The Recovery Lounge - Privacy Policy

Last updated: [November 2025]

Recovery Lounge (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect your information when you book with us, use our services, or visit our website/Instagram.

Business Name: The Recovery Lounge

Address: 357 Reading Road, Henley-on-Thames, RG9 4HA

Email: recovery_lounge@outlook.com

1. Information We Collect

We may collect the following types of personal information:

1.1 Personal Identification

  • Name

  • Email address

  • Telephone number

  • Postal address (if provided)

1.2 Booking & Service Information

  • Appointment dates and times

  • Service type (e.g., infrared sauna session)

  • Notes relating to your session or enquiry

  • Consents or preferences you provide

1.3 Health-Related Information (if provided)

For safety when using the sauna or wellness facilities, you may choose to disclose:

  • Health conditions

  • Relevant medical considerations

  • Contraindications

We only collect this information with your consent and only where necessary for your safety.

1.4 Payment Information

  • Payments are processed securely via third-party providers (e.g., Square, Stripe).

  • We do not store full card details ourselves.

1.5 Website & Social Media Data

  • Cookies or analytics (e.g., website usage, browsing behaviour)

  • Instagram interactions, DMs, enquiries

2. How We Use Your Information

We use your information to:

  • Manage and confirm bookings

  • Provide infrared sauna and related services

  • Send appointment reminders

  • Respond to enquiries

  • Process payments

  • Ensure safety and suitability for treatments

  • Maintain internal records and comply with legal obligations

  • Send marketing communications (only where permitted)

3. Legal Basis for Processing

We process your information under the following lawful bases:

  • Contract – to provide the service you requested and manage bookings

  • Legitimate Interests – for business administration and service reminders

  • Legal Obligation – e.g., financial record-keeping

  • Consent – for marketing and for any health-related information you choose to provide

You may withdraw consent at any time by contacting us.

4. Data Storage & Security

We store your data using secure, encrypted, and GDPR-compliant systems.

Measures include:

  • Password-protected devices

  • Encrypted booking and payment platforms

  • Limited staff access

  • Secure email systems

  • Regular internal checks of data security

We never sell your personal data.

5. Data Retention

We retain your personal data only for as long as necessary:

  • Booking records & contact details: up to 6 years

  • Health-related information: up to 6 years, or sooner upon request (unless required for legal purposes)

  • Financial/payment records: 6 years (UK legal requirement)

  • Marketing preferences: until you unsubscribe or request deletion

6. Sharing Your Information

We may share your information only with trusted third parties necessary to operate our business, such as:

  • Booking systems (e.g., Squarespace, Acuity Scheduling)

  • Payment processors (e.g., Stripe, Square, PayPal)

  • Email platforms (e.g., Outlook, Mailchimp)

  • IT and administrative service providers

These companies are GDPR-compliant and process your data only on our behalf.

We do not sell your data or share it for unrelated marketing.

7. Your Rights Under GDPR

You have the right to:

  • Access the personal data we hold about you

  • Request correction of inaccurate data

  • Request deletion (“right to be forgotten”)

  • Withdraw consent at any time

  • Object to marketing communications

  • Request transfer of your data to another provider

  • Lodge a complaint with the ICO (Information Commissioner’s Office)

To exercise your rights, email us at: recovery_lounge@outlook.com

8. Cookies & Website Analytics

Our website may use cookies to:

  • Enable basic site functionality

  • Improve user experience

  • Monitor website performance

  • Tailor content or advertisements

You can control cookies through your browser settings.

9. Data Breach Procedure

In the unlikely event of a data breach, we will:

  • Take immediate steps to secure your information

  • Assess the risk to your rights and freedoms

  • Notify the ICO within 72 hours if required

  • Inform you promptly when legally necessary

10. Contact Us

If you have any questions or would like to exercise your privacy rights, please contact:

Recovery Lounge

357 Reading Road

Henley-on-Thames

RG9 4HA

Email: recovery_lounge@outlook.com