Privacy & GDPR Policy

Last updated: 11th October 2025

This Privacy & GDPR Policy explains how Luxury Spa Retreats (“we”, “our”, “us”) collects, uses, and protects your personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We respect your privacy and are committed to protecting your personal data.

1. Who We Are

Luxury Spa Retreats is a UK-based sole trader providing travel consultancy, editorial content, and partnership collaborations in the luxury spa and wellness sector.

We operate as an independent content and referral brand, connecting clients with ATOL-protected travel partners and creating media content with tourism boards, hotels, and DMCs.

For data protection purposes, we are the data controller of the information we collect.

📧 Contact: hello@luxurysparetreats.com
📍 United Kingdom

2. What Information We Collect

We may collect and process the following types of information:

a) Information you provide directly

  • Your name and contact details (email, phone number, company, etc.)
  • Enquiry or booking preferences submitted through our website forms
  • Newsletter subscriptions and email preferences
  • Event, collaboration, or partnership enquiries
  • Media and press contact information

b) Information collected automatically

When you visit our website, we may automatically collect:

  • IP address and general location
  • Device and browser information
  • Pages visited, duration, and referral source
  • Cookie data (see section 8)

c) Information from partners and affiliates

We may receive limited information from trusted travel partners or affiliate networks when you make an enquiry, booking, or sign up via a linked platform.
These partners have their own privacy policies and are responsible for handling your data under their own compliance obligations.

3. How We Use Your Information

We use your personal data only for legitimate business purposes, such as:

  • Responding to your enquiries or requests
  • Providing travel and partnership consultancy services
  • Sending newsletters or updates (with your consent)
  • Managing collaborations with tourism boards, hotels, or agencies
  • Improving website content and user experience
  • Fulfilling legal or regulatory obligations

We do not sell or rent your personal information to third parties.

4. Legal Basis for Processing

We process your data under the following lawful bases:

  • Consent – where you have opted in to receive updates or marketing communications.
  • Contract – when processing is necessary to respond to your enquiry or provide consultancy.
  • Legitimate interests – when we use your data to operate and improve our business (e.g. website analytics, partner communications).
  • Legal obligation – to comply with applicable laws and regulations.

5. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected.
Typically, we will:

  • Keep general enquiries for up to 12 months,
  • Keep client or partner correspondence for up to 3 years, and
  • Retain financial or contractual information for up to 6 years where legally required.

You may request deletion of your data at any time (see Section 9).

6. Sharing Your Information

We may share limited data with:

  • Trusted travel partners, DMCs, or ATOL-protected agencies to fulfil referral enquiries;
  • Email and CRM providers (used solely for communication and mailing list management);
  • Professional service providers (e.g. accountants, legal advisors) who help us operate our business.

All third parties are required to respect the security of your data and use it only in accordance with UK GDPR.

We will never sell your data to advertisers or unrelated third parties.

7. International Transfers

We primarily store and process data within the United Kingdom.
Where third-party service providers (e.g. email or analytics tools) transfer data outside the UK, we ensure that adequate safeguards — such as Standard Contractual Clauses (SCCs) — are in place to protect your data.

8. Cookies and Analytics

Our website uses cookies and analytics tools to improve user experience and understand site performance.
Cookies are small text files stored on your device when you visit a website.

We use cookies for:

  • Basic site functionality
  • Traffic and engagement analytics
  • Remembering your preferences
  • Affiliate link tracking

You can disable cookies through your browser settings, though some parts of the site may not function properly.

Analytics data is anonymised and not used to personally identify visitors.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right to access – to request a copy of the data we hold about you.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to request that we delete your data (“right to be forgotten”).
  • Right to restrict processing – to limit how we use your data.
  • Right to data portability – to transfer your data to another provider.
  • Right to object – to object to direct marketing or legitimate interest processing.
  • Right to withdraw consent – at any time, where processing is based on consent.

To exercise any of these rights, email hello@luxurysparetreats.com.
We will respond within 30 days in accordance with data protection law.

10. Data Security

We take appropriate technical and organisational measures to protect your information from loss, misuse, or unauthorised access.
Our systems are secured with encryption and password protection.
However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

11. Links to Other Websites

Our website contains links to third-party websites, such as hotels, travel operators, or affiliate partners.
We are not responsible for the privacy practices or content of these external sites.
You are encouraged to review their privacy policies before submitting any personal data.

12. Email Marketing and Newsletters

We send newsletters and updates only to individuals who have explicitly opted in.
You can unsubscribe at any time by clicking the link in any email or contacting hello@luxurysparetreats.com.

We use reputable email providers that comply with UK GDPR standards for contact management and data protection.

13. Children’s Privacy

Our services and website are intended for adults aged 18 and above.
We do not knowingly collect personal information from minors.
If you believe a child has provided us with personal data, please contact us and we will delete it immediately.

14. Updates to This Policy

We may update this Privacy & GDPR Policy from time to time to reflect legal or operational changes.
The latest version will always be posted on this page, with the date of the last update clearly stated.

15. Contact Us

If you have any questions, concerns, or requests related to this policy or your personal data, please contact:
📧 hello@luxurysparetreats.com
📍 United Kingdom