Legal

Privacy Policy

Last updated: 24 April 2026

1. Who we are

The Head Spa Guide operates the website at theheadspaguide.com. This policy explains what personal data we collect, why we collect it, and how we handle it. Questions about this policy can be directed to hello@theheadspaguide.com.

2. What data we collect

We collect the minimum data needed to operate the site:

  • Account information — name and email address when you create an account or sign in with a third-party provider (e.g. Google).
  • Contact form submissions — name, email address, and message content when you use our contact form.
  • Usage data — page views, referrer URLs, and browser information collected via analytics. This data is aggregated and not linked to individual identities.
  • Favourites and reviews — spa listings you save or review, stored against your account.

3. How we use your data

We use the data we collect to:

  • Provide and operate the website and its features.
  • Respond to enquiries submitted via the contact form.
  • Allow you to save favourites and submit reviews when signed in.
  • Understand how the site is used so we can improve it.
  • Prevent fraud and misuse, and comply with legal obligations.

We do not sell, rent, or trade your personal data to third parties.

4. Legal basis for processing (UK GDPR)

Where UK GDPR applies, we rely on the following legal bases:

  • Contract — processing necessary to provide your account and associated features.
  • Legitimate interests — analytics and site improvement, provided this does not override your rights.
  • Legal obligation — where we must retain records to comply with law.
  • Consent — where you have explicitly opted in, such as marketing communications (we currently send none).

5. Cookies

We use a small number of cookies:

  • Session cookies — strictly necessary to keep you signed in.
  • Analytics cookies — used to understand aggregate traffic patterns. No personally identifiable information is collected via these cookies.

You can control cookies via your browser settings. Disabling cookies may affect your ability to sign in or use certain features.

6. Data retention

We retain account data for as long as your account is active. If you delete your account, your personal data is removed within 30 days except where we are required to retain it for legal or fraud-prevention purposes. Contact form messages are kept for up to 12 months.

7. Third-party services

We use the following third-party services which may process your data:

  • Authentication providers — if you sign in via Google or another provider, that provider's privacy policy also applies.
  • Hosting and infrastructure — our hosting provider processes data on our behalf under a data processing agreement.
  • Analytics — we use privacy-respecting analytics. No personal data is shared with advertising networks.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, email us at hello@theheadspaguide.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. All data is transmitted over HTTPS.

10. Changes to this policy

We may update this policy from time to time. Significant changes will be noted with a revised "Last updated" date at the top of the page. Continued use of the site after changes are posted constitutes acceptance of the revised policy.

11. Contact

For any questions about this policy or your data, contact us at hello@theheadspaguide.com.