We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 22/05/2018.

Cookies
A cookie is a small text file that may be stored on the hard drive of your computer when you access our Site. A "session cookie" expires immediately when you end your session (i.e. close your browser). A "persistent cookie" stores information on the hard drive so when you end your session and return to the same website at a later date, the cookie information is still available. When you visit our website, we may use both a session and a persistent cookie. These cookies may contain information (such as a unique user ID) that is used to track your usage of our website. 

If you register with us, this cookie allows us to recognize you when you return to our website and provides you with access to your account information. If you save your information with or order from us, we may also use cookies to monitor and maintain information about your use of our website. 

If you have not saved your information with or ordered from us, we may monitor and maintain information about your use of our website in a manner that does not identify you. We may use cookies to collect the non-personal information described above in order to 1) provide you with customized content and advertising; 2) monitor Site usage; and 3) conduct research to improve our content and services. You are free to decline cookies, but by doing so, you may not be able to use certain features on the Site or take full advantage of all our offerings. Check the “Help” menu of your browser to learn how to change your cookie preferences.  

Web Beacons

Our website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs).  This allows us to capture certain additional types of information about a visitor's actions on a web site and help us analyse our customers' online behaviour and measure the effectiveness of our website and our advertising.

We and our service providers use cookies, log files, tags, and other tracking technologies on our website to collect and analyse certain kinds of technical information, including:

• IP addresses;
• the type of computer or mobile device you are using;
• your operating system version;
• your mobile device’s identifiers, like your MAC Address, Identifier For Advertising (IDFA), and/or International Mobile Equipment Identity (IMEI);
• your browser type;
• your browser language;
• referring and exit pages, and URLs;
• platform type;
• the number of clicks on a page or feature
• ;domain names;
• landing pages;
• pages viewed and the order of those pages;
• the amount of time spent on particular pages;

And if you have an online account with us we collect; your name, billing / delivery address, email, telephone number, history of orders, wish lists, your current basket. For your security, we’ll also keep an encrypted record of your login password.

• Details of your interactions with us through our Customer Service team.
• Any comments and / or product reviews.
• Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
• If you visit our Head Office then your image may be recorded on CCTV.

When you visit our website and consent to using cookies.

When you make an online purchase and check out as a guest.

When you create an account with us.

When you engage with us on social media.

When you contact our Customer Service team with queries, complaints etc.

When you enter prize draws or competitions with us, or a partner of ours.

When you choose to complete any surveys we send you.

When you’ve given a third party permission to share with us the information they hold about you.

When you visit our head office which has CCTV systems which may record your image.

The GDPR (General Data Protection Regulation) sets out a number of different reasons for which a company may collect and process your personal data, including:

Consent

In specific situations, we can collect and process your data with your consent. For example, when you sign up to receive email newsletters.

Contractual obligations

In certain circumstances, we need your personal data to meet our contractual obligations.

For example: We collect your address details to deliver your purchase, and pass them to our trusted courier partners.

Legitimate interest

In certain situations, we require your personal data to pursue our legitimate interests but only in a way which might be reasonably be expected as part of running our business and which does not materially impact your rights as specified under GDPR.  Our legitimate interests include:

- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services (direct marketing);
- sending promotional communications which are relevant and tailored to individual customers;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- protecting Temple Spa, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Temple Spa;
- effectively handling any legal claims or regulatory enforcement actions taken against Temple Spa; and
- fulfilling our duties to our customers, staff, shareholders and other stakeholders.

Legal compliance

If the law requires us to, we may need to collect and process your data. 

For example:  We may need to pass on details of people involved in fraudulent or other criminal activities to law enforcement agencies.

To process any orders that you make by using our website, it is a contractual necessity to collect your personal data during checkout, otherwise we wouldn’t be able to process your order and comply with our legal obligations.

We will keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, warrantees, etc. and to comply with HMRC record keeping requirements.

We want to give you the best possible customer experience. One way to achieve that is to get the fullest picture we can of who you are by combining the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you. The GDPR allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.

To respond to your queries, refund requests and complaints, we may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.

To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.

To protect our, premises, assets and employees from crime, we operate CCTV systems at our Head office. We do this on the basis of our legitimate business interests.

To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.

With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email and web about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. You are free to opt out of hearing from us by any of these channels at any time by clicking unsubscribe in an email or requesting to be removed by contacting us on customerservice@templespa.com.

To send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time by contacting us on customerservice@templespa.com or opting out of all direct mail from all companies, please visit https://www.mpsonline.org.uk.

To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.

To comply with our contractual or legal obligations to share data with law enforcement and other governmental bodies.

To send you survey and feedback requests to help improve our services. These messages do not require prior consent when sent by email. We have a legitimate interest to do so as this helps make our products or services more relevant to you.

We work with Epsilon Abacus (registered as Epsilon International UK Ltd) a company that manages the Abacus Alliance on behalf of numerous top brand UK retailers. The participating retailers share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, we can tailor communications, sending people suitable offers that should be of interest to them, based on what they like to buy.  Your data is not shared with the other retailers in the scheme unless we obtain your consent.

We may display interest-based ads to you when you are using Facebook through tools offered by Facebook based on cookies and other tracking technologies. This tool allows us to personalise our ads based on your shopping experience with us. We do not share any of your personal information, including your shopping history, with Facebook. If you would like to opt out of re-targeted Facebook ads click here http://www.aboutads.info/choices/

We may display interest-based ads to you when you are using Google and other websites signed up to Google’s Ad programmes based on cookies and other tracking technologies. We do not share any of your personal information with Google.  If you would like to opt out of re-targeted Google Ads click here http://www.aboutads.info/choices/

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it including;

• Physical security for all servers
  State of the art web based anti-virus,
  Primary physical and secondary virtual firewalls,
  Email firewalls & spam filters
  Internet browsing  protection via the renowned Cisco Umbrella service
  Intrusion detection systems
  Web Application Firewalls (WAFs)
  Anti DDoS (Distributed Denial of Service) protection

We secure access to all transactional areas of our websites and apps using ‘https’ technology.

Access to your personal data is password-protected and restricted to authorised personnel only. Any sensitive data such as payment card information is tokenised to ensure it is protected.

We regularly monitor our system for possible vulnerabilities and attacks.

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary and for the purpose for which it was collected, after which it is deleted or anonymised.  We may need to keep your data for a certain length of time due to HRMC and other regulatory requirements.

We only share your personal data with trusted service providers (e.g. delivery couriers) and data processors that are GDPR compliant.  We provide only the information they need to perform their specific services.  They may only use your data for the exact purposes we specify in our contract with them.

If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of the kind of trusted service providers we work with are:

IT companies who support our website and other business systems.

Operational companies such as delivery couriers.

Direct marketing companies who help us manage our electronic communications with you.

Google / Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites.

Data insight companies to ensure your details are up to date and accurate. 

With your consent, we may pass that data to a third party for their direct marketing purposes.

We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.

To help personalise your journey through our websites we currently use the following companies, who will process your personal data as part of their contracts with us.

• Google
  Bing
  Yahoo
  AWIN (Affiliate Window)
  Pinterest
  Facebook
  Twitter
  Instagram
  YouTube
  Formstack

To provide some of our services we may transfer your personal to trusted data processors in countries that are outside the EEA (the EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway and are subject to the GDPR).  If we do so, then we always do so in compliance with GDPR (e.g. any US partners we use are part of US Privacy Shield) so your data is as safe as it is within the EEA.

The GDPR has introduced a number of rights you can exercise with respect to your data. You have the right to request:

• Access to the personal data we hold about you, at no cost.
  The correction of your personal data when incorrect, out of date or incomplete.
  That we stop any consent-based processing of your personal data after you withdraw that consent.
  That any automated decision we make may be reviewed by a member of staff.
  If we choose not to action your request we will explain to you the reasons for our refusal.
  Your right to withdraw consent
  In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

There are several ways you can stop direct marketing communications from us:

By click the ‘unsubscribe’ link in any email communication that we send you or by emailing us on customerservice@templespa.com.

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.

Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can't be responsible for the content of external websites)

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.