CONTENTS

1. Introduction

2. Scope

3. Aims

4. Collecting and sharing Personal Information

5. Using Personal Information

6. Your rights as a Data Subject

7. Data Protection Principles

8. Consent

9. Collection and use of Employee Personal Information

10. Security

11. Monitoring and enforcement

12. Compliance

13. Data Protection (UK)

14. Information Process Activities

15. Retention of Personal Data

16. Social Media and Online Engagement

17. Changes to this Privacy Policy

18. Contacting Florence Day Spa

PRIVACY POLICY

1. Introduction

This privacy policy sets out how Florence Day Spa uses and protects any information that you give when you have any treatment or package at Florence Day Spa.
Florence Day Spa is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using Florence Day Spa services, you can be assured that it will only be used in accordance with this privacy statement. Florence Day Spa may change this policy from time to time by updating the information on its Websites. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 21st May 2018.

2. Scope

LJD Therapies Ltd established in 2018 and operates under the trading name of Florence Day Spa. We are committed to safeguarding the privacy of our clients. In this policy we explain how we will treat your personal information. All our processes and procedures regarding the collection and distribution of personal data have a key driver to demonstrate a commitment to protecting an individual’s privacy. There are various ways that you might interact with Florence Day Spa, and the information you provide when doing so allows us to improve our services. By using this website and by supplying your details to Florence Day Spa, you consent to Florence Day Spa collecting and processing your information.

3. Aims

The aims of this document are to explain: • What information we collect, and why we collect it • How we use that information • The categories of personal data collected • Your rights as a Data Subject • Obtaining your Consent • How we protect that information • How you can control your information, including accessing, updating and deleting what we store • How we share information collected • Your rights to lodge a complaint

4. Collecting and sharing Personal Information

Florence Day Spa may collect or record basic personal information (e.g., name, e-mail address, mailing address, phone number) which you voluntarily provide through submitting forms via our Website, through electronic mail, or through other means of communication between you and Florence Day Spa. Florence Day Spa only collects personal information of a more sensitive nature (e.g. bank account details or other ID numbers, credit card details and account numbers) where it is appropriate or necessary for conducting business. This information will be collected, stored, accessed and processed in a secure manner. Florence Day Spa may also collect general non-personal information pertaining to users of our sites, including IP addresses, source domain names, specific web pages, length of time spent, and pages accessed. This information is collected, among other things, to aggregate statistical information, facilitate system administration and improve the Site and services offered to you.

5. Using Personal Information

Florence Day Spa uses the information we collect to provide you with services which you request and to improve our existing services. When you contact Florence Day Spa, we may keep a record of your communication to help solve any issues that you might be facing. Your information may be retained for a reasonable time for use in future contact with you, or for future improvements to Florence Day Spa services. You have the option to opt-out or opt-in for further communications from Florence Day Spa. Florence Day Spa may also use or disclose your personal information when Florence Day Spa believes, in good faith, that such use or disclosure is reasonably necessary to (i) comply with law, (ii) enforce or apply the terms of any of our user agreements, or (iii) protect the rights, property or safety of Florence Day Spa, day spa users, or others. Florence Day Spa reserves the right to transfer and disclose your information if Florence Day Spa becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.

6. Your Rights as a Data Subject

The Data Subject is the person or persons Florence Day Spa hold any information on and for. As the Data Subject, you can be assured that: • The Data Subject has the right to Access personal details upon request • The Data Subject has the right to rectify any inaccuracies within their data • The Data Subject has the right to have all their personal data erased (right to be forgotten) • The Data Subject has the right to rectifying any processing of their personal data • The Data Subject has the right to obtain a copy of their personal data in a commonly used format and have it transferred to another controller • The Data Subject has the right to object to the processing of their personal data • The Data Subject has the right to object to any automated decision making • The Data Subject has the right to compensation for damages caused by infringements of the Regulation from the Data Controller or Data Processor All requests by the Data Subject to petition any of the above Rights should be, in the first instance, raised with the Data Protection Officer, info@florencedayspa.uk

7. Data Protection Principles

Under the GDPR Florence Day Spa is committed to ensuring that: • personal data is processed lawfully, fairly and in a transparent manner • personal data is collected for specific, explicit and legitimate purposes • personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed • personal data is accurate and, where necessary, kept up to date and all inaccuracies having regard to the purposes for which is was collected are erased or rectified at the first opportunity • personal data is kept no longer than is necessary for the purpose for which it was collected • personal data is processed in a manner that ensures appropriate security and personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational methods • personal data is limited to what is necessary in relation to the purpose for which is was collected, adequate and relevant • personal data is collected and processed in a legal manner in relation to consent, categories of personal data, contract and legal obligations, Legitimate, Vital and Public interests and process documentation.

8. Consent

Giving Consent to Florence Day Spa will only be undertaken where the individuals have: • a genuine choice and level of control over how your data is used • the right to ONLY opt-in to give consent with no pre-ticked or implied consent options • individuals are made fully aware of what they are consenting to • the right to withdraw consent at any time by speaking to a member of staff or emailing info@florencedayspa.uk • the right to know the purpose of collecting and processing your data There is the need for Florence Day Spa to collect and process personal data without consent in the fulfilment of its duties and obligations to you, where appropriate. (For example: Personal and banking information will be required to process online booking deposits, payments for non arrival of appointments. Florence Day Spa will hold a copy of your consenting action in relation to who consented, when and how you were told. This information will be kept by Florence Day Spa as long as is deemed appropriate.

9. Collecting and use of Employee Personal Information

We also collect personal information from our employees and from job applicants (human resource data) in connection with administration of our human resources programs and functions. These programs and functions include but are not limited to: job applications and hiring programs, compensation and benefit programs, performance, review and development processes, training, access to our facilities and computer networks, employee profiles, employee directories, human resource recordkeeping, and other employment related purposes. It is the policy of Florence Day Spa to keep all past and present employee information private from disclosure to third parties. There are certain business-related exceptions and they are: • To comply with local, regional, national contractual legislation requests • Inquiries from third parties with a signed authorisation from the employee to release the information, except in situations where limited verbal verifications are acceptable (see below)

10. Security

The security of your personal information is important to us. We follow generally accepted best practice industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Florence Day Spa uses all reasonable measures to safeguard personally identifiable information, which measures are appropriate to the type of information maintained and follows applicable laws regarding safeguarding any such information under our control. In addition, in some areas of our Sites, may use encryption technology and unique password access to enhance information privacy and help prevent loss, misuse, or alteration of the information under Florence Day Spas’ control. No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, Florence Day Spa cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and Florence Day Spa encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure

11. Monitoring and Enforcement

Florence Day Spa regularly reviews our compliance with our privacy policy. We also adhere to several self-regulatory frameworks in addition to complying with applicable law. If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.

12. Compliance

Florence Day Spa adheres to the European Union ("EU") Data Protection (95/46/EC) and e-Privacy (2002/58/ED) Directives, the Data Protection Act 1998 and the General Data Protection Regulations.

13. Data Protection (UK)

Florence Day Spa is registered as a Data Controller under the Data Protection Act: Certificate of Registration number ZA396990

14. Information Processor Activities

Individuals may contact the Data Protection Officer identified below to review any personal information held about them. Florence Day Spa reserves the right to take reasonable steps to authenticate the identity of any such individual seeking access to such personal information. Questions, comments, or access requests.

15. Retention of Personal Data

Florence Day Spa will only continue to hold personal data for a reasonable time to a point where the data is no longer required or used. Retention periods also exist for data collected and processed for Financial & HR purposes, CCTV imagery, Insurance and Liabilities and to allow Florence Day Spa to undertake its services for customers, commissioners and stakeholders. If you have provided Florence Day Spa with your personal information, you have the right to inspect the information stored by us for accuracy or may request that the information be removed from our records. Florence Day Spa will make all reasonable efforts to comply with such requests except where it would require a disproportionate effort (for example developing a new system or changing an existing practice). We may require that you verify your identity before we act on a request to edit or remove your information. Please direct any questions about your Personal Information to info@florencedayspa.uk

16. Social Media and online engagement

We use a variety of new technologies and social media options to communicate and interact with clients, potential customers, employees and potential employees. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, certain Florence Day Spa businesses use certain third-party platforms including, but not limited to, Facebook, Twitter, Instagram, Youtube and LinkedIn. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by Florence Day Spa. When interacting with the Florence Day Spa presence on those websites, you may reveal certain personal information to Florence Day Spa or to third parties. Other than when used by Florence Day Spa employees for the purpose of responding to a specific message or request, Florence Day Spa will not use, share, or retain your personal information • The Facebook privacy policy is available at: http://www.facebook.com/policy.php • The Twitter privacy policy is available at: http://twitter.com/privacy • The LinkedIn privacy policy is available at: http://www.linkedin.com/static?key=privacy_policy • The Instagram privacy policy is available at: https://help.instagram.com/155833707900388 • The Youtube privacy policy is available at: https://policies.google.com/privacy?hl=en-GB&gl=uk

17. Changes to this Privacy Policy

Florence Day Spa may change this privacy policy from time to time. If this privacy policy changes, the revised privacy policy will be posted at the "Privacy Policy” link on the Site’s home page. In the event that the change is significant or material, we will notify you of such a change by revising the link on the home page to read "Newly Revised Privacy Policy." Please check the privacy policy frequently. Your continued use of the Site constitutes acceptance of such changes in the privacy policy, except where further steps are required by applicable law.

18. Contacting Florence Day Spa

Questions regarding this privacy policy should be directed to info@florencedayspa.uk or call 01502 532546 and ask to speak to the Data Protection Officer.