We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last updated 11/02/2020.
A cookie is a small text file that may be stored on the hard drive of your computer when you access our Site. A "session cookie" expires immediately when you end your session (i.e. close your browser). A "persistent cookie" stores information on the hard drive so when you end your session and return to the same website at a later date, the cookie information is still available. When you visit our website, we may use both a session and a persistent cookie. These cookies may contain information (such as a unique user ID) that is used to track your usage of our website.
Our website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs). This allows us to capture certain additional types of information about a visitor's interactions with a web site or email and help us analyse our customers' online behaviour and measure the effectiveness of our website, email campaigns and advertising.
What sort of personal data do we collect?
the type of computer or mobile device you are using;
your operating system version;
your mobile device’s identifiers, like your MAC Address, Identifier For Advertising (IDFA), and/or International Mobile Equipment Identity (IMEI);
your browser type;
your browser language;
your device's geo-location information;
referring and exit pages, and URLs;
the number of clicks on a page or feature;
pages viewed and the order of those pages;
the amount of time spent on particular pages; and
If you have an online account with us we collect; your name, billing / delivery address, email, telephone number, history of orders, wish lists, your current basket. For your security, we’ll also keep an encrypted record of your login password.
Details of your interactions with us through our Customer Service team.
Any comments and / or product reviews.
Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
If you visit our Head Office then your image may be recorded on CCTV.
When do we collect your personal data?
When you visit our website and consent to using cookies.
When you make an online purchase and check out as a guest.
When you create an account with us.
When you open an email or click on a link within an email
When you engage with us on social media.
When you contact our Customer Service team with queries, complaints etc.
When you enter prize draws or competitions with us, or a partner of ours.
When you choose to complete any surveys we send you.
When you’ve given a third party permission to share with us the information they hold about you.
When you visit our head office which has CCTV systems which may record your image.
How we use your data
The GDPR (General Data Protection Regulation) sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you sign up to receive email newsletters.
In certain circumstances, we need your personal data to meet our contractual obligations.
For example: We collect your address details to deliver your purchase, and pass them to our trusted courier partners.
In certain situations, we require your personal data to pursue our legitimate interests but only in a way which might be reasonably be expected as part of running our business and which does not materially impact your rights as specified under GDPR. Our legitimate interests include:
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services (direct marketing);
- sending promotional communications which are relevant and tailored to individual customers;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- protecting Temple Spa, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Temple Spa;
- effectively handling any legal claims or regulatory enforcement actions taken against Temple Spa; and
- fulfilling our duties to our customers, staff, shareholders and other stakeholders.
If the law requires us to, we may need to collect and process your data.
For example: We may need to pass on details of people involved in fraudulent or other criminal activities to law enforcement agencies.
How and why do we use your personal data?
To process any orders that you make by using our website, it is a contractual necessity to collect your personal data during checkout, otherwise we wouldn’t be able to process your order and comply with our legal obligations.
We will keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, warrantees, etc. and to comply with HMRC record keeping requirements.
We want to give you the best possible customer experience. One way to achieve that is to get the fullest picture we can of who you are by combining the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you. The GDPR allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
To respond to your queries, refund requests and complaints, we may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
To protect our, premises, assets and employees from crime, we operate CCTV systems at our Head office. We do this on the basis of our legitimate business interests.
To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email and web about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. You are free to opt out of hearing from us by any of these channels at any time by clicking unsubscribe in an email or requesting to be removed by contacting us on firstname.lastname@example.org.
To send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time by contacting us on email@example.com or opting out of all direct mail from all companies, please visit https://www.mpsonline.org.uk.
To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
To comply with our contractual or legal obligations to share data with law enforcement and other governmental bodies.
To send you survey and feedback requests to help improve our services. These messages do not require prior consent when sent by email. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
We work with Epsilon Abacus (registered as Epsilon International UK Ltd) a company that manages the Abacus Alliance on behalf of numerous top brand UK retailers. The participating retailers share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, we can tailor communications, sending people suitable offers that should be of interest to them, based on what they like to buy. Your data is not shared with the other retailers in the scheme unless we obtain your consent.
We may display interest-based ads to you when you are using Facebook through tools offered by Facebook based on cookies and other tracking technologies. This tool allows us to personalise our ads based on your shopping experience with us. We do not share any of your personal information, including your shopping history, with Facebook. If you would like to opt out of re-targeted Facebook ads click here http://www.aboutads.info/choices/
We may display interest-based ads to you when you are using Google and other websites signed up to Google’s Ad programmes based on cookies and other tracking technologies. We do not share any of your personal information with Google. If you would like to opt out of re-targeted Google Ads click here http://www.aboutads.info/choices/
How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it including;
Physical security for all servers
State of the art web based anti-virus,
Primary physical and secondary virtual firewalls,
Email firewalls & spam filters
Internet browsing protection via the renowned Cisco Umbrella service
Intrusion detection systems
Web Application Firewalls (WAFs)
Anti DDoS (Distributed Denial of Service) protection
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected and restricted to authorised personnel only. Any sensitive data such as payment card information is tokenised to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary and for the purpose for which it was collected, after which it is deleted or anonymised. We may need to keep your data for a certain length of time due to HRMC and other regulatory requirements.
Who do we share your personal data with?
We only share your personal data with trusted service providers (e.g. delivery couriers) and data processors that are GDPR compliant. We provide only the information they need to perform their specific services. They may only use your data for the exact purposes we specify in our contract with them.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of trusted service providers we work with are:
IT companies who support our website and other business systems.
Operational companies such as delivery couriers.
Direct marketing companies who help us manage our electronic communications with you.
Google / Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.
Data insight companies to ensure your details are up to date and accurate.
With your consent, we may pass that data to a third party for their direct marketing purposes.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
To help personalise your journey through our websites we currently use the following companies, who will process your personal data as part of their contracts with us.
AWIN (Affiliate Window)
Where your personal data may be processed
To provide some of our services we may transfer your personal to trusted data processors in countries that are outside the EEA (the EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway and are subject to the GDPR). If we do so, then we always do so in compliance with GDPR (e.g. any US partners we use are part of US Privacy Shield) so your data is as safe as it is within the EEA.
What are your rights over your personal data?
The GDPR has introduced a number of rights you can exercise with respect to your data. You have the right to request:
Access to the personal data we hold about you, at no cost.
The correction of your personal data when incorrect, out of date or incomplete.
That we stop using your personal data for direct marketing (either through specific channels, or all channels).
That we stop any consent-based processing of your personal data after you withdraw that consent.
That any automated decision we make may be reviewed by a member of staff.
The erasure of any personal data we hold about you.
If we choose not to action your request we will explain to you the reasons for our refusal.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
How can you withdraw the consent of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
By click the ‘unsubscribe’ link in any email communication that we send you or by emailing us on firstname.lastname@example.org.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can't be responsible for the content of external websites)
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.