Privacy Policy

Privacy Notice

Welcome to The Spa at Laceby Manor privacy notice. Laceby Manor Resort LTD respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from), use our mobile application software as either a customer user or a beauty or wellness therapist user, or interact with us on social media, and tells you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. THE DATA WE COLLECT ABOUT YOU
  3. HOW IS YOUR PERSONAL DATA COLLECTED
  4. HOW WE USE YOUR PERSONAL DATA
  5. DISCLOSURES OF YOUR PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. DATA SECURITY
  8. DATA RETENTION
  9. YOUR LEGAL RIGHTS
  10. GLOSSARY
  11. COOKIE POLICY
1. Important information and who we are Purpose of this privacy notice

This privacy notice aims to give you information on how Laceby Manor Resort LTD collects and processes your personal data through your use of this mobile and web application service (“app”) as either a customer user or a beauty or wellness therapist user, including any data you may provide through this website when you request or perform a treatment, register and use our app, sign up to our newsletter or email subscription, register to attend one of our events, interact with us on social media or take part in a competition or survey.

This app is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

If you are a beauty or wellness therapist user, we will also provide you a copy of our staff and contractor privacy notice where applicable.

Controller

Laceby Manor Resort LTD is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

Our full details are:
Full name of legal entity: Laceby Manor Resort LTD
Company registration number: 07502525
VAT number: GB112177058000
Name or title of DPO: Head of People & Culture
Email address: info@lacebymanor.co.uk
Postal address: Barton Street, Laceby, DN37 7LD
Telephone number: 01472 873468

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 01 October 2025.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This app may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our app, we encourage you to read the privacy notice of every website you visit or app you use.

2. The data we collect about you We may collect, use, store and transfer different kinds of personal data about you, grouped as follows:
  • Identity Data – name, username, date of birth, gender, marital status.
  • Special Category Data – health information relevant to treatments.
  • Contact Data – billing address, service address, email, phone numbers.
  • Financial Data – payment card or bank details.
  • Transaction Data – details of services purchased or delivered.
  • Technical Data – IP address, login data, browser type/version, device data.
  • Profile Data – username, password, preferences, feedback, survey responses.
  • Usage Data – information on how you use our website/app/services.
  • Marketing & Communications Data – preferences for marketing and communication.

We may also use Aggregated Data for analytics and service improvement.

If you fail to provide personal data required by law or under a contract, we may be unable to provide services to you.

3. How is your personal data collected?

We collect personal data through:

  • Direct interactions – completing forms, booking, surveys, feedback.
  • Automated technologies – cookies, analytics, browsing behaviour.
  • Third parties/public sources – payment processors, booking systems, marketing platforms, Companies House, Electoral Register.
4. How we use your personal data

We use your data when the law allows:

  • To perform a contract with you.
  • To comply with legal obligations.
  • For our legitimate interests (provided these do not override your rights).

We may process your personal data for:

  • Registering you as a customer or therapist.
  • Providing and managing services, bookings, and treatments.
  • Processing payments, fees, and refunds.
  • Sending service updates, marketing (with your consent), promotions.
  • Improving our services, website and app.
  • Complying with legal requirements.

You may opt out of marketing at any time.

5. Disclosures of your personal data

We may share your data with:

  • External service providers (IT, payment, marketing, booking platforms).
  • Professional advisers (lawyers, bankers, auditors, insurers).
  • HMRC, regulators, and authorities.
  • Successors in the event of a merger, sale, or restructuring.

We require third parties to respect your personal data and only process it as instructed.

6. International transfers

Some of our partners and service providers are located outside the UK.

When transferring your data internationally, we ensure appropriate safeguards are in place, such as:

  • Adequacy regulations recognised by the UK Government.
  • ICO/UK-approved International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses.
  • Additional security and contractual measures where required.

You may contact us for details of safeguards used in specific transfers.

7. Data security

We use appropriate security measures to protect your personal data from accidental loss, misuse, or unauthorised access. Access is restricted to staff and contractors with a business need.

Procedures are in place to deal with any data breach. Where legally required, we will notify you and the ICO.

8. Data retention

We keep personal data only as long as necessary to fulfil purposes it was collected for, including legal, accounting, or reporting obligations.

  • By law, we must retain customer information (Contact, Identity, Financial and Transaction Data) for six years for tax purposes.
  • In some cases, we may anonymise data for research/statistical use indefinitely.
  • You may request erasure of your data where applicable.
9. Your legal rights

You have the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing.
  • Request transfer of your data.
  • Withdraw consent at any time (without affecting prior lawful processing).

We may require proof of identity before responding. We aim to respond within one month.

10. Glossary

Legitimate Interest – our business interest in managing operations, improving services, and protecting security.
Performance of Contract – processing necessary for providing services or fulfilling agreements.
Legal Obligation – processing required by law.

External Third Parties include IT and system providers, marketing platforms (e.g. Stripe, Mixpanel, Mailchimp, Customer.io, Mention Me, Timely), advisers, and regulators.

11. Cookie Policy

Our website uses cookies to improve your browsing experience, store preferences, and measure usage.

  • Session cookies – temporary, deleted after browsing.
  • Persistent cookies – stored for future visits.
  • First-party cookies – set by our website.
  • Third-party cookies – set by services like analytics or advertising.

You may adjust your browser settings to refuse cookies, but this may affect site functionality.

For more information visit: www.allaboutcookies.org.