1. Introduction
Best British Hot Tubs Ltd are committed to protecting the privacy and security of your personal information. This Privacy Notice describes how we collect and use personal information about you.
2. General
This notice does not form part of any agreement or contract and may be updated at any time.
Identity of the data controller The data controller is the business which captures the data from individuals and/ or decides how it is to be used and processed. A5 Spas Ltd are the data controller for our customers and employees.
We are a data controller for any personal information that you provide to us. This means that we are responsible for determining how information relating to you is used, stored and shared.
Categories of personal data we process
We will collect, store, and use the following categories of personal information about you:
• Your full name
• Your address or previous addresses including second properties
• Your contact details such as phone numbers and email addresses
• Your employment status, salary and homeowner status
Sources of personal data
We collect personal information relating to you directly from you, from our online sources such as social media, websites and online chat via the company’s websites.
Our lawful bases for processing your data
We will use your personal information in the following circumstances:
• Where we need to perform the contract we have entered into with you
• Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests
• To comply with relevant legislation and regulations
Our purposes for processing your data
• Performing the contract that we have entered in to with you by providing you with the products and services that you have ordered
• To provide you with a quote and the details of all available payment methods when you have shown an interest in our products and services
• To issue marketing material to you about the products and services we offer
• To process a finance application for you
Sensitive Personal Data
There may be instances where it is necessary for you to share information with us containing special categories of personal information or ‘sensitive personal data’. This relates to things such as details of medical conditions which you may need to share with us so we are able to meet your specific requirements when providing our goods and services. Due to the sensitive nature of this information, we will only take it from you if you have given us your explicit consent and it is necessary for us to do so. We will also inform you of what we will do with this information and who we will share it with.
Use of Cookies
If you visit our website, we may use cookies where appropriate to gather information about your computer and your general interests to enable us to improve our website and target marketing appropriately. Cookies are stored on your computer’s hard drive and cannot be used to identify you personally as they contain no personal information.
Who has access to your data
We may share your personal information with third parties where required by law, where it is necessary to administer the contract we have entered in to you with you, or where we have another legitimate interest in doing so.
Recipients of your data may include third-party service providers, other related business entities, a regulator, or to otherwise comply with the law.
If you choose to fund your purchase with us using one of the finance products we offer to our customers as a credit broker on behalf of lenders, we will share your data with the relevant lender so they are able to process your finance application.
Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.
Security of your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How we decide how long to retain your data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and any applicable legal or contractual requirements.
Your rights
You have the right to:
• Request access to, and a copy of, your personal information that we hold.
• Request correction of the personal information that we hold about you if you believe it is incomplete or inaccurate
• Request erasure of your personal information in specific circumstances, such as; if our processing of your personal information is based upon legitimate interests and you believe it is no longer necessary; or if you believe we have processed your personal data unlawfully or not for the purposes which it was intended.
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request to restrict the processing of your personal information in specific circumstances, such as; you have requested that your personal information is corrected and want to restrict processing whilst we correct it; where you believe our processing is unlawful but do not want us to erase your personal information; where we no longer need to store your personal information but you require us to do so to enable you to exercise or defend a legal claim.
• Data Portability in particular circumstances meaning that you can request for your personal information to be securely moved, copied or transferred from our IT environment to another. This only applies if our lawful basis for processing your data is consent or performance of a contract, and we are processing your data by automated means.
If you believe we have not complied with your rights, you can complain to the Information Commissioner by visiting their website https://ico.org.uk/.
Automated decision-making & Profiling
Automated decision making is where a decision is made by a computer without human intervention. A5 Spas Ltd. may make automated decisions via the website in confirming consent to additional marketing permissions, as well as consent to contact. Where this is applicable, individuals have the right to request human intervention and review.
We do not conduct any automated decision-making or profiling activities whilst processing your personal information.
Changes to this Privacy Notice
The Company reserves the right to update this privacy notice at any time. You can request the most up to date version from us at any time by contacting us on the contact details below.
Contacting us Please do not hesitate to contact us regarding any matter relating to this Privacy notice via email.
3. Embedded Content
Pages on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. Below you can find a list of the services we use:Youtube
We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.4. Cookies
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
Necessary Cookies (all site visitors)
- PHPSESSID: To identify your unique session on the website.
Necessary Cookies (Additional for Logged in Customers)
- wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
- wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
- wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
5. Who Has Access To Your Data
If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself.
If you are a client with a registered account, your personal information can be accessed by:
- Our system administrators.
- Our support team when they (in order to provide support) need to get the information about the client accounts and access.
6. Third Party Access to Your Data
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc.
7. How Long We Retain Your Data For
When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation.
If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.
8. Security Measures
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
9. Your Data Rights
General Rights
If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
GDPR Rights
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. ThemeREX permits residents of the European Union to use its Service. Therefore, it is the intent of ThemeREX to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.