1. Who is responsible for your data
Mosaic Spa & Health Clubs operate health clubs and spas under the following brands – Fitness Express, Imagine Health & Spa, The Shrewsbury Club, Holmer Park Health Club & Spa, Riverhills Health Club & Spa, Shrewsbury College, The Spa at The Grand York, Waterfront Spa & Health Club, The Devonshire Spa, The Malvern View Spa, Pompey Health & Fitness Club.
2. Personal data we collect about you
We collect some personal data from you, for example when you book a treatment with us, use our website, use our health clubs or contact us. We may also receive your personal data from our suppliers who provide services to you on our behalf (for example when you provide feedback on our services), our partners when you purchase gift vouchers or third parties who act on your behalf, for example spa booking operators who book a treatment for you. If you book a spa treatment or buy membership on behalf of someone else, you must have their consent to use their personal information.
For more information on the parties who may share your personal data with us, please see section 7 below.
Categories of data we collect
We may collect and process the following categories of information about you:
Your name and surname and your contact details
(email address, telephone number and postal address)
- When you make an enquiry on our website
- When you book a treatment or experience
- When you purchase a health club membership
- When you take part in an activity at one of our health clubs
- When you take part in our competitions, or
- When you sign up to receive our marketing communications
- When you apply for a job with us
Information about your bookings or your membership, if you require special assistance or if you have specific dietary requirements. This information may include any changes to your bookings that relate to your booking (for example if you pre-order food or request a particular treatment).
- When you make a booking or contact us about your booking
Information about your health, if you have a medical condition that may affect your visit or membership (please see section “Sensitive personal data” below for more information)
- When you provide us with this information before your treatment or use of the facilities
Information about other customers in your booking.
- When you make a booking on behalf of other customers
Information about your transaction, including your payment card details or direct debit details
- When you purchase any products or services
Information about your purchases of our partners’ related products and services
- When you purchase such products or services
Information about the purchase of products available
- When you pre-order these products or purchase them during your visit
The communications you exchange with us (for example, your emails, letters, calls, or your messages on our online chat service)
- When you contact us or you are contacted by us
Your posts and messages on social media directed to Mosaic Spa & Health Clubs and it’s brands
- When you interact with us on social media
- When you reply to our requests for feedback or participate in our customer surveys
Information that relates to your memberships
- When you obtain, renew or cancel your memberships
Sensitive personal data
In the course of providing services to you, we may collect information that could reveal your physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data” under the EU General Data Protection Regulations 2016 and other data protection laws. We only collect this information where you have given your explicit consent, it is necessary, or you have deliberately made it public.
For example, we may collect this information in the following circumstances:
For your safety, when you have a specific medical condition that may affect the treatments we can offer you or the exercise you can do in our health clubs, you will need to inform us of.
If you request special assistance during a visit, this could reveal information about your health (for example if you ask for wheelchair assistance). If you inform us about specific dietary requirements you may have, this could potentially indicate that you have specific religious beliefs.
If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us. Please be aware that in such circumstances you will not be entitled to cancel or obtain a refund of any price you have paid.
3. How and why we use your personal data
We use your personal data for the following purposes:
To manage your spa bookings and provide our membership services to you
- When you are using our spa, we use your information to perform our services in relation to your visit. We also use it to change your bookings if you request such changes.
- If you are a member we use your information to administer your membership of the club and to facilitate bookings of classes and appointments
To communicate with you and manage our relationship with you
- Occasionally we may need to contact you by email, telephone, mail and/or SMS for administrative or operational reasons, for example in order to send you confirmation of your bookings and your payments, to inform you about your itinerary, when your membership is due for renewal or to advise you of disruption and changes to your booking or the service provided at our facility.
- Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications.
- We will also use your personal data if we contact you after you have sent us a request, filled in a web-form through our website or contacted us on social media.
- Your opinion is very important to us, so we may send you an email or letter to seek your feedback.
- We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers.
To personalise and improve your customer experience
- We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience. For example, if you inform us about your preferred spa location we will be able to send you offers relevant to your location.
- We may also collect information on how you use our services, which treatments you choose and what products you buy, in order to understand what you like. We may use this if you have agreed to receiving marketing communications, to send you relevant messages that we think you like.
To inform you about news and offers that you may like
- We may send you marketing communications for our spas and health clubs, if you have indicated that you are happy to receive these, for example when you sign up to receive our enews on our website or sign up to membership with us and you express a wish to receive such communications. If you are happy to receive marketing communications, we will provide you with news from us such as new treatments that you may be interested in or offers that you may like.
- In addition, we will also send you communications promoting our partner’s products and services that may relate to your spa visit or membership.
- You can also choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us.
To improve our services, fulfil our administrative purposes and protect our business interests
- The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development.
To comply with our legal obligations, for example, our obligation to provide your information to HMRC or to pay you if you are an employee.
To process your job application, including inviting you for interview or sending you communications about the success of your application
To protect your vital interests, for example to supply information to a paramedic in the case of an emergency
4. Requesting access to your personal data
You have a right to request access to the personal data that we hold about you. This could include booking information relating to treatments you have taken with us or your club membership.
If you have questions in relation to your personal data, please contact us at: [email protected]
5. Security of your personal data
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. When you provide your personal data through our website this information is transmitted across the internet securely using high-grade encryption.
6. Cookies or other tracking technologies
For more information on deleting or controlling cookies we recommend www.AboutCookies.org.
7. Third Parties
Your personal data may be shared with other departments within our group. It may also be disclosed to a third party who acquires us, a member of our Group or substantially all of our assets. We may also in limited circumstances, disclose your personal information to third parties if we are under a legal obligation to do so for example HMRC.
Some of our suppliers will have temporary access to your information and we use them to help our service. We only use suppliers who follow GDPR guidelines themselves and include the following:
- Wayfresh –for management of our websites
- Computer Service Centre – for hosting and backup of our spa booking system and head office servers
- SDA Solutions & EZ-Runner – for hosting of our leisure membership software.
- Gumnut Systems – for support of our spa booking system
- Technogym – for hosting of our wellness gym system
- Mailchimp – for sending Holmers Headlines
- IE Digital – hosting and management of our Spaboost email marketing system.
- Swimtag – a training aid and monitoring tool to track progress in the pool.
- Bottomline Technologies – for secure processing of leisure direct debits through the banking system.
- Google Analytics - Collects anonymous technical data from website visitors and shows us reports of page views, unique visitors, referals to help improve our service
8. Social Media
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Visitors are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Visitors are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
9. Contact information