Privacy Policy

Privacy Policy – Harmony Day Spa

At Harmony Day Spa, your privacy is very important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our Beauty and Spa Services in Royston.
We follow the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this page carefully. If you have any questions, our team is always happy to help.

1. Who We Are

We are Harmony Day Spa, a Beauty and Spa Salon in Royston, Hertfordshire. We offer a wide range of beauty and spa treatments, including facials, massages, waxing, nail care, eyelash and eyebrow treatments, and body treatments.

We are the data controller for the personal information collected through this website and our booking processes.

2. What Information We Collect

When you visit our website or book a treatment, we only collect the information we genuinely need to provide you with our services and keep in touch with you. Here is what we may collect:

A) Information You Give Us Directly

Your name

Phone number

Email address

Appointment details (date, time, treatment)

Any information you provide through forms or bookings

Health and medical information relevant to your treatments (for example, pregnancy, skin conditions, allergies)

Payment details

Website usage data (like pages visited, time spent)

B) Information We Collect Automatically

Pages you visit on our website

How long you spend on each page

The device and browser you use

Your approximate location (country/city level)

How you found our website (e.g. Google search, Facebook)

We collect this data using cookies and similar tracking tools. See Section 7 for more on cookies.

3. Why We Collect Your Information

We use your information for the following purposes:

A) To Provide Our Services

Book and confirm your appointments

Send you appointment reminders

Keep treatment records so we can personalise your experience

Carry out safe and suitable treatments based on your health information

B) To Run Our Business

Process payments

Respond to your questions and enquiries

Handle any complaints or issues

Maintain our client records

C) To Stay in Touch

Send you special offers, news, or promotions

Ask for feedback or reviews after your visit

4. Our Legal Basis for Using Your Data

Under UK GDPR, we need a legal reason to use your personal information. Here is what applies in each case:

Contract: When you book a treatment, we need your information to provide that service.

Legitimate Interests: We use website analytics to improve our website and services — this doesn't override your rights.

Consent: We will ask for your permission before sending marketing messages or collecting sensitive health information.

Legal Obligation: We may need to keep certain records for legal or tax purposes.

5. Sharing Your Information

We do not sell your personal information to anyone — ever.
We may share your data only when needed:

With trusted service providers (like booking systems)

To comply with legal requirements

6. How We Protect Your Data

We take your data security seriously. We use safe systems and security measures to protect your personal information from misuse, loss, or unauthorized access.

7. Cookies

Cookies are small text files stored on your device when you visit our website. They help us understand how visitors use our site and make it work properly.

8. Your Rights

Under UK GDPR, you have the following rights over your personal data. These are your legal rights — and we are here to help you use them:

Right to Access: You can ask us for a copy of the personal information we hold about you. We will provide this within 30 days, free of charge.

Right to Correct: If your information is wrong or out of date, you can ask us to update it.

Right to Delete: You can ask us to delete your personal information. We will do this unless we are legally required to keep it.

Right to Object: You can object to us using your data for marketing at any time.

Right to Restrict: You can ask us to limit how we use your data in certain circumstances.

Right to Data Portability: You can ask for a copy of your data in a format you can transfer elsewhere.

Right to Withdraw Consent: If we are using your data based on consent, you can withdraw that consent at any time.

To exercise any of these rights, please contact us using the details in Section 11. We will respond within 30 days.

9. Keeping Your Data Safe

We take the security of your personal information seriously. Here are some of the measures we have in place:

Secure, encrypted connections on our website (HTTPS)

Password-protected systems and devices

Restricted access — only staff who need your data to do their job can access it

Regular reviews of our data security practices

However, no method of data transmission over the internet is 100% secure. We try hard to protect your information, but we cannot guarantee complete security. If you have any concerns, please contact us immediately.

10. Links to Other Websites

Our website may include links to other websites, including our Facebook and Instagram pages. We are not responsible for how your data is handled after you leave our website. We suggest that you read the privacy policies of each website you visit.
Our social media pages:

11. How to Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have a concern about how we handle your information, please get in touch:

12. Making a Complaint

If you are unhappy with how we have handled your personal information, you have the right to make a complaint to the UK’s data protection regulator:
We would always appreciate the chance to resolve any concerns directly — please contact us first and we will do our best to help.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the “Last Updated” date at the top of this page.
We recommend checking this page occasionally to stay informed. If we make significant changes, we may notify you by email or display a notice on our website.