: Allow us to track and analyze the behavior of the users of the websites on which the cookies are found. The data gathered by this type of cookie is used to measure activity on websites, applications or platforms and draw up browsing profiles for the users of these sites, applications and platforms so that improvements can be made once the data has been analyzed.
- Advertising cookies: Allow for the most effective management possible of any advertising space that the publisher may have included on a website, application or platform from which the requested service is provided, based on criteria such as the content published there or how often the advertisements are shown.
- Behavioural advertising cookies: Allow for the most effective possible management of any advertising space the publisher may have included on a website, application or platform from which it provides the requested service. These cookies store information on the behavior of users obtained through continuous observation of their browsing habits. Specific profiles can then be drawn up in order to display tailored advertising.
- Third Party Links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.