Last updated: 1 January 2026
This Privacy Policy explains how HIDEAWAY SHOREHAM LTD ("The Hideaway", "we", "us", "our") collects, uses and protects information you provide when you visit https://the-hideaway.co.uk ("the Website") or book or use our spa services.
We are committed to protecting your privacy and handling your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
The data controller responsible for your personal data is:
HIDEAWAY SHOREHAM LTD
186 Upper Shoreham Road
Shoreham-by-Sea, West Sussex, BN43 6BG
United Kingdom
Company number: 15290818
Email: info@the-hideaway.co.uk
Phone: +44 1273 044186
2. What data we collect
2.1 Information you give us
- Name, email address and phone number when you submit an enquiry form or book a session.
- Date of birth and basic health information disclosed on our consultation form, where relevant to your treatment.
- Payment details when you settle an invoice (processed by a regulated third-party payment provider — we do not store full card details).
- Any other information you choose to share in correspondence with us.
2.2 Information collected automatically
- Standard server logs (IP address, browser type, pages visited, referring URL, timestamps) for security and to improve the Website.
- A small number of essential cookies necessary for the Website to function. See our Cookie Notice for details.
3. Why we use your data
We use your personal data for the following purposes:
- To respond to enquiries and arrange bookings.
- To deliver our spa services safely and appropriately (including pre-treatment health screening).
- To take payment and issue receipts.
- To meet our legal, accounting and regulatory obligations.
- To send service-related communications such as appointment confirmations and reminders.
- With your explicit consent only, to send occasional updates and offers about The Hideaway.
4. Legal basis for processing
We rely on the following legal bases under the UK GDPR:
- Contract — to provide the services you have asked us to provide.
- Legal obligation — for record-keeping, tax and health-and-safety requirements.
- Legitimate interests — to run our business and keep the Website secure, in ways you would reasonably expect.
- Consent — for any optional marketing communications, which you can withdraw at any time.
- Vital interests — in the rare case we need to share medical information to protect your life or health.
5. How long we keep your data
We keep your personal data only as long as we need it:
- Enquiry records: 24 months from your last contact, then deleted.
- Booking and treatment records: 7 years, in line with UK accounting and insurance requirements.
- Marketing subscriber records: until you unsubscribe.
6. Who we share your data with
We do not sell your data to anyone. We share it only with carefully selected providers who help us run the business, including:
- Our payment processor (Stripe Payments UK Ltd or equivalent regulated provider).
- Our IT, hosting and email providers, who process data on our behalf under written agreements.
- Our accountants, for tax and bookkeeping.
- Regulators, government bodies and law enforcement, where we are required to do so by law.
7. International transfers
Our primary providers are located within the UK or the European Economic Area. Where data is transferred outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses approved by the UK Information Commissioner's Office).
8. How we protect your data
We use industry-standard technical and organisational measures, including encryption in transit, access controls and staff training, to protect your data against unauthorised access, loss or misuse.
9. Your rights
You have the right to:
- Be informed about how we use your data.
- Access a copy of the personal data we hold about you.
- Have inaccurate data corrected.
- Ask us to delete your data ("right to be forgotten"), subject to legal retention requirements.
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Withdraw consent at any time where we rely on consent.
To exercise any of these rights, please email us at info@the-hideaway.co.uk. We will respond within one calendar month.
10. Complaints
If you are unhappy with how we have handled your data, please tell us first and we will do everything we can to put it right. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.
11. Updates to this policy
We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will always reflect the latest version. Material changes will be communicated to you where appropriate.