How we handle your personal data

Privacy and Cookies Policy

What this policy covers

The data controller is A Touch of Grace (referred to in this policy as “we” or “us”).

We are committed to using best practice and being open and transparent with how we collect, use and protect your personal data.

This privacy and cookie policy:

  • Provides you with details about the personal data that we collect from you when you use our website or online applications
  • Explains how and why we collect and use your personal data
  • Explains when and why we share personal data with other organisations
  • Explains how long we hold your personal information
  • Explains the rights and choices you have when it comes to your personal data

This Policy applies to you if you use our website, if you contact us or we contact you or if you use our products and services.

Our website contains links to other websites operated by other organisations.  These organisations may have their own privacy and cookie policies and we do not accept responsibility or liability for these websites or online applications.

Personal data we collect when you use our website or our services

When you use our websites you may provide us with:

  • Your personal details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title

Where this is the case, the legal basis for our processing your information is the performance of a contract with you in answering your queries, delivering the service or processing your order.

When you interact with us online or browse our website we may collect:

  • Information about your online browsing behaviour on our website and information about when you click on one of our adverts (including those shown on other organisations’ websites)
  • Information about devices you have used to access our website or services (including the make, model and operating system, IP address, browser type and mobile device identifiers)

Where this is the case, the legal basis for our processing of your information is our legitimate interest in improving our services, the performance of our website, growing our business and informing our marketing strategy.

When you contact us or we contact you or you take part in online or social media promotions, competitions, surveys or questionnaires about our services, we may collect:

  • Personal data you provide about yourself anytime you contact us about our services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media
  • Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
  • Your feedback and contributions to customer surveys and questionnaires

Where this is the case, the legal basis for processing your data is performance of a contract with you and our legitimate interest to improve our services and the performance of our website, grow our business and inform our marketing strategy.

How and why we use your personal data

To deliver our services to you

To manage any accounts you hold with us including your login details, account history or information you send to us through our website, contact forms (including enquiry forms, job opportunities, contact forms or registration forms)

To process enquiries, services, orders and refunds

We need to process your personal data so that we can manage your customer accounts, provide you with the services you require and help you with any enquiries, orders and refunds you may ask for.

To deliver and improve our website, communications, systems and processes

  • To deliver and improve our website

We use cookies and similar technologies on our websites and online applications to improve your customer experience. For more information see the cookies and similar technologies section.

  • To develop and improve our services, website and the way we communicate with you
  • To detect and prevent fraud and cyber crime

In order to provide as safe a service as possible we monitor how our websites and online applications are used to detect and prevent fraud, other crimes and the misuse of services.

To provide you with relevant marketing communications relating to our products and services.

We may send you relevant updates and offers about our products and services by email or direct mail but only if you have previously agreed to receive this type of communication from us.

Our email marketing provider (MailChimp) may transfer data outside of the EEA and when doing so they ensure that they have adequate levels of protection in place to comply with data protection requirements. MailChimp complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. We have signed up to MailChimp’s data processing agreement.

You may see online adverts in social media channels or through customised online marketing as a result of showing interest in our products and services.  See the Cookie Policy section below for more information.

  • Online advertising may be displayed on our websites and on other organisations’ websites and online media channels. We may measure how well our marketing communications perform in order to ensure we send you relevant information.
  • We will ask you to provide us with your preferences to help us send you information that relates to your interests.
  • You can update your preferences or unsubscribe from email and direct mail updates via links in emails we send you or by contacting us and requesting that your preferences are changed.

To contact and interact with you

  • To contact you about our services, by phone, email or post or by responding to social media posts that you have directed at us.
  • To manage promotions and competitions you take part in.
  • To invite you to take part in and manage customer surveys, questionnaires and other types of feedback

How do we share your data?

Sharing personal data with our suppliers

In order to deliver our services to you we work with carefully selected suppliers e.g. online marketing providers, technology and software providers and payment processors.

When we share personal data with our suppliers we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

In some instances this may include working with online marketing providers who place advertising for our services or products on social media channels and other websites and online platforms.

Sharing data with any organisations other than our suppliers 

We do not share your data with any organisations other than our suppliers unless:

  • We are legally required to do so
  • We are required to do so in order to protect ourselves against fraud
  • We sell our business or any part of our business to another company or organisation who then have the right to use your information in the same way as we have outlined in this privacy policy

How we protect your personal data

We take our responsibility for your personal information very seriously.  Below are some of the measures we take to keep your data safe:

  • We use safeguards such as data encryption when we transfer your data through our website and online applications using SSL (you see this as a padlock in your web browser and “https” in the website address).
  • We may occasionally ask for proof of identity before we share your personal data with you.
  • We require our suppliers to uphold data protection regulations and have appropriate systems and practices in place to safeguard your information.

However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

How long do we keep your personal information?

The length of time we keep your information will depend on what type of information you have provided and for what purpose.  Once your information is no longer required (see below for specific details) we will either delete or anonymise your information (remove all personal identifiable information keeping only information needed for statistical purposes).  If it is not possible to delete your data (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

Your account information:

If you have an account with us we will keep your information until you delete your account.  Any data which is required for statistical analysis and reporting will be anonymised.

Information you provide to us when you visit us for a treatment:

We are required to collect information regarding your health and any family history of certain conditions in order to ensure we are treating you safely and appropriately.  We also keep relevant health notes arising out of treating you or of carrying out a patch test. Our insurers require us to keep this information for a variety of lengths of time depending on the treatment received.  Usually this is 7 years. Once this time has passed we will delete or anonymise your data. Please contact us for further information if you have any questions or concerns regarding the way this data is stored, protected or processed.

E-commerce information:
If you have made a purchase through our website we will keep information regarding your order in line with legal requirements regarding the keeping of company records for accounting purposes. This is currently for 6 years.

Enquiries and form submissions through our website:

If you have made an enquiry, sent us your information or applied for a vacancy through our website or online application we will keep your information on our website server for up to 3 months after which it will be deleted.  Your information may be added to our CRM database but only if you give us your permission to stay in touch with you.

Cookies and similar technologies

We use cookies and similar technologies, such as tags and pixels (“Cookies”), to personalise and improve your customer experience as you use our website. This section provides more information about Cookies, including how we use them and how you can exercise your choices about our use of Cookies.

How we use Cookies

Cookies are small data files that allow a website to collect and store data on your desktop computer, laptop or mobile device.

Cookies help us to provide important features and functionality on our website and we use them to improve your experience.

If you choose to disable Cookies when using our website you may find that the site does not work as well as it is designed to for example you may see notifications multiple times.

To help our websites and online applications work well for you

Cookies allow us to remember your preferences and whether you have visited our website or seen a notification.

To improve how our Websites and online applications work

Cookies can help us identify whether our site is working as it is supposed to or if you receive an error message whilst you are using the site.

These types of cookies collect anonymous aggregated data and demonstrate how well our website is performing.  E.g. we may collect data on how long visitors stay on our website and how many pages they visit whilst browsing.

Where we have advertised on another organisations’ website you will see the AdChoices icon and you can click on this icon for guidance on how to control your online advertising preferences

Tracking the performance of our online marketing activity

These Cookies may tell us how many times you have seen an advert or visited our website before getting in contact with us and can capture information such as your IP address, your search terms and what website you came from before you visited our website.

Most of the data collected is anonymised and aggregated as statistical information about how well our advertising and website is performing.

We may also use Cookies to tell us whether or not you have opened an email we have sent you from our email marketing software.

What can you do to control or manage what Cookies are used?

You can control the cookies on your device through your browser settings choosing to accept or reject new Cookies or delete existing Cookies.  You can also manage whether or not you are notified when a website places Cookies on your device.

For more information about Cookies, how to manage them, reject them or delete them visit the All About Cookies website.

Your rights and contacting us

You have the right to contact us and request full details of the personal information we have about you.  We encourage you to keep your account information with us accurate and up to date and manage your preferences through the options provided when you are using our services.

If you believe your data is inaccurate or out of date you can contact us and request that it is updated. You can contact us and request that we restrict how we use you data or request that we delete your data. You can also contact us to object to us using your personal data.

If you would like a copy of the information we hold about you please write to:

A Touch of Grace
High Street
Moreton in Marsh
Gloucestershire
GL56 0AX

Telephone: 01608 670777
Email: reception@atouchofgrace.uk 

We will respond within 30 days.

If you wish to make a complaint about how we have handled your data you can also contact our Data Protection Officer at the address above who will investigate your complaint.

If this does not resolve your issue you can complain to the Information Commissioner’s Office (ICO).

Make an appointment

Please call 01608 670777, email reception@atouchofgrace.uk or book online