Who we are
Our website address is: https://wax-away.co.uk.[Wax Away] (referred to hereafter as the ‘We’ or the ‘Company’) are committed to protecting and respecting your privacy
For the purpose of the Data Protection Act 1998 (the Act), and General Data Protection Regulations 2018 (GDPR) the Data Controller is Wax Away, 119 The Ring, Yardley, Birmingham, West Midlands, B25 8QD.
WHO DOES THIS POLICY APPLY TO?
Any employee who works for the Company, as well as any other individuals working at or visiting the Company premises or engaged by the Company. It also applies to visitors to the Company, as well as agency workers, casual workers, contractors, consultants, interns, seconded staff, agents, suppliers and sponsors, or any other person associated with us (“associated persons”).
INFORMATION WE MAY COLLECT ABOUT YOU
We may collect and process the following data about you:
· Information you give us. You may give us information about you by filling in forms on our site www.sleepingbeautysalon.co (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, [search for a product], [place an order on our site], [participate in discussion boards or other social media functions on our site], [enter a competition, promotion or survey], and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph. We also keep information given to us during your treatments such as allergies, medical information and records of treatments and patch tests.
· Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
· technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
· information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
· Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. [In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site.] We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Wax Away does not share your personal data with any affiliated companies without prior permission, except for Treatwell with whom we use their booking widget.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
· Information you give to us. We will use this information:
· to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
· to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
· to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data or contact the salon.
· to notify you about changes to our service;
· to ensure that content from our site is presented in the most effective manner for you and for your computer.
· Information we collect about you. We will use this information:
· to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
· to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
· to allow you to participate in interactive features of our service, when you choose to do so;
· as part of our efforts to keep our site safe and secure;
· to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
· to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
· Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
DISCLOSURE OF THE INFORMATION
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
· Business partners, suppliers and sub-contractors for the performance of any contract we enter into.
· Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. [We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 women aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in B25). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience].
· Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We may disclose your personal information to third parties:
· In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
· If Sleeping Beauty Salon Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
· If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of and other agreements; or to protect the rights, property, or safety of Wax Away, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
WHERE WE STORE YOUR PERSONAL DATA
[All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted [using SSL technology]. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at any of our locations or via email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ACCESS TO INFORMATION
The Act/GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act/GDPR. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. This fee will only be charged in line with GDPR guidelines.
Last updated May 2020
The data controller for your information is Hotspring Ventures Limited (registered address: Fairfax House, 15 Fulwood Place, London, WC1V 6HU) (“Treatwell”, “we”, “our” or “us”). You can write to us at: Hotspring Ventures Limited, Fairfax House, 15 Fulwood Place, London WC1V 6HU or email us on firstname.lastname@example.org or email@example.com.
What information do we collect?
When you visit and/or use our Platform or contact us, we may collect the following information:
- Personal Information that you choose to share with us when you register for an account, subscribe to emails, newsletters and alerts and which you provide to us when using our services, including information entered into our booking platform and included in your comments, reviews or survey responses. In the course of making a booking or submitting reviews, you might voluntarily provide us with sensitive personal data if relevant to the service that you are requesting or reviewing (relating to your health or ethnicity, for example).
- Personal Information that you share with us as part of an application for a job at Treatwell, submitted either directly on the Websites or indirectly, including but not limited to, via a recruitment agency, unsolicited application or third-party recruitment platform. In the course of making an application you may choose to voluntarily provide us with sensitive personal data relating to whether reasonable adjustments ought to be made for you in the application process or subsequently if an employment relationship is established. However, you must not share any sensitive personal data with us that would not be necessary for us to make reasonable adjustments for you, e.g. political opinions, religious beliefs or specific information on your state of health.
- Where you are utilising our online payment facility, we may store (via ourselves or our appointed payment processor) your credit and debit card details on a secure encrypted basis.
- If you choose to communicate with us (for example, through the Platform, live chat, email, telephone, SMS, or social media) we will record the fact that you have contacted us, the content of your and our communication, your contact details, and other unique identifiers including IP address and display name.
It is important that all the Personal Information you give us when you register as a user or otherwise when you use the Platform is correct and accurate. This includes, by way of example only, ensuring that we have your correct contact (including email) details at all times.
Protecting your personal information
The transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our Platform. Any transmission is at your own risk. Once we have received your Personal Information we will use strict procedures and security features in relation to that data.
How do we use your personal information?
In general terms, we use Personal Information to provide you with the services and products you request, process payment, provide customer services, deliver our content and ads which we think may be of interest to you, for customer research, to send you marketing and promotional emails and to notify you about important changes to our Platform.
We also use your Personal Information for the following purposes:
- To fulfil a contract, or take steps linked to a contract. This is relevant where you request a service via Treatwell. This includes:
- Sending you information about your requested services (such as appointment reminders) by email, SMS and push notification
- Facilitating your bookings and taking payments
- Responding to your questions and concerns
- Administering your account
- As required by Treatwell to conduct our business and pursue our legitimate interests, in particular:
- To keep our Platform and systems secure and to prevent fraud, security incidents and other crime
- To verify compliance with our terms and conditions and for the establishment, exercise or defence of legal claims
- To notify you about new Treatwell services and special offers we think you will find valuable, for example via email and displaying advertising on third party websites such as Facebook (where consent is not required)
- To investigate and respond to any questions or complaints received from you or from others, about our Platform or our products or services
- To conduct internal research and analysis so that we can see how our Platform, products and services are being used and how our business is performing
- To conduct market research and consumer surveys
- To collate and publish reviews of products or services offered by our Partners, and use these for advertising campaigns
- To process applications for a position at Treatwell, whether submitted directly or indirectly, including to examine your suitability for the role, curriculum vitae, and professional skills, to schedule interviews and assessments, to contact referees and, if successful, to offer you a job and establish an employment relationship with you. Information which you provide will be held for a period of 12 months and may be referred to in the event you make future applications to work at Treatwell, unless you opt to delete this data which you may do so by following the link in the confirmation of application email that we sent you.
- Where you give us consent:
- To notify you about new Treatwell services and special offers we think you will find valuable, for example via email and displaying advertising on third party websites such as Facebook (where consent is required)
- To send you information about competitions and surveys and details of promotional offers of our Partners and about other selected third parties’ goods or services, for example those of health, beauty, leisure and lifestyle brands, by email and as push notifications via the App
- To pass your personal information to our Partners and other selected third parties, for example health, beauty, leisure and lifestyle brands, to enable them to send you information about their goods and services on their own behalf
- To use customer communications for training, record-keeping and quality control purposes. If you telephone our customer experience team, and consent by not opting out, your call may be recorded. You will be told if such a recording is being made and given the opportunity to opt-out of being recorded if you wish to do so and the means for doing so.
- On other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time
- For purposes which are required by law:
- To respond to requests by government or law enforcement authorities conducting an investigation
- To meet legal, regulatory and compliance requirements
Legitimate Interests Balancing Tests
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us at firstname.lastname@example.org.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
- If you would like to unsubscribe from receiving communications which Treatwell sends you, you can do so by clicking the “unsubscribe” button at the bottom of email communications which we send you or alternatively by contacting us at email@example.com. In the case of email marketing please allow 48 business hours for your email address to be removed from our system.
- If you would like to unsubscribe from receiving communications which are sent by Partners and other third parties, please contact the Partner or third party directly. In the case of our Partners, if you need our assistance with this, we will be happy to do what we can to help you.
- If you would like to no longer receive push notifications via the App, you can do so by revoking push notification permission for the Apps in your phone’s operating system settings.
Please note that where you have opted out of receiving our email marketing communications via the methods described above, you may still see our non-targeted adverts whilst you are online, if your interests settings on Facebook are aligned to an audience segment (pre-defined by Facebook) which our business is also associated with. We do not control whether these ads are displayed to you.
Sharing personal information with third parties
We treat the security and method of processing your Personal Information very seriously, and we will never sell your Personal Information under any circumstances.
However, we may disclose your Personal Information to selected third parties, including in the following situations:
- Hotspring Ventures Limited: Fairfax House, 15 Fulwood Place, London, WC1V 6HU, firstname.lastname@example.org
- Treatwell IE, branch of Hotspring Ventures Limited: Fairfax House, 15 Fulwood Place, London, WC1V 6HU, email@example.com
- Treatwell LT UAB: J. Basanavičiaus g. 15, 03108 Vilnius, Lithuania, firstname.lastname@example.org
- Treatwell Spain s.l.: Carrer de Balmes, 7, Planta 3, 08007 Barcelona, Spain, email@example.com
- Treatwell IT s.r.l.: Via Aldo Manuzio, 17, 20124, Milano, Italy, firstname.lastname@example.org
- Treatwell FR: 52 rue de la Chaussée d’Antin – 75009 Paris, France, email@example.com
- Treatwell BNL B.V.: Nieuwezijds Voorburgwal 120-126, 1012 SH Amsterdam, Netherlands, firstname.lastname@example.org
- Treatwell DACH GmbH: Greifswalder Str. 212, 10405 Berlin, Germany, email@example.com
- Treatwell DACH GmbH, Zweigniederlassung Zürich: Haggenholzstrasse 83b, 8050 Zürich, firstname.lastname@example.org
- Treatwell DACH GmbH, Zweigniederlassung Wien: Badhausgasse 18-20, Top 1-3, Lerchenfelderstraße 95-97, 1070 Wien, email@example.com
- If you place an order or otherwise engage with Treatwell through a website or app powered on behalf of a third party, then your contact details and details of your order will be passed on to the relevant third party, for example lastminute.com when you make a booking via spa.lastminute.com. If you give a third party (such as lastminute.com) the relevant consents (which Treatwell collects on behalf of third parties), they may also send you marketing communications.
- To third party service providers that perform functions on our behalf in relation to the Platform or otherwise in connection with the running of our business, recruiting candidates and for the provision of Treatwell’s services (for example, processing credit card payments, website hosting, conducting surveys and market research, providing social media analysis, providing marketing email services, data analysis tools and to manage customer services communications including telephone calls and live chat).
- To our Partners with whom you book services whether via our Website or Apps, where we act as commercial booking agent, or directly with the Partner via our Partner Platform or Widgets, where we act solely as a technology provider. Your information is shared with Partners in order that:
- bookings can be facilitated and, if necessary, contact made in advance of your appointment;
- if you have opted in to receiving marketing emails from Partners with which you book, these emails can be sent to you containing news and special offers; and
- they can improve the services they offer to their customers and business operations by providing statistical data regarding customers, both on an aggregated basis and on an individual level.
- To third party brands with which we collaborate on products, services, competitions and campaigns
- To third party salon software providers used by our Partners to ensure that those third party software solutions and Connect each display real-time availability to customers
- To other third parties, for the purpose of facilitating our business and improving our products, content, services or advertising including, by way of example only, sending email communications or publishing reviews of our or our Partners’ products and services
- If we buy, sell or transfer any business or assets or if go into insolvency, bankruptcy or receivership. If this should happen, we may need to disclose your Personal Information to the seller or buyer of such business or assets, as appropriate
- If we are under a duty to disclose or share your Personal Data to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements or protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction
- To government authorities, and to other third parties as required or permitted by law, including but not limited to in response to court orders. We also may disclose user information when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of our Platform, or anyone else that could be harmed by such activities.
Please note: by posting any Personal Information in any publicly accessible area of our Platform (such as review sections), such information may be collected by third parties over which we have no control. We are not responsible for the use of such information by such third parties.
Please therefore exercise all due care and consideration before disclosing any Personal Information that will be disclosed on public areas. You should also avoid disclosing on public areas any Personal Information that may be used to identify you (such as your name, age, home or work address or name of your employer).
Your rights in relation to your personal information
In relation to the personal information we hold about you, you may be entitled to ask us:
- For a copy of your personal information
- To correct, erase or restrict the processing of your personal information
- To obtain personal data which you provide to us for a contract or with your consent in a structured, machine readable format and to ask us to transfer this information to another organisation
- To object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
In the first instance you may be able to view or change the information you have provided us with by logging in to your online account.
Your rights in relation to your personal information are limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground we may continue to process Personal Information which you have asked us to delete. You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant supervisory authority.
If you wish to exercise any of the above rights, please contact us at firstname.lastname@example.org. Please note, however, that no financial information will be provided without verification.
What about other websites linked to our Platform?
We are not responsible for the practices employed by websites linked to or from our Platform nor the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our Platform.
Social Media and User Generated Content
Some of our Platforms allow users to submit their own content. Please remember that any content submitted to one of our Platforms can be viewed by the public, and you should be cautious about providing certain personal information e.g. financial information or address details via these Platforms. We are not responsible for any actions taken by other individuals if you post personal information on one of our social media platforms, e.g. Facebook or Instagram. Please also refer to the respective privacy & cookie policies of the social media platforms you are using.
If we change our privacy policies and procedures, we will post those changes on our Platform to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it.
Where we store your personal data
The data that we collect from you may be transferred to and stored at a destination outside the UK and European Economic Area (EEA), including in the US and Israel, including for the purposes of processing that data by selected third parties, in order to facilitate Treatwell’s business. Countries outside the EEA may not have laws which provide the same level of protection to your personal data as laws within the EEA. Where this is the case personal data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification, a vendor’s Processor Binding Corporate Rules, or another adequacy mechanism established under applicable data protection law. A copy of the relevant mechanism can be provided for your review on request to email@example.com.
- where you apply for a position at Treatwell, whether directly or indirectly, information which you provide will be held for a period of 12 months and may be referred to should you make future applications to work at Treatwell, unless you opt to delete this data which you may do so by following the link in the confirmation of application email that we sent you;
- where you contact us via live chat on the Platform, we usually retain customer live chat data for up to 60 days after the end of the session; and
- where you contact us via telephone and do not opt-out, we shall retain call recordings for up 90 days from the date of the call.
Our policy on Cookies
Please see the table below for a live breakdown of the Cookies that are used on our Platform:
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off – our Platform cannot function properly without them. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. They may be required to enable you to move around our Platform and use our features, for system administration, to prevent fraudulent activity, to keep you logged in from one page to another or so that we can remember what you have added to your basket. These cookies do not store any personally identifiable information.
These Cookies enable us to better understand how many users visit our Platform, how users arrive at, browse or use our Platform and which parts of our Platform are most popular. For example, they allow us to count visits and traffic sources so we can measure and improve the performance of our site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These Cookies enable us to provide enhanced functionality and personalisation and simplify your user experience. For example they may remember choices you make such as the country you visit our Platform from or your preferred language.. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. They cannot track your browsing activity on other websites or apps outside the Platform.
Targeting or Advertising Cookies
Using Cookies for this purpose enables us to display adverts on and off the Platform, and to collect information about your browsing habits and usage of the Platform in order to make adverts more relevant and personalised to you and your interests. We may use remarketing technologies to enable third parties to display relevant and personalised ads to you through their networks. They are also used to identify that you have seen a particular advert, limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. We use some third party technologies for this purpose. Technologies are also placed by social media sites for advertising and targeting purposes. These technologies remember the sites you visit and that information is shared with other parties such as advertisers. When we use third parties for advertising and targeting purposes, we may disclose: Personally identifiable information, such as email address, order ID, venue. Generic, aggregated or anonymised data relating to your visits and use of our Platform; or Information in a pseudonymised form such as a browser cookie ID / code or cryptographic hash of your email address to help us tailor and display our ads to you on other services. This ID or code is matched against your equivalent unique code similarly generated by our ad partners to tailor adverts to you.
The third party companies that we use for targeting and advertising purposes have their own privacy policies which you should read in detail.