top of page

Privacy Policy

This privacy policy explains how Six Spa Ltd (“we”, “us”, or “our”) collects, uses, stores, and protects your personal information when you use our website sixprivatespa.co.uk or interact with us in any way. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are (Data Controller)

Six Spa Ltd

Email: info@sixprivatespa.co.uk

We are the "data controller", meaning we determine how your personal information is processed. 

Information We Collect

We may collect and process the following categories of personal data:

  • Information you provide to us:

    • Name​

    • Email address

    • Phone number

    • Booking details

    • Billing/shipping details

    • Payment information (processed securely by our payment provider)

    • Messages or enquiries you send to us

    • Marketing consent preferences

  • Information collected automatically:

    • IP address​

    • Browser type and version

    • Device information

    • Pages viewed and time spent

    • Cookies

  • Information from third parties we may receive from:

    • Payment processors (E.g. Stripe, PayPal)​

    • Booking platforms or integrations 

    • Marketing or analytics tools

How We Use Your Information

We use your information to:

  • Service delivery:

    • Process and manage spa bookings​

    • Provide services

    • Process product, gift card, and membership purchases

    • Process recurring subscription payments

    • Communicate regarding bookings, changes or confirmations

  • Customer support:

    • Respond to enquiries​

    • Handle complaints or troubleshooting

  • Marketing (with consent)

    • Send promotional emails and/or texts​

    • Notify you about new services, offers or updates

  • Legal and operational

    • Maintain business records​

    • Manage fraud prevention and security

    • Comply with legal obligations

Legal Basis for Processing

Under UK GDPR, we process your data using the following lawful bases:

  • Contract: To provide the services and products you requested

  • Legitimate Interests: E.g. website analytics, improving services

  • Consent: For marketing communications

  • Legal Obligations: Complying with tax, accounting and regulatory requirements

Sharing Your Information

We do not sell your personal data. We may share your information with trusted third parties including:

  • Payment processors

  • Booking systems

  • Delivery services

  • Website hosting providers

  • Email and marketing tools (with consent)

  • Legal or professional advisers (if required)

All providers meet UK GDPR compliance standards.

Data Retention

We keep your personal data only as long as necessary for:

  • Completing your bookings or purchases

  • Meeting legal, tax or accounting obligations

  • Managing disputes or ensuring compliance

Typical retention periods:

  • Booking and transactional records: 6 years as required by UK law

  • Marketing data: Until you unsubscribe

  • Enquiry emails: 12-24 months

Your Rights

Under UK GDPR, you have the right to:

  • Access your data

  • Correct inaccurate information

  • Request deletion ("right to be forgotten")

  • Restrict processing

  • Object to processing

  • Withdraw consent

  • Request data portability

To exercise these rights, email: info@sixprivatespa.co.uk

bottom of page