Our Website - general brochure - Single controller - GDPR Policy 

Privacy Notice

About Us

This Privacy Notice relates to the personal data you give over this website and other data we collect. We are Hypa Spa Limited. We share some or all of your personal data with others:


The Personal Data we collect from you

We collect the personal data you provide us when you fill in the blanks in the website forms. A full list can be found clicking this link.


We also collect the following personal data from you:

- fill in a contact form online

- information you provide when you telephone us about your order, ask any questions, make a complaint or any other reason

- the information you provide when you create an online account with us

- the information you provide when you respond to a survey request or enter a competition including whether you win a prize

- the information you put in any emails to us for any reason including your email address

- from cookies to collect personal data whilst you are on the website which can include which site you came to us from, your browsing history on or site and device information. We use it to improve our services to you which is a legitimate interest.

-When you contact us through social media

-When you provide information through paper-based forms and documents

We use your data to register you to use the website and manage your account. 


Using your data to fulfil the Contract

To fulfil the contract we use your data to decide whether to allocate you the brochure, materials or products, manage and track your request or order, update you on progress, generate delivery notes and administration generally. We may have to use third parties to help us achieve these aims in accordance with our legitimate interests (see below).


Sharing with others to deliver the products and for legitimate interests

To help us fulfil the request or contract we share your data with these parties for the reasons below as it is in our legitimate interests to do so having taken into account all relevant factors around your privacy. If we do not engage these external contractors our prices would have to increase as we would have to engage more staff and buy more infrastructure. We require them to be GDPR compliant and enter data processor contracts with us or ensure their contracts make appropriate statements.


We use an external email provider to provide email services, and we use this method of confirming and managing your order and your account with us.

The following is a list of the outside parties we use:


We use it to trace debtors, beneficiaries, recover debt, prevent fraud and manage the transaction or your relationship with us.


Who else we share your personal data with for legitimate interest reasons

We share your personal data with the following parties for reasons of legitimate interest:

- we use a cloud based accountancy software which means your personal data is on their cloud servers as our data processor.

- we use an outside party to bill and collect who are acting as our data processor. They will identify themselves to you as acting on our behalf but if you have any concerns about their activity or behaviours please contact us.

- we use agents, advisers or others involved in running accounts and services for you and your business or collecting what you or your business owe; 

- we use Third party vendors who help us to manage and maintain the IT infrastructure, website and linked services; 

- we use Logistics and delivery providers who enable us to deliver products you request or order on our websites; 

- we use professional advisors, such as lawyers, accountants, debt collectors and consultants; 


Cookie Policy

We analyse your use of our site so adverts of ours or others can be positioned on the page.

If you log-in using a Facebook log-in as a means of authentication you grant permission to Facebook to share your user details, including your name, date of birth, geolocation information and email. We use this to form your online identifier. It also permits sharing of other data which you choose to share using your Facebook preferences. If you remove our app or link from Facebook our ability to use that information ends. If you log in using twitter log in details as your authentication, we get your twitter name and avatar.


Adding Data Together

In order to help us to be efficient with the personal data we have about you we will combine the data we get from the following sources or interactions with you or third parties:

- any paper based documents you have or do provide us with

- data you provide over the telephone (including any text or other messages),

- competition or other entries to surveys or similar interactions from time to time

- data you provide over email 

- data you provide over social media


Customer Service

We may listen in to and record any telephone calls and online chat 


Retention of Data

We will keep your data for 7 years after the year you make the request or order it so we can comply with contract law issues, product liability issues, insurance issues, company law obligations, record keeping for accounting and tax audits. If there are any complaints or questions on product liability or insurance issues we will keep your data for 6 years after the matter is dealt with. We may hold onto data were there are legal reasons to retain it.


Where we process your personal data to fulfil:

- a contract with you, we will process such personal data until we fulfil that contract and for so long thereafter as may be necessary to keep a record of that contract, which will typically be 6 months for requests and for contracts 6 years, and to deal with any complaints or claims which will be until the final resolution of such complaints or claims (having regard to the nature of any potential claims and the limitation of liability periods that apply to them); or

- a legal obligation (such as anti-Money Laundering, tax and accounting obligations), we will process such personal data for so long as necessary to fulfil that obligation; or


Where we process your personal data based on: 

- our legitimate interest, we will process such personal data for so long as necessary to achieve that legitimate interest, which will typically be for 6 years after we collect your personal data or the last time we use your personal data (or longer in relation to any legal claims that might arise having regard to the nature of any potential claims and the limitation of liability periods that apply to them); or

-your consent, for example, to send you marketing information, we will process such personal data until you withdraw that consent. Please bear in mind that it may take a short time to process any withdrawal of your consent. We aim to do this as soon as reasonable after receipt of your request, although you may still receive emails that are already in process around the time of your withdrawal. 


Marketing

We will use your personal data only to market to you in line with your permissions given to us.

- by telephone to the numbers provided

- by post to the address we have at any time

- by email. We may promote our products to you by email until you unsubscribe. The unsubscribe option will be present in any marketing email we send. We may send you our marketing by email as you have bought goods from us.


We may wish to send you offers from selected third parties from time to time if you have given us permission.


Your rights regarding your personal information

Data privacy laws provide you with a number of rights over your personal information. 

You have the following rights: 

Access 

Receive a copy of the Personal Data we hold about you and confirm we’re lawfully Processing it by making a Data Subject Access Request (DSAR). It’s free of charge unless your request is clearly unfounded or excessive 


Rectification 

Ask us to update, complete or correct your Personal Data at any time if you detect an inaccuracy. In fact, we encourage you to do so.


Portability 

Get any Personal Data you’ve given us in an electronic form based on Consent or Contractual Necessity in a common machine-readable format. We can also transfer it to a third party if you ask.


Erasure (Right to be Forgotten) 

Ask us to delete or remove Personal Data where there is no good reason or Lawful Basis for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to Objection. We can refuse in certain circumstances. Find out more, here -https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted/


Objection 

Object to any Processing we do based on Legitimate Interests. You also have the right to object where we are processing your Personal Data for direct marketing purposes


Automated Processing 

Not to be subject to automated decision-making without human intervention that has significant legal or other effects.


Restriction 

Suspend the Processing of some of your Personal Data, for example, if you want us to establish its accuracy or the reason for processing it.


Withdrawal of Consent 

Withdraw consent at any time and we will stop Processing it unless we have another legitimate basis for doing so in law. Where we rely on your consent, we also explain how you can easily withdraw it. We will need to confirm your identity to confirm your right to access the information or exercise any of your other rights. This is to prevent Personal Data being disclosed to anyone who has no right to receive it. You can find out more about your rights by visiting the Information Commissioner’s Office


Right to Complain 

If you are unhappy with the way we handle your personal data, we encourage you to contact us as set out below. You may complain to the Information Commissioner’s Office. You can find the details here - https://ico.org.uk/make-a-complaint/

If you would like to exercise your rights, please let us know by getting in touch with us as set out in the Contact us section below. 


Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 


Contact Us

If you have any questions please contact us: 

By filling out the [contact us form]

By email: info@hypaspa.com

Call: 0151 705 0990

By Postal address: Ronald House, Clayhill Industrial Estate, Longacres Road, Neston, Cheshire, CH64 3TA


You can contact Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 Fax: 01625 5245

Call to action
Share by: