Our Privacy Policy

This privacy notice tells you what to expect us to do with your personal information.

  • Contact details

  • What information we collect, use, and why

  • Lawful bases and data protection rights

  • Where we get personal information from

  • How long we keep information

  • Who we share information with

  • Sharing information outside the UK

  • How to complain

Contact details

Email hello@readandrelax.co.uk

What information we collect, use, and why

We collect or use the following information to provide services and goods, including delivery:

  • Names and contact details

  • Addresses

  • Date of birth

  • Information relating to loyalty programmes

  • Website user information (including user journeys and cookie tracking)

  • Photographs or video recordings

  • Information relating to compliments or complaints

We collect or use the following information for the operation of customer accounts and guarantees:

  • Names and contact details

  • Addresses

  • Marketing preferences

We collect or use the following information to prevent, detect, investigate or prosecute crimes:

  • Video and CCTV recordings of public areas (including indoor and outdoor spaces)

  • Audio recordings of public areas (including indoor and outdoor spaces)

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details

  • Marketing preferences

  • Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

  • Name

  • Contact information

  • Identification documents

We collect or use the following information for recruitment purposes:

  • Contact details (eg name, address, telephone number or personal email address)

  • Date of birth

  • National Insurance number

  • Copies of passports or other photo ID

  • Employment history (eg job application, employment references or secondary employment)

  • Education history (eg qualifications)

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details

  • Address

  • Video recordings of public areas

  • Audio recordings of public areas

  • Information relating to health and safety

Lawful bases and data protection rights

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide services and goods are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Our lawful bases for collecting or using personal information to prevent, detect, investigate or prosecute crimes are:

  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone.

  • All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

    • CCTV recordings to prevent crimes. The benefit of collecting means that there will be less loss to the business. Losses to the business would be expensive and mean prices would rise for customers.

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for legal requirements are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for recruitment purposes are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Where we get personal information from

  • Directly from you

  • CCTV footage or other recordings

How long we keep information

Two years.

Who we share information with

Data processors

Squarespace
This data processor does the following activities for us: Host the website and the email collection/sending out system.

Batch
This data processor does the following activities for us: Hold details of customer orders.

Accountant and Bookkeeper
So that staff can be paid, and accurate records of accounts can be kept

Others we share personal information with:

  • Insurance companies

  • Organisations we need to share information with for safeguarding reasons

  • Professional or legal advisors

  • Financial or fraud investigation authorities

  • Organisations we’re legally obliged to share personal information with Previous employers

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Squarespace

Category of recipient: IT/website host/Email sender

Country the personal information is sent to: US

How the transfer complies with UK data protection law:

The GDPR requires certain safeguards when transferring personal data from outside the EEA, the UK and Switzerland to "third countries," which are all countries outside these protected areas, including the United States. Squarespace is committed to treating personal data received from the EEA, the UK, Switzerland, and elsewhere around the world in a secure and privacy-first way. Squarespace processes personal data in a way that meets the European Commission and UK Standard Contractual Clauses.

Standard Contractual Clauses

Squarespace uses the European Commission Standard Contractual Clauses (also known as Model Contractual Clauses) and the UK’s International Data Transfer Addendum (UK Addendum) as the legal basis for transferring personal data to third countries, including the United States.

The European Commission updated the Standard Contractual Clauses on June 4, 2021 to reflect:

  • How data processing happens in the modern world.

  • The requirements of the EU GDPR.

  • Recommendations from the European Data Protection Board The Schrems II decision by the Court of Justice of the European Union.

On March 21, 2022, the UK’s Information Commissioner’s Office’s updated requirements related to data transfers outside of the UK, including the use of an international data transfer agreement and the UK Addendum to the updated Standard Contractual Clauses, took effect.

We protect your personal data and have put appropriate technical and organizational safeguards in place to meet these standards. To learn more, visit our Security Measures page.

Data Privacy Frameworks

In accordance with Article 45 of the GDPR, an adequacy decision was adopted for the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Frameworks (each individually and jointly, the “Data Privacy Frameworks”).

Squarespace, Inc. complies with the Data Privacy Frameworks to provide a legal basis for transfers of personal data to Squarespace, Inc. in the US from, as applicable, the EEA, Switzerland and the UK. Squarespace, Inc. has certified its compliance to the Data Privacy Frameworks. You can find our certification here. To learn more about the Data Privacy Frameworks and DPF Principles, visit the Data Privacy Framework Program site.

Other transfer requirements

Articles 45 to 50 of the GDPR set the various requirements for the lawful transfers of personal data to third countries or international organizations that provide an adequate level of protection. These include:

Adequacy
Third countries, specified sectors within third countries, or international organizations, have adequacy if the EU Commission determined they provide an adequate level of data protection.

In the absence of an adequacy decision, the GDPR allows a transfer if the controller or processor has provided “appropriate safeguards,” which may include:

  • Approved Codes of Conduct or Approved Certification Mechanisms

  • Binding Corporate Rules

  • Standard Contractual Clauses

Exceptions

Exceptions allow transfers in specific situations, like if consent is obtained, or:

  • For the performance or conclusion of a contract

  • For the exercise of legal claims

  • To protect the vital interests of the data subject when they can’t give consent or for reasons of public interest

To learn more, visit the guidance documents from the European Data Protection Board or the Information Commissioner’s Office for the UK.

We may use other transfer mechanisms to ensure adequate data protection. We’ll provide more information, as appropriate, if other transfer mechanisms are used for the lawful transfers of personal data to third countries.

Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Squarespace

Category of recipient: IT website host including email addresses

Country the personal information is sent to: US

How the transfer complies with UK data protection law: The GDPR requires certain safeguards when transferring personal data from outside the EEA, the UK and Switzerland to "third countries," which are all countries outside these protected areas, including the United States. Squarespace is committed to treating personal data received from the EEA, the UK, Switzerland, and elsewhere around the world in a secure and privacy-first way. Squarespace processes personal data in a way that meets the European Commission and UK Standard Contractual Clauses.

Standard Contractual Clauses

Squarespace uses the European Commission Standard Contractual Clauses (also known as Model Contractual Clauses) and the UK’s International Data Transfer Addendum (UK Addendum) as the legal basis for transferring personal data to third countries, including the United States.

The European Commission updated the Standard Contractual Clauses on June 4, 2021 to reflect:

  • How data processing happens in the modern world.

  • The requirements of the EU GDPR.

  • Recommendations from the European Data Protection Board The Schrems II decision by the Court of Justice of the European Union.

On March 21, 2022, the UK’s Information Commissioner’s Office’s updated requirements related to data transfers outside of the UK, including the use of an international data transfer agreement and the UK Addendum to the updated Standard Contractual Clauses, took effect.

We protect your personal data and have put appropriate technical and organizational safeguards in place to meet these standards. To learn more, visit our Security Measures page.

Data Privacy Frameworks

In accordance with Article 45 of the GDPR, an adequacy decision was adopted for the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Frameworks (each individually and jointly, the “Data Privacy Frameworks”).

Squarespace, Inc. complies with the Data Privacy Frameworks to provide a legal basis for transfers of personal data to Squarespace, Inc. in the US from, as applicable, the EEA, Switzerland and the UK. Squarespace, Inc. has certified its compliance to the Data Privacy Frameworks. You can find our certification here. To learn more about the Data Privacy Frameworks and DPF Principles, visit the Data Privacy Framework Program site.

Other transfer requirements

Articles 45 to 50 of the GDPR set the various requirements for the lawful transfers of personal data to third countries or international organizations that provide an adequate level of protection. These include:

Adequacy

Third countries, specified sectors within third countries, or international organizations, have adequacy if the EU Commission determined they provide an adequate level of data protection.

In the absence of an adequacy decision, the GDPR allows a transfer if the controller or processor has provided “appropriate safeguards,” which may include:

  • Approved Codes of Conduct or Approved Certification Mechanisms

  • Binding Corporate Rules

  • Standard Contractual Clauses

Exceptions

Exceptions allow transfers in specific situations, like if consent is obtained, or:

  • For the performance or conclusion of a contract

  • For the exercise of legal claims

  • To protect the vital interests of the data subject when they can’t give consent or for reasons of public interest

To learn more, visit the guidance documents from the European Data Protection Board or the Information Commissioner’s Office for the UK.

We may use other transfer mechanisms to ensure adequate data protection. We’ll provide more information, as appropriate, if other transfer mechanisms are used for the lawful transfers of personal data to third countries.

Website Visitors Data

This website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:

  • Information about your browser, network and device

  • Web pages you visited prior to coming to this website

  • Web pages you view while on this website

  • Your IP address

Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalised form.

Cookies

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

  • These necessary and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

  • These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.

Types of Cookies: 

  • Necessary
    Required to enable core site functionality and to remember user preferences andchoices, such as language preferences or customized settings. 

  • Performance and Analytics
    These cookies provide quantitative measures of website visitors. With the usage of these cookies we are able to count visits and traffic sources to improve the performance of our site.

  • Advertising
    These cookies are used by advertising companies to serve ads that are relevant to your interests.

Analytics 

This website collects personal data to power our site analytics, including:

Information about your browser, network, and device

  • Web pages you visited prior to coming to this website

  • Your IP address

This information may also include details about your use of this website, including:

  • Clicks

  • Internal links

  • Pages visited

  • Scrolling

  • Searches

  • Timestamps

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

Contact Form Submissions

When you submit information to this website via webform, we collect the data requested in the webform in order to track and respond to your submissions. We share this information with Squarespace, our online store hosting provider, so that they can provide website services to us. We also share this information with [] for storage and [with Zapier for data porting].

Email Newsletters

We collect names and emails when you sign up to our email newsletter. You can unsubscribe from this by clicking the link at the bottom of an email from us. We only share your contact information with Squarespace, our email marketing provider, so they can send these emails on our behalf.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated: 16 October 2024