This Privacy Policy explains how Private Wellness collects, uses, stores, and protects your personal information when you visit our website (privatewellness.uk), make a booking, or contact us. We are committed to protecting your privacy and handling your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Private Wellness Ltd is the “data controller” responsible for your personal information. This means we decide how and why your data is collected and used.

  • Company Name: Private Wellness Ltd
  • Registered Address: 378 Stratford Road, Shirley, Solihull, England, B90 4AQ
  • Email: contact@privatewellness.uk
  • Phone: 07777900004

2. Information we collect

Information you give us:

  • Your name, email address, and phone number.
  • Booking details (date, time, package, add-ons, and number of guests).
  • Health or accessibility information: any medical, pregnancy, or safety-related notes you choose to share with us prior to your visit to ensure you can safely use our facilities.
  • Billing details and payment information (handled securely by our third-party payment provider).
  • Any messages, feedback, or enquiries you send us via email or contact forms.
  • Your marketing and communication preferences.

Information we collect automatically:

  • Your IP address, browser type, operating system, and device information.
  • The pages you view, how long you stay, and how you navigate our website.
  • Information collected through cookies and similar tracking technologies.
  • Video footage captured by CCTV cameras located at our reception area and at the entrance to our main premises, used for safety and security purposes.

Information from third parties:

  • Our secure payment processors, such as Stripe.
  • Our digital booking and website platforms.
  • Analytics and website performance tools, such as Google Analytics.

3. How we use your information

We use your personal information to:

  • Process and manage your bookings and provide our exclusive wellness services.
  • Securely process your booking payments.
  • Send booking confirmations, reminders, and essential updates about your upcoming visit.
  • Respond to your customer support enquiries and messages.
  • Send you marketing emails or texts about our offers and services, but only where you have explicitly agreed to receive them.
  • Maintain accurate business records, protect our premises, and prevent fraud.
  • Meet our legal, tax, and regulatory obligations.

4. Our legal bases for using your information

Under UK GDPR, we rely on the following lawful bases to process your information:

  • Contract: To fulfil the bookings and services you explicitly request and pay for.
  • Legitimate Interests: To effectively run, improve, and secure our business and website, and to use strictly necessary cookies that allow our booking system to function.
  • Consent: For marketing communications (such as newsletters) and the use of non-essential cookies (such as analytics or tracking tools) via our cookie consent banner. You can withdraw your consent or change your cookie preferences at any time.
  • Legal Obligation: To maintain basic financial and business transaction records required by UK law.
  • Explicit Consent (Special Category Data): If you choose to share health or pregnancy information with us, we process it solely to ensure your physical safety during your session.

5. Marketing

If you opt in to receive marketing, we may contact you via email or text with updates and exclusive offers. You can opt out at any time by clicking the “unsubscribe” link in our messages or by emailing us directly. We will update your preferences immediately.

6. Cookies

Our website uses cookies to function properly, remember your preferences, and analyse site traffic. You can manage, restrict, or block cookies through your individual browser settings or via the cookie banner on our website.

7. Sharing your information

We never sell your personal data. We only share necessary information with trusted service providers who help us operate our business, including:

  • Our payment gateway providers.
  • Our website hosting and booking system providers.
  • Our email and marketing automation platforms (only if you are opted in).
  • Professional advisers, law enforcement, or regulatory authorities if legally required to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with UK data protection law.

8. International transfers

Some of our external service providers are based outside the UK and European Economic Area (EEA). Whenever your data is transferred internationally, we ensure it receives an equivalent level of protection by verifying that standard contractual clauses or recognised data bridges are firmly in place.

9. How long we keep your information

We only retain your data for as long as required to fulfil the purposes outlined in this policy:

  • Booking and financial records: retained for 7 years to comply with UK tax law (HMRC).
  • Enquiry messages: kept for 12 months to assist with any follow-up questions.
  • Marketing data: retained until you withdraw your consent or unsubscribe.
  • CCTV footage: automatically overwritten every 30 days unless required for an ongoing security investigation.

10. How we protect your information

We use robust technical and organisational security measures, including SSL encryption on our website, to safeguard your data against unauthorised access, loss, alteration, or misuse.

11. Your rights

Under the UK GDPR, you hold the following rights regarding your data:

  • The right to access a copy of the personal data we hold about you.
  • The right to correct inaccurate or incomplete information.
  • The right to request the deletion of your data (the “right to be forgotten”).
  • The right to restrict or object to how we process your information.
  • The right to data portability (requesting your data in a clean digital format).
  • The right to withdraw your consent at any time.

To exercise any of these rights, please email us at contact@privatewellness.uk. We will respond within the statutory one-month timeframe.

12. Complaints

If you have any concerns or questions about how we handle your personal information, please contact us directly so we can put things right. We take every concern seriously and will always do our best to resolve it quickly for you.

You also have the right to raise a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator, at ico.org.uk, though we would always appreciate the chance to resolve your concern first.

13. Children

Our website and services are intended for an adult audience, and all visitors and guests must be at least 16 years of age. We do not knowingly collect personal information from individuals under the age of 16 online.

14. Changes to this policy

We may update this Privacy Policy occasionally to reflect operational, legal, or regulatory changes. The most current version will always be live on privatewellness.uk.

15. Contact

For any questions regarding this policy or your data privacy, please contact us at contact@privatewellness.uk or call 07777900004.