Privacy Policy

This Privacy Policy applies even if you have bought treatments or signed up for membership via a third party (such as Treatwell or Incorpore), as this Privacy Policy forms part of your contract with us for the provision of our services.

Mosaic Spa & Health Clubs is committed to protecting your safety and privacy, and takes its responsibilities regarding the security of customer information very seriously. This privacy policy explains what personal data we collect about you, how and why we use it, who we disclose it to, and how we protect your privacy.

1. Who is responsible for your data

Our Privacy Policy applies to the personal data that Mosaic Spa & Health Clubs collects and uses.

References in this Privacy Policy to “Mosaic Spa & Health Clubs”, “we”, “us” or “our” mean Mosaic Spa & Health Clubs (Contract Management) Limited (a company registered in England and Wales with registration no 5074077 and registered office at Park Farm Hethersett Norwich NR9 3DL). We control the ways your personal data are collected and the purposes for which your personal data are used by Mosaic Spa & Health Clubs and are the “data controller” for the purposes of the EU General Data Protection Regulations 2016 alongside the owners of the properties our sites are within.   

Mosaic Spa & Health Clubs operate health clubs and spas under the following brands – Fitness Express, Imagine Health & Spa, The Shrewsbury Club, Holmer Park Health Club & Spa, Riverhills Health Club & Spa, Shrewsbury College, The Spa at The Grand York, The Devonshire Spa, Pompey Health & Fitness Club.

2. Personal data we collect about you

When using the term “personal data” in our Privacy Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details, information relating to your booking or membership or information on how you use our website or how you interact with us.

We collect some personal data from you, for example when you book a treatment with us, use our website, use our health clubs or contact us. We may also receive your personal data from our suppliers who provide services to you on our behalf (for example when you provide feedback on our services), our partners when you purchase gift vouchers or third parties who act on your behalf, for example spa booking operators who book a treatment for you. If you book a spa treatment or buy membership on behalf of someone else, you must have their consent to use their personal information.

For more information on the parties who may share your personal data with us, please see section 7 below.

Categories of data we collect

We may collect and process the following categories of information about you: 

Your name and surname and your contact details
(email address, telephone number and postal address)

  • When you make an enquiry on our website
  • When you book a treatment or experience 
  • When you purchase a health club membership
  • When you take part in an activity at one of our health clubs
  • When you take part in our competitions, or
  • When you sign up to receive our marketing communications
  • When you apply for a job with us

Information about your bookings or your membership, if you require special assistance or if you have specific dietary requirements. This information may include any changes to your bookings that relate to your booking (for example if you pre-order food or request a particular treatment).

  • When you make a booking or contact us about your booking

Information about your health, if you have a medical condition that may affect your visit or membership (please see section “Sensitive personal data” below for more information)

  • When you provide us with this information before your treatment or use of the facilities

Information about other customers in your booking.

  • When you make a booking on behalf of other customers

Information about your transaction, including your payment card details or direct debit details

  • When you purchase any products or services

Information about your purchases of our partners’ related products and services 

  • When you purchase such products or services

Information about the purchase of products available

  • When you pre-order these products or purchase them during your visit

The communications you exchange with us (for example, your emails, letters, calls, or your messages on our online chat service)

  • When you contact us or you are contacted by us

Your posts and messages on social media directed to Mosaic Spa & Health Clubs and it’s brands

  • When you interact with us on social media 

Your feedback

  • When you reply to our requests for feedback or participate in our customer surveys

Information that relates to your memberships 

  • When you obtain, renew or cancel your memberships

Sensitive personal data

In the course of providing services to you, we may collect information that could reveal your physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data” under the EU General Data Protection Regulations 2016 and other data protection laws. We only collect this information where you have given your explicit consent, it is necessary, or you have deliberately made it public. 

For example, we may collect this information in the following circumstances:

For your safety, when you have a specific medical condition that may affect the treatments we can offer you or the exercise you can do in our health clubs, you will need to inform us of.
If you request special assistance during a visit, this could reveal information about your health (for example if you ask for wheelchair assistance). If you inform us about specific dietary requirements you may have, this could potentially indicate that you have specific religious beliefs.

By providing any sensitive personal data you explicitly agree that we may collect and use it in order to provide our services and in accordance with this Privacy Policy.

If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us. Please be aware that in such circumstances you will not be entitled to cancel or obtain a refund of any price you have paid.  

3. How and why we use your personal data

We use your personal data for the following purposes:

To manage your spa bookings and provide our membership services to you

  • When you are using our spa, we use your information to perform our services in relation to your visit. We also use it to change your bookings if you request such changes.
  • If you are a member we use your information to administer your membership of the club and to facilitate bookings of classes and appointments

To communicate with you and manage our relationship with you

  • Occasionally we may need to contact you by email, telephone, mail and/or SMS for administrative or operational reasons, for example in order to send you confirmation of your bookings and your payments, to inform you about your itinerary, when your membership is due for renewal or to advise you of disruption and changes to your booking or the service provided at our facility.
  • Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications.
  • We will also use your personal data if we contact you after you have sent us a request, filled in a web-form through our website or contacted us on social media. 
  • Your opinion is very important to us, so we may send you an email or letter to seek your feedback.
  • We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers. 

To personalise and improve your customer experience

  • We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience. For example, if you inform us about your preferred spa location we will be able to send you offers relevant to your location.
  • We may also collect information on how you use our services, which treatments you choose and what products you buy, in order to understand what you like. We may use this if you have agreed to receiving marketing communications, to send you relevant messages that we think you like.  

To inform you about news and offers that you may like

  • We may send you marketing communications for our spas and health clubs, if you have indicated that you are happy to receive these, for example when you sign up to receive our enews on our website or sign up to membership with us and you express a wish to receive such communications. If you are happy to receive marketing communications, we will provide you with news from us such as new treatments that you may be interested in or offers that you may like. 
  • In addition, we will also send you communications promoting our partner’s products and services that may relate to your spa visit or membership. 
  • You can also choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us.  

To improve our services, fulfil our administrative purposes and protect our business interests 

  • The business purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development. 

To comply with our legal obligations, for example, our obligation to provide your information to HMRC or to pay you if you are an employee.

To process your job application, including inviting you for interview or sending you communications about the success of your application

To protect your vital interests, for example to supply information to a paramedic in the case of an emergency

4. Requesting access to your personal data

You have a right to request access to the personal data that we hold about you. This could include booking information relating to treatments you have taken with us or your club membership.

If you have questions in relation to your personal data, please contact us at: [email protected].

5. Security of your personal data

We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. When you provide your personal data through our website this information is transmitted across the internet securely using high-grade encryption.

As described in this Privacy Policy, we may in some instances disclose your personal data to third parties. Where we disclose your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party, such as HMRC, and have limited control over how it is protected by that party.

The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you. Your personal data may be accessed by and processed outside the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”) - including by staff operating outside the EEA who work for us or for one of our suppliers or agents (this includes staff engaged in, among other things, the provision of support services). Where your personal data are transferred outside of the EEA, we require that appropriate safeguards are in place. 

We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy Policy or in order to comply with the law.

6. Cookies or other tracking technologies

Our website uses "cookies" to track visitors on our website to help us better understand how they use it. These cookies do not contain or pass any personal, confidential or financial information or any other information that could be used to identify individual visitors. Please note that you are free to refuse cookies. .

For more information on deleting or controlling cookies we recommend

7. Third Parties

Your personal data may be shared with other departments within our group. It may also be disclosed to a third party who acquires us, a member of our Group or substantially all of our assets. We may also in limited circumstances, disclose your personal information to third parties if we are under a legal obligation to do so for example HMRC.

Some of our suppliers will have temporary access to your information and we use them to help our service. We only use suppliers who follow GDPR guidelines themselves and include the following:

  • Wayfresh –for management of our websites
  • Computer Service Centre – for hosting and backup of our spa booking system and head office servers
  • SDA Solutions, Hedgehog Concept & EZ-Runner – for hosting of our leisure membership software.
  • Gumnut Systems – for support of our spa booking system
  • Technogym – for hosting of our wellness gym system
  • Mailchimp & Brevo – for sending communications
  • IE Digital – hosting and management of our Spaboost email marketing system.
  • Swimtag – a training aid and monitoring tool to track progress in the pool.
  • Bottomline Technologies – for secure processing of leisure direct debits through the banking system.
  • Google Analytics - Collects anonymous technical data from website visitors and shows us reports of page views, unique visitors, referals to help improve our service

8. Social Media

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Visitors are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Visitors are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

9. Updates to our Privacy Policy

We may make changes to this Privacy Policy from time to time, we will update the Privacy Policy and we will publish on our website any new version of this Policy.

9. Contact information

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected]