Privacy policy.

ÅBYN House Spa is the trading name used across our branding and website.
For legal, regulatory and data protection purposes, the business is registered as A Touch of Tranquility, which is the entity referred to throughout this Privacy Policy.

Our commitment to your privacy

We take your privacy very seriously. This privacy policy explains who we are, how and why we collect, store, use and share your personal information, and your rights in relation to that information.

We collect, use and are responsible for certain personal information about you. When we do so, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of these laws, A Touch of Tranquility is the ‘data controller’ of your personal information.

Key terms

  • We / us / our – A Touch of Tranquility

  • Personal information – Any information relating to an identified or identifiable individual

  • Special category personal information – Personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning health, sex life or sexual orientation

Personal information we collect about you

We may collect and use the following personal information:

  • Your name and contact details (including email address, telephone number, date of birth, address and next of kin details for emergency purposes)

  • Billing information, transaction details and payment information

  • Medical history, allergies and lifestyle information provided on client consultation forms

  • Details of feedback you provide by phone, email, post or via social media

  • Information about how you use our website and booking systems

This information is required to provide our services. If you do not provide the information we request, it may delay or prevent us from providing services to you.

How your personal information is collected

We collect most personal information directly from you, for example when you:

  • Make a booking

  • Complete consultation or intake forms

  • Contact us by phone, text, email or social media

  • Provide feedback or complete surveys

We may also collect information:

  • Indirectly through website usage and browsing activity

  • From third parties with your consent

  • Through our IT systems, including automated monitoring of websites, communications systems and email

How and why we use your personal information

Under data protection law, we can only use your personal information where we have a lawful basis to do so, including:

  • To perform our contract with you or take steps at your request before entering into a contract

  • To comply with legal and regulatory obligations

  • For our legitimate business interests, provided these are not overridden by your rights

  • Where you have given explicit consent

We use your personal information for purposes including:

  • Providing treatments and services

  • Maintaining accurate client records

  • Managing bookings, payments and accounts

  • Complying with health, safety and professional obligations

  • Improving efficiency, training and service quality

  • Communicating with you about existing or new services

  • Preventing unauthorised access to systems

  • Marketing our services to existing and former clients

Special category personal information (such as medical details) is only processed with your explicit consent, provided via consultation forms.

Promotional communications

We may use your personal information to send you updates about our services, including new treatments, offers or changes.

We rely on legitimate interest to send marketing communications to existing and former clients. Where consent is required, this will be requested clearly and separately.

You can opt out of promotional communications at any time by contacting:
hello@abynhousespa.com

We never sell or share your personal information with third parties for marketing purposes.

Who we share your personal information with

We may share your personal information with trusted third parties where necessary to operate our business, including:

  • Online booking and client management system – Acuity Scheduling

  • Payment processors – Stripe

  • Website hosting and IT service providers

  • Professional advisers (accountants, insurers)

  • Health and safety advisers (if required following an incident)

All service providers are required to keep your personal information secure and confidential.

We may also share information with regulatory authorities or law enforcement where legally required.

Where your personal information is held

Your personal information is stored securely on our own systems and those of our third-party service providers listed above. No hard-copy client records are stored.

Links to other websites

Our website may contain links to other websites. We are not responsible for the privacy practices of other websites and encourage you to read their privacy policies before providing any personal data.

How long your personal information is kept

We will keep your personal information for as long as you are a client or we are providing services to you.

After this, we retain information only where necessary:

  • To respond to queries, complaints or claims

  • To demonstrate fair treatment

  • To comply with legal and regulatory requirements

By law, we are required to retain treatment records and related notes for a minimum of 6 years.

When information is no longer required, it will be securely deleted or anonymised.

Your rights

You have the right to:

  • Access your personal information

  • Request correction of inaccurate information

  • Request deletion of your information (in certain circumstances)

  • Restrict processing of your information

  • Request data portability

  • Object to processing, including direct marketing

  • Not be subject to automated decision-making

You can exercise these rights free of charge by contacting us.

Keeping your personal information secure

We have appropriate security measures in place to protect your personal information from loss, misuse or unauthorised access. Access is limited to those who need it for legitimate business purposes.

If a data breach occurs, we will notify you and the relevant authority where legally required.

How to complain

If you have concerns about how we use your personal information, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk/concerns
Telephone: 0303 123 1113

Changes to this privacy policy

This privacy policy was first published in June 2020 and is reviewed regularly.
It was most recently updated in December 2025.

How to contact us

If you have any questions about this policy or how your information is handled, please contact:

Email: hello@abynhousespa.com
Telephone: 07525 738781