info@yorkshire-spa-retreat.co.uk

01439 413102

PRIVACY POLICY

About Us

Yorkshire Spa Retreat is the trading name of Yorkshire Spa Retreat (Helmsley) Ltd.  The company is registered in England. No. 10696077. The registered office is at Medina House, 2 Station Avenue, Bridlington, East Riding of Yorkshire, YO16 4LZ.

Yorkshire Spa Retreat are committed to protecting your personal information and being transparent about what information we hold.  In this Privacy Policy, Yorkshire Spa Retreat hereafter described as “YSR”.

Changes to this Privacy Policy

The Policy may change from time to time. For example, we have recently updated it to reflect new legal requirements of the EU General Data Protection Regulation (also known as the ‘GDPR’). Please visit this website section periodically to keep up to date with the changes in our Policy.

Our Website

Access to and use of this Website is subject to the terms and conditions set out below. By accessing and using this Website, you agree to be bound by these terms and conditions.  YSR makes no representation about any other Website that you may access through this one. YSR has no control over the content of any Website that is independent from YSR. In addition, a link to a non-YSR Website does not imply that YSR endorses or accepts any responsibility for the content or use of such a Website or link.

Copyright and Trade Marks

The site contains material that is owned or licensed by YSR and is protected by Copyright, Trademark, and other intellectual property laws. You may not modify, copy, reproduce, republish, upload, transmit, or distribute in any way any material from the site.

All rights to trademarks, service marks, copyrights, names, terms, symbols, or designs that are owned or identify and distinguish goods or services owned, used, produced or licensed by, whether registered or not, are hereby reserved. Trademarks, service marks, names, terms, symbols, or designs owned, used, produced or licensed by YSR may not be used, copied, or reproduced without the express written consent of YSR.

Location and Jurisdiction

This website is operated and controlled by YSR from the United Kingdom. YSR is a business organised and existing under the laws of England. YSR does not intend to avail itself of any of the laws, protections or benefits of any other jurisdiction.

All interactions that occur between YSR and any person accessing this website or any person communicating electronically with YSR shall be considered to occur in the United Kingdom, where this website is posted and where electronic mail is received. This agreement and the contents of this website shall be governed by and construed in accordance with the laws of England.

Website Cookies and Information Collection

By continuing to use our websites you are agreeing to us placing cookies on your computer.  If you do not wish to accept cookies in connection with your use of one of our websites, you must stop using this website.  If you wish to withdraw your consent at an earlier time that the cookie expiry settings, you will need to delete your cookies using your internet browser settings.

Information Collection

We collect information about you in the following ways:

  • Information you give us – For example, when you request information from us, make a booking enquiry or booking. When you make an enquiry or booking we’ll ask for personal information, like your name, email address and telephone number.
  • Information we get from your use of our website and services. We collect information about our online content that you use and how you use it, like when you visit our websites or view and interact with our ads and content. We, like all organisations, are able to confirm what browser you are using, IP address and computer operating systems that are being used and this information may be used to improve the services we offer.
  • Information from known third parties. We may also receive information about you from our third party partners with whom you choose to interact, for example websites such as Hoseasons. To the extent that we have not done so already, we (or they) will notify you when we receive information about you from them and tell you how and why we intend to use that information.

Wherever possible we use aggregated or anonymous information which does not identify individuals by name. See below ‘How we use your information’ to understand our purposes for processing your personal information.

What personal information do we process?

We collect, store, and use the following kinds of personal information:

  • Your name and contact details, including postal address, telephone number and email address
  • Your date of birth
  • Financial information you provide where you make a payment, such as bank details or credit/debit card details, although we don’t store credit or debit card details (see below)
  • Information about your computer/mobile device and your visits to and use of this website, including for example your IP address and geographical location
  • Information relevant to our services which you use/which we consider of interest to you or to get full value from your stay with us
  • Any other personal information you share with us as part of your enquiry to us or for the provision of our services

Do we process Sensitive Personal Information?

Certain categories of personal information are regarded by the law as more sensitive than others.

  • This is known as ‘special category’ or ‘sensitive personal data’ and covers things like information about your health, ethnic origin, religious beliefs, political opinions or any genetic or biometric data that is used to identify you.

We do not usually collect ‘sensitive personal data’ from people contacting us or customers of our services unless there is a clear reason for doing so, such as health or dietary requirements for provision of appropriate accommodation, access or additional information relevant to your stay with us.

Your debit and credit card information

If you use your credit or debit card to make a payment to us we will use a specialist payment processor. We will also ensure that card details are handled securely under Payment Card Industry (PCI) Data Security Standards. For more information about these Standards see https://www.pcisecuritystandards.org/pci_security/

If you provide your card details to make a payment by phone, only YSR staff who are authorised and trained to process payments should be able to collect or see your card details. We never store your credit or debit card details following the completion of your transaction. All card details and validation codes are securely destroyed once the payment has been processed.

How we use your information

We use your personal information for a number of purposes including the following:

  • To provide you with the services, products or information you have requested;
  • To provide information about our special offers, new developments, where you have consented to being contacted for those purposes unless YSR is in a position to rely on the Legitimate Interest basis.
  • To deliver products or services to you during your stay or visit with us
  • For administration purposes (for example we may contact you regarding a booking you have made or an enquiry you have submitted to us);
  • For internal management, such as record keeping of enquiries, feedback or complaints;
  • To invite you to provide feedback on our services;
  • Where collecting and holding your information is required or authorised by law;
  • We may use your personal information for the purposes of credit risk reduction or fraud prevention (using external specialist services to help us); and
  • Other specific purposes that you may agree to from time to time.

The law requires us to set out the lawful grounds on which we collect and process your personal information as described in this Policy. Depending on the purposes for which we use your data, one or more of the grounds listed below may be relevant:

Legitimate Interest:

In certain instances, we collect and use your personal information by relying on the legitimate interest legal basis. In broad terms, our “legitimate interests” means our interest in being able to run our business successfully in the provision of its intended services to you. This includes communications to:

  • individuals currently experiencing the holiday services being provided by YSR
  • individuals who have contacted the Ownership team requesting communications regarding a potential ‘Owner Programs’ purchase from YSR.
  • owners in contract with YSR
  • customer satisfaction, survey and ‘thank you’ communications regarding a stay or service
  • staff and potential employees
  • The use of CCTV recording equipment in and around our premises for monitoring and security purposes

If we rely on the “legitimate interests” basis to use your personal information, we will only use the information in accordance with the purposes described in this Policy.

When we legitimately process your personal information in this way, we also consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where collection and use of your information would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law)

Consent:

In many instances, we will rely on obtaining your consent to our use of your personal information in a certain way (for example, asking for your consent to use your personal information to send you marketing information such as special offers)

Legal Obligation:

We may need to collect, process and disclose personal information to comply with a legal obligation. For example, where we are ordered by a court or regulatory authority or we are legally required to hold transaction details for accounting/tax/fraud prevention purposes.

Performance of a contract:

For example if you place a deposit, make a booking or complete a purchase with us for a single item or ongoing service, such that we need to be able to process your information for the purpose of meeting our contractual obligations.

Your rights

You have the following legal rights in relation to our collection and processing of your personal information:

  • Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on this website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
  • Right of access (Subject Access Request) – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information (and other related information). Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exceptions that apply.
  • Right of erasure (Erasure Request or Request To Be Forgotten) – at your request we will delete your personal information from our records as far as we don’t have an overriding legitimate reason for holding on to it (e.g. to comply with a legal obligation).
  • Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask us to update those records. You can also ask us to check the personal information that we hold about you if you are unsure whether it is up to date or not.
  • Right to restrict processing – you have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or whether our use is legitimate or not.
  • Right to object – you have the right to object to processing where we are: (i) processing your personal information on the basis of the legitimate interests ground (see ‘Legal basis for processing’ above) and we have no compelling reason we can demonstrate to continue with that processing; (ii) using your personal information for direct marketing, or; (iii) using your personal information for statistical purposes.

Please note that we must be sure that we are acting in response to a genuine request from you and without proper identification we could delete or release your important personal information.  As a result, we require you to prove your identity with a copy of two pieces of approved identification, when submitting a request or objection to the address in Contact Us below.  The record of this approved identification will be destroyed as soon as it has served its purpose in confirming your identity.

It is always your choice as to whether you want to receive information about our services. If you do not want us to continue to contact you, you have the right to object or change your mind at any time.

You may opt-out of our marketing communications at any time by clicking the ‘unsubscribe’ link in at the end of our marketing emails.

You can also change or edit any of your contact preferences at any time (including telling us that you don’t want us to contact you for marketing purposes by telephone, or by post) by contacting us at info@yorkshire-spa-retreat.co.uk or you can write to: Reception Team, Yorkshire Spa Retreat, Gale Lane, Nawton, York, YO62 7SD.

If you have indicated that you do not wish to be contacted by us for marketing purposes, we will retain your details on a ‘suppression’ list to help ensure that we do not contact you accidentally. However, we may still need to contact you if you carry on dealing with us, including (but not limited to):

  • Processing a booking or enquiry with us;
  • Providing you with information you need in order to complete a booking or conclude an enquiry placed with us;
  • Explaining and apologising where we have made a mistake; and
  • Dealing with future legal claims in connection with a contract we have with you

To exercise any of the rights above, please send a description of the personal information in question to the Data Protection address shown in the Contact Us section below with two forms of identification as stated above.

For more information about your rights or if you are not happy with our response to your request, you can contact the Information Commissioner’s Office (ICO) – for more details, see https://ico.org.uk/

Recipients – Information and disclosure

We do not share, sell or rent your information to third parties for marketing purposes. However, we may disclose your personal information in the following circumstances:

  • To other YSR entities, trading subsidiaries, suppliers or service providers to provide the products or services you’ve requested from us. For example, where, we use a separate company to deliver goods or services to you as part of your agreed contract or purchase with us.
  • To third parties who support our operations and services under our instructions and within the boundaries of this policy. The legal phrase used to describe these types of third parties is ‘data processor’. These third parties include trusted partners for marketing or service deliver purposes e.g website hosting companies. We require these third parties to act lawfully in accordance with our instructions and ensure that appropriate controls are in place to keep your information secure. We regularly monitor the activities of these companies and partners to ensure they are complying with YSR’s high standards of care and data protection.
    Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example, where ordered by government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to lawful operation of our website or enforcing applicable terms and conditions) or to protect
  • YSR ,for example in cases of suspected fraud or defamation.
     

Email Mailing List & Marketing Messages

We operate an email mailing list via Mailchimp, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe via online channels, or by calls with our reception team, where in all cases they have given their permission. Subscriber personal details are collected, processed, managed, and stored in accordance with the regulations named in ‘The policy’ above.

Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages (or unsubscribe from all Mailchimp lists). The type and content of marketing messages subscribers receive, and if it may contain third-party content, is clearly outlined at the point of subscription. Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics, and already stored subscriber data. Our EMS (email marketing service) provider is; MailChimp and you can read their privacy policy here

External Website Links

Although we only look to include quality, safe, and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. Shortened URL’s; URL shortening is a technique used on the web to shorten URL’s (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to those found on http://bit.ly. Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding. We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Policy & Usage

We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media. There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.

Inappropriate website content

If you post or send any content that we believe to be inappropriate, offensive, or in breach of any laws, such as defamatory, abusive, or hateful content on our social media pages or any other channels, if necessary, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.

Keeping your personal information

We keep your personal information only for as long as we need to use it for the purposes set out in this Policy.

We have adopted a data retention policy that sets out the different periods we retain personal information for in respect of these relevant purposes. The criteria we use for determining these retention periods is based on various legal requirements; the purpose for which we hold data and whether there is a legitimate reason for continuing to store it (such as in order to deal with any future legal disputes or record of our transactions); and guidance issued by relevant regulatory authorities including, but not limited to, the Information Commissioner’s Office (ICO).

Google reCAPTCHA

reCAPTCHA protects us against spam and other types of automated abuse via our contact forms. Please visit Google's Privacy Policy and Terms of Service documents online for further information

Contact Us

If you would like to receive further information about this Policy or any of our safeguards, please contact us at info@yorkshire-spa-retreat.co.uk or you can write to: Reception Team, Yorkshire Spa Retreat, Gale Lane, Nawton, York, YO62 7SD.

Your Rights

As a data subject, you have the following rights under the Data Protection Laws:

  • Right to object to processing of your personal data;
  • Right of access to personal data relating to you;
  • Right to correct any mistakes in your information;
  • Right to prevent your personal data being processed;
  • Right to have your personal data ported to another controller; and
  • Right to erasure.
  • Some of these rights are qualified and do not apply in certain circumstances.
  • Rights in relation to automated decision making do not apply as we do not carry out any automated decision making.
    To exercise your rights, contact us using the email address info@yorkshire-spa-retreat.co.uk

If you do not think that we have processed your data in accordance with this notice, you should let us know as soon as possible. You can also complain to the ICO, the UK data protection regulator. Information about how to do this is available on its website www.ico.org.uk.


Stay in touch

We’d love to keep you updated on our exciting plans including new menus, spa experiences, holiday stays, and lodge ownership at our retreat.

Sign up for our newsletter and we’ll keep you in the loop.

Find us at Yorkshire Spa Retreat, Gale Lane, Nawton, York, YO62 7SD

Call us on 01439 413102.

Luxury in York Limited. We are registered in England and Wales.
Company Number: 10696077. VAT Number: 334607411.

Privacy Policy

Terms & Conditions

awards
5-star-duo