Privacy Policy – Tonic Day Spa

Tonic Day Spa Ltd has the facility to capture your data (name and email address) through our data capture form on our website. This is at the discretion of the website visitor to subscribe to our marketing communications.
Your data is never sold to any third party companies.
Data captured on the website is stored within our Mailchimp account which is stored on a secure server held within the EU.

The policy: This privacy policy notice is for this website; www.tonicdayspa.co.uk and served by Tonic Day Spa, 111 Hednesford Road, Heath Hayes, WS12 3HL and governs the privacy of those who use it. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website.
Policy key definitions:
• “I”, “our”, “us”, or “we” refer to the business, Tonic Day Spa.
• “you”, “the user” refer to the person(s) using this website.
• GDPR means General Data Protection Regulation.
• ICO means Information Commissioner’s Office.

Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
• Lawful basis: Consent
The reason we use this basis: We use your consent if you haven’t transacted with our business before, therefore having no previous legitimate interest. Therefore, we will ask you to opt in to our communications to give us your consent before sending you any communications.
We process your information in the following ways: We hold your data on our internal customer database system which is a secure system with password access. All live data and backups are stored within a secure server held within the UK.
Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Sharing your information: We do share your personal information (name and email address) with third parties who we have agreements in place with to process our data on our behalf for marketing campaigns. All data is shared securely via an encrypted web method.
These include:
o TAO Business Services
________________________________________
• Lawful basis: Legitimate interests
The reason we use this basis: We can see on our records that you have been a valued customer of our business within the last year – Thank you!
We process your information in the following ways: We hold your data on our internal customer database system which is a secure system with password access. All live data and backups are stored within a secure server held within the UK.
Data retention period: 6 years to comply with our insurance policy. However if you do not transact with our salon, then we will remove you from our marketing list after 2 years.
Sharing your information: We do share your personal information (name and email address) with third parties who we have agreements in place with to process our data on our behalf for marketing campaigns. All data is shared securely via an encrypted web method.
These include:
o TAO Business Solutions
________________________________________
Your individual rights
Under the GDPR your rights are as follows:
• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.

Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement. All data is stored within a secure server held within the UK
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal date” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with GDPR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.
Our EMS provider is Mailchimp. We hold the following information about you within our EMS system;
• Email address
• I.P address
• Subscription time & date
• Name
The processing of your data is instructed by us and then performed by our approved third party, TAO Business Solutions. They are responsible for the creation of our email marketing messages and sending them to our customers.

Data Stored within the Salon
We hold all customer data on our Premier salon software which is stored securely on their cloud server based in the UK.
Your data is never sold to any third party companies.

Your right to Opt Out
You have a right to opt out of our marketing communications. You can do so by clicking the unsubscribe link in our marketing emails or you can email enquiries@tonicdayspa.co.uk with your request. Please let us know if you are still happy to receive appointment update communications if it’s just the marketing communications you don’t wish to receive.