Privacy Policy
Oak and Stone Privacy Policy
Oak and Stone (”We”) are committed to protecting and respecting your privacy.
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
The UK General Data Protection Regulation (UK GDPR) (Regulation (EU) 2016/679) is a regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
The Brexit transition period ended on 31 December 2020 and the UK has now officially left the EU. The UK GDPR has been directly incorporated into UK law sitting alongside the Data Protection Act 2018.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who we are and what we do
We are a Massage and Male waxing professional service based near to Ely Cambridgeshire.
We collect information about you to carry out our core business and ancillary activities.
Information you give to us or we collect about you.
This is information about you that you give us by filling in forms on our site www.oak-and-stone.co.uk (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, to enter our database, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our site, enter a promotion or survey, and when you report a problem with our site.
The information you give us or we collect about you may include the following:
-
Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
-
Date of birth.
-
Gender.
-
Marital status and dependents
-
Health and wellbeing
-
-
Next of kin and emergency contact information.
-
Bank account details
We may also collect, store and use the following “special categories” of more sensitive personal information:
-
Information about your race or ethnicity
-
Information about your health, including any medical condition, health and sickness records.
Information we collect about you when you visit our website.
With regard to each of your visits to our site we will automatically collect the following information:
-
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information if applicable, browser type and version, browser plug-in types and versions, operating system and platform
-
information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for’, page response times, download errors, length of visits to certain pages, page interaction information, methods used to browse away from the page and any phone number used to call our customer service number.
Information we obtain from other sources.
We don’t search who you are using any other parties and we do not sell your data to any other parties either.
Purposes of the processing and the legal basis for the processing
Our legal basis for the processing of personal data is our legitimate interests, described in more detail below, although we will also rely on contractual obligations to which you are subject, legal obligations and consent for specific uses of data. Your personal data may be used for the following purposes:
-
Making a decision as to whether you are able to use our services based on your answers to the health questionnaire
-
Complying with health and safety obligations.
-
To prevent fraud.
We will use your sensitive personal information in the following ways:
-
Making a decision as to whether you are able to use our services based on your answers to the health questionnaire
With your permission and/or where permitted by law, Oak and Stone may also use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on the Company’s services. You will not be sent any unlawful marketing or spam. Oak and Stone will always work to fully protect your rights and comply with its obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
We will in some circumstances, rely on consent for particular uses of your data. Where we rely on consent, you will be asked for your express consent. As an example, if you have your personal data sent to a third country that is not on the adequacy list.
Our Legitimate Interests
Our legitimate interests in collecting and retaining your personal data is described below:
As a massage and waxing business there is a legitimate need for your sensitive information to make sure that the services that you are requestion are provided in the safest and healthiest ways possible.
If you are refused treatment because of a decision made by the business, you will be provided with a full explanation and you may also object to that decision, but please be aware that the final decision is for the business to make.
Consent
Should we want or need to rely on consent to lawfully process your data, we will request your consent by email or by an online process for the specific activity that we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.
Other Uses we will make of your data:
We will also use your data:
-
To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
-
To notify you about changes to our service;
-
To allow you to participate in interactive features of our service, when you choose to do so;
-
As part of our efforts to keep our site safe and secure;
-
To make suggestions and recommendations to you and other users of our site about services (including training) that may interest you or them.
Do you have to provide us with personal data?
You may refuse to give us your personal and sensitive personal data. Furthermore, you have the right to ask us to delete, change or stop processing your data that we have already received or collected. If you do not provide us with personal or sensitive personal data, or if you request a restriction of processing however, we may not be able to provide you with the services that you have requested and that are stated in this policy.
Disclosure of your information inside and outside of the UK and the EEA
We will not share your personal information with anyone in less it is requested and required by law.
Where we store and process your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Retention of your data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate interests and that you are happy for us to do so.
We do the following to try to ensure that the data we hold on you is accurate:
-
We keep in touch with you so you can let us know of changes to your personal data;
Your rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for marketing purposes. We will collect express consent from you, if legally required, prior to using your personal data for marketing purposes.
You can exercise the right to not have your data used for marketing purposes at any time by contacting us at info@oak-and-stone.co.uk
The UK GDPR provides you with the right to:
-
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
-
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
-
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
-
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
-
Request the transfer of your personal information to another party in certain formats, if practicable.
-
Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/.
Access to information
The Data Protection Act 2018 and the UK GDPR give you the right to access information held about you. We also encourage you to contact us to ensure your data is accurate and complete. Your right of access can be exercised in accordance with the Act and the UK GDPR.
A subject access request should be submitted to info@oak-and-stone.co.uk . No fee will apply unless the requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character. In such circumstances, we may charge a fee or refuse to act on the request.
Changes to our privacy notice
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
Contact
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to info@oak-and-stone.co.uk
