Privacy Notice

Privacy Notice

This privacy notice covers the website for our UK operation, beaire.com/en/aire-ancient-baths-london. We describe here the data we collect from you when you use our site.

These are our reasons for collecting it, what we do with it and what your rights are.

Who are we?

We are the Aire Ancient Baths London Ltd., company registration number 10612826, registered office 2-3 Robert Street, London, WC2N 6BH.  Our registered office is also the location of our UK premises.  Our contact details for general enquiries are:

  • Telephone       -           02080 775356
  • Email              -           booking.london@beaire.com

We are the data controller for the processing described in this privacy notice, and we are registered as a data controller with the Information Commissioner’s Office (ICO) registration number ZB152352.

We have appointed a Data Protection Officer (DPO) who can be contacted via the above address or directly as follows:

  • Telephone       -           07860 692645
  • Email              -           paul@gdprassist.co.uk

Purpose of processing

We process your personal data for a variety of purposes as set out in the table below, which also shows our lawful basis under UK data protection legislation (UK GDPR) for doing so.

Purpose

Lawful Basis under UK GDPR

Managing your bookings and orders via our website

Performance of a contract with you (if you are booking on behalf of a company then our lawful basis will be that it is in our legitimate interest to manage your corporate booking)

Managing your website opt-in to marketing messages

Your consent

Processing gift voucher orders where you are the recipient of the voucher

Our legitimate interests in providing booking information to you and managing your visit

Managing your opt-in for our newsletter subscription

Your consent

Managing online chat

Our legitimate interests in enabling the online chat function

Direct marketing

Your Consent (where you opt-in to direct marketing activity) or Legitimate Interests where no opt-in is required.

Where we are relying on your consent you are free to withdraw that consent at any time, and where we are relying on our legitimate interests you are free to object to that at any time.  In the case of direct marketing activity we will ensure that we cease to market our services to you should you withdraw your consent or object to our legitimate interests.

Data we collect

The table below gives information on the categories of personal data we process for each of the purposes shown above.

Purpose

Categories of Data Processed

Managing your bookings and orders via our website

Contact details, payment details, services selected, booking details, confirmation you have read this privacy notice, confirmation you accept our terms and conditions

Managing your website opt-in to marketing messages

Contact details, your record of consent (opting in to receive messaging)

Processing gift voucher orders where you are the recipient of the voucher

Contact details, services selected and booking details

Managing your opt-in for our newsletter subscription

Contact details, your record of consent (opting-in to our newsletter subscription), confirmation you have read this privacy notice, confirmation you accept our terms and conditions

Managing online chat

Contact details, online identifiers

Direct marketing

Contact details, marketing preferences, analytics

Special category data

There are additional rules we must follow if we collect certain types of more sensitive data, known as Special Category Data.  These include details of your ethnicity, beliefs, health and sexuality. 

To help protect your health and safety we do collect some health related information when you are booking a service which may not be suitable for some people with pre-existing health conditions or known allergies.  This may mean that we cannot always accept a booking, or that we can better adjust the nature of the service to better suit your needs and safeguard your health.

When we collect this information we do so with your explicit consent.

How long do we keep your data for?

Where we are relying on your consent or our legitimate interests to process your data then we will keep your personal data until you withdraw your consent for us to use it, or object to our legitimate interests and we agree with your objection.

We will retain your personal data by default for the following periods:

Purpose

Retention Period

Managing your bookings and orders via our website

7 years

Managing your website opt-in to marketing messages

7 years

Processing gift voucher orders where you are the recipient of the voucher

7 years

Managing your opt-in for our newsletter subscription

7 years

Managing online chat

7 years

Direct marketing

7 years

Do we ever share personal data?

We will share your data if we receive a legitimate request from a law enforcement agency. 

When you submit your personal data online your data is held by our partner who hosts our website.

If you consent to the use of optional cookies from our website we will share data with those cookie providers (see below).

If we are communicating with you via email or social media channels we will be sharing your personal data with those email and social media providers.

We also utilise external suppliers to provide a number of business support services. We always ensure that we have appropriate contracts in place to protect your rights when personal data are processed on our behalf by these third parties.

We will also share some information with our Spanish parent company where they are supporting our business operations.

How do we keep your data secure?

We take sensible steps to keep your data secure and ensure we can uphold your rights and meet our obligations under UK GDPR:

  • All data sent between your browser and our website is encrypted in transit, and the data are encrypted at rest on our website servers,
  • Access to personal data is role based:  only those members of staff with a legitimate need will have access,
  • Systems are password protected and multi-factor authentication is enabled where available,
  • We maintain appropriate records of processing activities which record any data processors we use and we ensure that appropriate contracts are in place to protect your rights, that the processors take appropriate security measures to safeguard your data, and that any international transfers are done correctly under UK GDPR,
  • Our employees are all subject to an obligation of confidentiality, and receive training on data protection matters,
  • We utilise appropriate technical and organisational measures to optimise the security of your personal data.

Your Rights

You have a number of rights relating to the processing of your data, if you would like to use them or have any questions then please contact us.

We won’t charge you for doing any of the following, however we may make a charge in the case of frequent repeat or unfounded requests:

  • Awareness:  You have the right to be fully informed about why and how we process your information.  This privacy notice is intended to meet that requirement, but please do contact us if you have any questions,
  • Access:  You have the right to a copy of the data we hold about you
  • Rectification:  If you think some of the data we hold is wrong then you have the right to ask us to correct it,
  • Erasure:  You have the right to ask us to delete the data we hold about you.  Where we are holding the data to fulfil a contract with you or your organisation then we will need to retain the data in accordance with the data retention requirements shown above,
  • Restriction:  You have the right to ask us to restrict the processing of personal data whilst we check its accuracy, if you think the processing is unlawful, if you believe we no longer need to process the data but you need us to store it due to pending legal claims, or when you object to our processing based upon our legitimate interests and we are assessing the validity of that,
  • Object:  Where we are processing your personal data based upon our legitimate interests you have the right to object to that.  If your objection is valid (for instance in the case of any direct marketing activity) then we will stop processing your personal data for that purpose,
  • Data portability:  You can request a copy of your data in a digital format which you can then supply to another provider when we ae processing your personal data under the lawful basis of performing a contract with you or because we have your consent,
  • Automated decisions and profiling:  You have the right, in certain circumstances, not to be subject to decisions based on automated processing (including profiling) if it has a significant or legal impact on you.  This doesn’t apply if the processing is necessary to fulfil a contract with you, or if you have given us your consent to do so.  We do not currently use any technology to make automated decisions about you.

Cookies – How do we use cookies on our website

We utilise cookies on our website.  Some are required for our site to work, these are known as essential cookies, and we also use others for analytics and marketing purposes.

We will ask for your consent to use any cookies which aren’t essential.

These are the optional cookies we use:

Cookies

Third Party

Type

Google Tag Manager

Google

Marketing and Analytics

Google

Google

Marketing and Analytics

Google Analytics

Google

Analytics

LinkedIn Analytics

LinkedIn

Marketing and Analytics

Tribal Fusion

Tribal Fusion

Marketing

Adform

Adform

Marketing

Quantcast

Quantcast

Marketing

What happens when I follow links to other sites?

If you follow a link from our site to another site then you should read the privacy notice on the other site prior to providing your data to them.

Where do we process data?

We primarily process data in the UK and in the EEA, specifically the Netherlands where our servers are located.

We use some other software tools and partners to help us deliver our services, some of these services will mean that your personal data are transferred outside of the UK.  We always ensure that appropriate protections are in place to safeguard your rights.

Making a complaint

Please contact us at the above address.  You can also contact the Information Commissioner’s Office (ICO) on their helpline 0303 123 1113 or online at www.ico.org.uk.  If you should contact the ICO they will normally ask you to contact us first.