Register - Treatwell

Please read these Terms and Policies carefully before you start to use our Website or our Apps and before booking any third party goods or services through our Website or our Apps. We recommend that you print a copy of these for future reference. By using our Website or our Apps, you confirm that you accept these Terms and Policies and that you agree to comply with them regardless of whether you choose to register with us. If you do not agree to these Terms and Policies, you must not use our Website or our Apps in any way.

Welcome to our website, www.treatwell.nl ("Website") and to the Treatwell Customer mobile application and the Treatwell Connect (salon diary and management tool) mobile application (the “Apps”). The Website and our Apps are provided by Treatwell BNL B.V. (t/a Treatwell), a company registered in the Netherlands under number 56870256 and whose registered office is at Vijzelstraat 79, 1017 HG Amsterdam ("Treatwell", "us", "we" or "our" for short). "You" and "your" means you as the user of our Website or our App.
The Website and our Apps have two main functions:
1. aggregating of information and providing a centralized booking point for selected third party goods and services providers who wish to offer their goods and services for sale via our Website and our Apps ("Partners"); and
2. provision of general information relating to health and wellbeing.
We have set out the terms under which we are providing you with access to our Website and our Apps and any products or services we offer from our Website or our Apps. These include the terms and conditions that govern:
1. your rights to use and link to our Website and our Apps (our "Website & App Terms of Use");
2. how we will use and protect information about you (our "Privacy & Cookies Policy");
3. our booking terms and conditions in relation to the third party products or services we offer from the Website or our Customer mobile application (our "Booking Terms and Conditions"); and
4. your obligations when uploading comments or other contributions and content to our Website or our Apps (our "User Generated Content Policy"), (together or individually these may be referred to as our "Terms and Policies").
Please note that the Terms and Policies do not govern the relationship as between Treatwell and our Partners. If you are an existing Partner, please check the “Partner Terms of Business” provided to you upon sign up. If you are not yet a Partner but would like to apply to Treatwell to become one of our Partners, please see www.treatwell.nl/business-info/welkom/.
If you enter any prize competitions or other promotions on the Website or our Apps, separate terms and conditions may also apply in addition to our Terms and Policies. In the event of a conflict between any additional terms and conditions and our Terms and Policies, such additional terms shall prevail to the extent of the conflict.
We may change our Terms and Policies from time to time, in which case up to date versions of such Terms and Policies will be available via the Website and our Apps. You should check these Terms and Policies regularly to ensure that you are happy with any changes. You will be deemed to have accepted any changes to the Terms and Policies after you have been notified of the changes on our Website or our Apps and/ or if you continue to access or use the Website or our Apps, where the updated Terms and Policies will be available for you to view.

WEBSITE & APP TERMS OF USE

Please read these Website & App Terms of Use carefully before you start to use our Website or our Apps, as they apply to your use of our Website and our Apps. We recommend that you print a copy of these for future reference.

These Website & App Terms of Use refer to the following additional terms which also apply to your use of our Website and our Apps:

Our Privacy and Cookie Policy; and
Our User Generated Content Policy.

By using our Website or our Apps, you confirm that you accept these Website & App Terms of Use and that you agree to comply with them. If you do not agree to these Website & App Terms of Use, you must not use our Website or our Apps. Please note: these Website & App Terms of Use only cover your use of our Website and our Apps, they DO NOT apply to the third party goods and services which are available for booking on our Website or our Customer mobile application. Please see our Booking Terms and Conditions [insert hyperlink] for the terms and conditions which apply when you make any bookings or purchase any vouchers from our Website or our Customer mobile application. Within these Website & App Terms of Use, the phrase “Terms and Policies” refers to any or all of the following policies: our Privacy and Cookie Policy, our User Generated Content Policy, these Website Terms and Conditions and our Booking Terms and Conditions.

Use of the Website and our Apps
1. These Website & App Terms of Use set out how you may use our Website and our Apps. By accessing the Website or our Apps, you agree to these Website & App Terms of Use. These Website & App Terms of Use apply to whatever method you have used to access the Website or our Apps, including but not limited to the internet, digital television services and mobile phone.
2. If you do not agree to these Website & App Terms of Use, you should not use the Website or our Apps. You should read all of the Website & App Terms of Use prior to using the Website or our Apps.
Accessing our Website and our Apps
1. Access to our Website and our Apps is permitted on a temporary basis. We reserve the right to withdraw or amend our Website or our Apps (and any products or services offered on them) without notice. We will not be liable if for any reason our Website, our Apps or any part of it or them is unavailable at any time or for any period.
2. We update our Website and our Apps from time to time and so may change the content at any time without notice to you. We reserve the right to withdraw, vary or suspend the Website or our Apps (or any part of them) at any time without notice.
3. Materials and information posted on our Website or our Apps are not intended as advice and should not be relied upon as such. We therefore disclaim all liability and responsibility arising from any reliance placed on such information to the fullest extent permissible by all applicable laws.
4. You are responsible for making all arrangements necessary to access and view this Website and our Apps and should ensure you have up to date anti-virus software on any device from which your access our Website or our App.
5. You are responsible for ensuring that all persons accessing our Website or our Apps through your internet connection are aware of these Website & App Terms of Use.
6. We specifically reserve the right to withdraw access to our Website and/or our App and/or cancel any order in the event that you fail any credit or fraud prevention check or where we reasonably suspect fraud or money laundering by you or someone using your account.
Password and Account Security
1. You are responsible for the safety and security of your password and log in details. To help protect against unauthorised access to your account you are advised to store your username(s) and password(s) safely and securely. Please ensure that your password is not one you have used before, that it is eight characters or more and, ideally, not one that you use on other sites. We recommend that you refrain from disclosing your username(s) and password(s) to anyone. We also recommend that you sign out of your account at the end of each session. You may also wish to close your browser window when you have finished your session, especially if you share a computer with someone else or if you are using a computer in a public place.
2. If you suspect that unauthorised access has been made to your account you must notify us immediately by contacting us via chat. We will investigate any alleged unauthorised account activity. Notwithstanding any other terms pertaining to our right to disable or block access to your account, we reserve the right to disable or block your account at any time where it is suspected that unauthorised access has been made to your account.
Misuse of our Website or our App
1. You must not misuse our Website or our Apps by:
  1. knowingly introducing viruses, trojans, worms, logic bombs, time bombs, keystroke loggers, spyware, adware or other material, programme or code which adversely affects the operation of any computer software or hardware (or is designed to do so); and/or
  2. gaining or attempting to gain unauthorised access to the server on which our Website or our Apps is stored or any server, computer or database connected to our Website or our App; and/or
  3. attacking our Website or our Apps via a denial-of-service attack or a distributed denial-of service attack.
2. Breach of this clause might constitute a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our Website and our Apps will cease immediately.
Users
1. If you are aged 18 years old or over, you may create an account and become a registered user of the Website and our Apps ("User").
2. As a User you may have access to additional products or services and/or functionality, for example, the ability to create an account, save contact information, post user generated content (“UGC”) onto the Website or via our Apps, and receive information about promotions and special offers which are restricted to Users, if any.
3. Any personal information that you provide to us in the course of becoming a User or after registration will be held and used in accordance with any consent obtained from you and the terms of our Privacy and Cookies Policy.
4. We also have the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our reasonable opinion you have failed to comply with any of the provisions of any of our Terms and Policies.
  If you know or suspect that anyone other than you knows your username or password, you must promptly notify us via chat.
Posting UGC
1. If and where the functionality of the Website or our Apps allows, Users or other visitors to the Website or our Apps that log into a social media account via any widget or interface available on or off the Website may post UGC to the Website or via our App.
2. Any UGC posted will be attributed to the username you provide or the username of the social media account you log in with but we will not publish your email address on the Website or via our App.
3. We reserve the right to refuse to publish any UGC (or remove without notice any previously published UGC) if it does not adhere to our User Generated Content Policy. We shall not be liable for any loss or damages whatsoever arising from such decision to refuse to publish (or to remove previously published) UGC.
4. We also reserve the right to close the User accounts and/or ban particular users from being able to post UGC to the Website or via our Apps if they persistently and/or seriously breach the terms of the User Generated Content Policy.
5. Views and opinions expressed in UGC submitted by Users or other members of the public are those of the individual submitting the UGC, not those of Treatwell and we accept no responsibility for the content of such UGC.
6. However, if you find any UGC on the Website to be in any way offensive, obscene, defamatory, racist, harmful, inaccurate, unlawful, illegal or deceptive in any way, please notify us by contacting us via chat with the subject heading "Objectionable Content". On receipt of your complaint we may remove or block access to the UGC complained of.
Intellectual property
1. You may access, view and print out one copy of this Website and all information, images, and other content (except for UGC) displayed on the Website or via our Apps ("Materials") strictly in accordance with these Website & App Terms of Use.
2. You may only view, print out, use, quote from and cite the Website and the Materials for your own personal, non-commercial use and on the condition that you give appropriate acknowledgement to Treatwell.
3. Nothing in the above licence impairs or restricts any author's moral rights in respect of the Materials.
4. We expressly reserve all intellectual property rights in and to the Website, our Apps and the Materials and your use of the Website, our App and the Materials is subject to the following restrictions. You must not:
  1. remove any copyright or other proprietary notices contained in the Materials; and/or
  2. use any Materials from the Website or our Apps in any manner that may infringe any copyright, intellectual property right or proprietary right of us or any third parties; and/or
  3. use, or cause others to use, any automated system or software to extract content or data from this Website or via our Apps ("screen scraping"), except in cases where you or any applicable third party has entered into a written licence agreement directly with us that expressly permits such activity; and/or
  4. reproduce, modify, display, perform, publish, distribute, disseminate, broadcast, frame (or use any other browser or border environment), communicate to the public or circulate to any third party or exploit this Website, our Apps and/or the Materials for any commercial purpose, without our prior written consent by way of a licence agreement.
Trade marks
1. We expressly reserve all rights in and to the www.treatwell.nl domain name and all related domains and sub-domains, the name "Treatwell", our logo device, service marks, trading names and/or trade marks. Other trade marks, products and company names mentioned on the Website or via our Apps may be trademarks of their respective owners or licensors and the rights in such marks are reserved to their respective owners or licensors.
Linking to our Website
1. You may link to any page of the Website, for non-commercial purposes provided that you do so in a way that is fair and legal and which does not damage our reputation or take unfair advantage of it. For the avoidance of doubt, the linking site must not contain any adult or illegal material or any material that is offensive, harassing or otherwise objectionable.
2. You must not link to our Website in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not remove or obscure by framing or otherwise, advertisements, any copyright notice, or other information published on the Website.
3. Our Website must not be framed or be subjected to any other browser or border environment on any other site.
4. If you would like to link to our Website for commercial purposes or any purpose not included above, or if you would like to become a Partner, please contact us via chat.
5. We reserve the right to withdraw linking permission at any time and without notice.
Privacy, your personal data and cookies
1. The privacy of your personal data is important to us. Please see our Privacy & Cookies Policy for details of how we will process your personal data, where it is provided to us, and how we use cookies.
Third party content and third party websites
1. Our Website and our Apps may contain advertising submitted by third parties. Such third parties are solely responsible for the content of such advertising and for ensuring that it complies with all relevant legislation and regulations. We do not accept any responsibility for the content of any third party advertising.
2. Our Website, our Apps and/or the Materials may contain links to third party websites (including those of our Partners). If you decide to visit any third party site, you do so at your own risk. We are not responsible or liable directly or indirectly for the content, accuracy or opinions expressed in such websites or the standard of goods or services available through or on such websites. Unless expressly stated otherwise, links do not imply that we are, or our Website or our Apps are, affiliated to or associated with such sites.
3. Our communications with you may contain information sourced from third party websites. Material from a third party site will be marked as such and a link to the source website may be provided. We accept no responsibility or liability for any material supplied by or contained on any third party website which is linked from our communications with you, or any use of personal data by such a third party.
4. The inclusion of any link in our communications with you does not imply endorsement by us of the linked site. If you decide to access linked third party websites, you do so at your own risk.
5. Please remember that when you use a link to go from our Website or our Apps to another website, our Terms and Polices (including our Privacy & Cookies Policy) will no longer be applicable. Your browsing and interaction on any other website, including websites which are linked to ours, is subject to that website’s own terms and policies. Please read those terms and policies before proceeding.
Our liability
1. To the fullest extent permissible by law, we exclude and disclaim all warranties, terms, conditions and representations that might otherwise be implied by law in relation to this Website or our Apps. In particular, we do not represent or warrant that the Website or our Apps will be error-free, free of viruses or other harmful components, or that defects will be corrected. You must take your own precautions in this respect. In any event and to the extent permitted by law, we will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our Website or our Apps.
2. To the extent permitted by law we do not accept liability for any failure to maintain the Website or our Apps and/or late or failed delivery of any Materials.
3. Please note that we only provide our Website and our Apps for domestic and private use, and you agree not to use our Website or our App for any commercial or business purposes unless we have approved you as a Partner.
4. We do not accept any liability for the following types of loss, even if the loss is foreseeable: loss of income or revenue, loss of business, loss of profits, loss of anticipated savings, loss of data or waste of management of office time.
5. The Materials may contain inaccuracies and typographical errors. We do not warrant the accuracy or completeness of the Materials.
6. We shall not be liable for any loss caused as a result of your actions or inactions based on the Materials available on this Website or via our Apps. However, nothing in these Website & App Terms of Use shall affect your statutory rights, and nothing in these Website & App Terms of Use shall exclude our liability for death or personal injury arising through negligence, for fraud or fraudulent misrepresentation and/or anything else that cannot be excluded or limited by us under English law.
Disclaimer
1. The information contained on the Treatment Files is for general information purposes only. The information is provided by www.treatwell.nl and whilst we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the information, products, services or images contained on www.treatwell.nl. Your use of any or all information, products and/or services must be based on your own due diligence and you should consult an appropriate professional for specific advice tailored to your needs and situation. Any reliance you place on such information is strictly at your own risk.
2. You must not rely on the information on the Treatment Files as an alternative to medical advice from your doctor or other professional healthcare provider. To the extent that you require medical advice, you should consult your doctor or other professional healthcare provider.
3. Through this website you are able to link to other websites which are not under the control of www.treatwell.nl. We have no control over the nature, content and availability of those sites and will not be responsible for them. The inclusion of links does not necessarily imply a recommendation or endorse the views expressed within them.
4. In no event shall we be liable for direct, indirect, punitive, incidental, special, consequential or any damages whatsoever arising out of or in any way connected with the use of or performance of information, products, services or reliance on the contents of www.treatwell.nl.
Serviced countries
1. This Website and our Apps are provided for users in the Netherlands only. Whilst access may be possible from outside the Netherlands, neither this Website nor our Apps are intended for such use and such users access the Website and our Apps at their own risk.
Changes to our Website & App Terms of Use
1. We may change these Website & App Terms of Use from time to time, in which case an up to date version will be available via the Website and our Apps. You should check these Website & App Terms of Use regularly to ensure that you are happy with any changes. You will be deemed to have accepted any changes to these Website & App Terms of Use after you have been notified of the changes on our Website or our Apps and/ or if you continue to access or use the Website or our Apps, where the updated Website & App Terms of Use will be available for you to view.
Legal compliance and applicable law
1. The Netherlands Courts will have non-exclusive jurisdiction over any claim arising from or related to a visit to this Website or use of our Apps. Dutch Law will apply to these Website & App Terms of Use.
Contact us
1. If you have any concerns or queries about material which appears on our Website or our Apps or if you have questions about your use of this Website, our Apps or these Website & App Terms of Use please contact us via chat. Our postal address for correspondence is Treatwell, Vijzelstraat 79, 1017 HG Amsterdam.
2. We will acknowledge all complaints sent in via email within 48 working hours of receipt. We will record each complaint with a unique reference number on a tracking system. We aim to resolve complaints within 21 days. Should you not be happy with the way a complaint has been resolved, you will be able to escalate your complaint for further review which we aim to complete within an additional 21 days.
3. In the event that our complaints procedure is exhausted in the course of dealing with your complaint, you may reach out for alternative dispute resolution. Please follow this link to see the relevant certified alternative dispute resolution providers for your country. This is subject to the relevant country’s availability and implementation of the DSA out-of-court dispute settlement procedure.

The basics

Who are we? We are Treatwell Limited (we, our, us) and in these Terms we are described in different ways depending on the activity we engage with concerning your data. We process your personal data if you are a business, and we have a lawful and reasonable basis to do so. We process your personal data if you are a customer of our App or Website and we have a lawful and reasonable basis to do so. When we process your data in these instances we are regarded as a "data controller". In certain situations, you may provide your data to a partner and in this instance, they are "data controller's" and we are "data processors".

If you have any questions about how we collect, use or share your data, please contact us at support.treatwell.com/hc/en-nl or dpo@treatwell.com, or write to us at Treatwell Limited, 1st Floor, 6 St Andrew Street, London EC4A 3AE.

What is the purpose of this policy?

We are committed to protecting the privacy of our customers and business partners. We have written this Privacy Policy (policy) to ensure you have all the information you need about how we collect and process your personal data, and how we make sure it is kept safe. When we collect and process your personal data, we are regulated under the General Data Protection Regulation (EU) 2016/679 (the GDPR) which applies across the EEA (including in the UK) and the Data Protection Act 2018.

Who does this policy apply to?

This policy applies to anyone who uses:

our Websites (www.treatwell.com, www.treatwell.nl),
Connect, our salon diary and management tool app and website (www.connect.treatwell.co.uk),
our Apps (which means the marketplace booking application and Connect app on Android or iOS),
customised websites powered by Connect and hosted on www.mytreatwell.co.uk (Partner Sites), and
Widgets to make bookings with our salon partners (Partners) whose websites are powered by Connect and that may embed these Widgets on their Partner Site, their own websites and/or social media pages.

(together, the Platform).

How can you complain?

You can complain to us at any time using the details above. You also have the right to make a complaint to the ICO, or any supervisory authority in the EU Member State where you live. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority, so please contact us first.

How do we update this policy?

We understand that things change, so we will continue to review the effectiveness of this policy and make sure it is achieving its goals. We might update the policy from time to time and will post the most recent version on this page. If we make a change to this policy that we consider material, we will notify you via the Platform.

If you have any questions about this policy or how it works, please get in touch and we would be happy to chat!

The details - how we are collecting and using your data, and why

What personal data do we collect and why?

We use a few different methods to collect your personal data. Sometimes you provide us with this data and other times it will be collected automatically when you visit and/or use the Platform.

We collect personal data for a number of reasons, including to meet our legal obligations, manage our operations, improve our organisation and deliver our services to you. Under data protection law we can only use your personal data where we have a legal basis to do so (e.g., legal duty, contract, legitimate interest, consent, etc).

The legal basis, the purpose and the retention period which we apply to our main processing activities are set out below:

Purpose 1: To set up and administer your requested account.

Lawful Basis: Fulfilling our contract with you.
Retention period: 5 years in the event of inactivity of the account.

Purpose 2: Processing your comments, reviews or survey responses.

Lawful Basis: When it is our legitimate interest to provide good customer service.
Retention period: Until the deletion of your account in accordance with the applicable law.

Purpose 3: Delivering any emails, surveys, newsletters and alerts that you have signed up to.

Lawful Basis: Your consent.
Retention period: Until consent is withdrawn.

Purpose 4: Delivering our services to you.

Lawful Basis: Fulfilling our contract with you.
Retention period: 10 years from performance of the contract, or at least until the expiry of the statutory period of limitation that applies to the subject matter of the contract.

Purpose 5: Delivering our services to you.

Lawful Basis: Your consent.
Retention period: Until consent is withdrawn.

Purpose 6: Facilitating your booking and delivering the services to you.

Lawful Basis: Fulfilling our contract with you.
Retention period: Maximum 10 years after the end of each tax year in which the transaction occurs.

Purpose 7: Responding to complaints, questions and feedback and providing information about your requested service.

Lawful Basis: Fulfilling our contract with you.
Retention period: 90 days from the date of call recording.

Purpose 8: Responding to complaints, questions and feedback and providing information about your requested service.

Lawful Basis: Fulfilling our contract with you.
Retention period: 30 days after the end of the Live Chat Session.

Purpose 9: Receiving feedback about our services.

Lawful Basis: Fulfilling our contract with you and our partners.
Retention period: 30 days after submission.

Purpose 10: Resolving the litigation and investigation.

Lawful Basis: Fulfilling our contract with you/our legal duty.
Retention period: 10 years from the end of the investigation/litigation (unless there are grounds to keep for longer).

Purpose 11: Administering the Platform and other systems and protecting them.

Lawful Basis: Legitimate interest.
Retention period: Maximum 1 year from entry.

Purpose 12:To improve the Platform and services, using data analytics.

Lawful Basis: Legitimate interest.
Retention period: Up to 2 years .

Purpose 13: Showing you content and features that are personal to you and your interests.

Lawful Basis: Your consent.
Retention period: Until consent is withdrawn.

Purpose 14: Understanding your preferences for marketing, automated decision-making, profiling, cookies and any other processing activities that you can opt-out of.

Lawful Basis:Your consent.
Retention period:Until consent is withdrawn.

Purpose 15: Developing and carrying out marketing activities.

Lawful Basis: Legitimate interest.
Retention period: Until consent is withdrawn.

Personal Data

Type of personal data: Contact information

Description: Name, addresses, e-mail address, phone number, date of birth and other contact details.
Purpose: To set up and administer your requested account.

Delivering our services to you.

Processing your comments and reviews.

Delivering any emails, surveys, newsletters and alerts that you have signed up to.

Lawful basis: Fulfilling our contract with you.

When it is our legal duty.

When you consent to it.

When it is in our legitimate interest to:

collate and publish reviews of our Partner’s products/services
notify you about new services and special offers we think you would be interested in
send you information about competitions, surveys and Partner's promotional offers
enable Partners and other third parties to send information about their goods and services
publish reviews of Partner products or services and use these for ads

Type of personal data: Sensitive information

Description: Details about your race or ethnicity, health, sex or other sensitive data that you voluntarily give when making a booking or submitting a review.
Purpose: Delivering our services to you.
Lawful basis: When you provide your explicit consent.

:Type of personal data: Financial information

Description: Payment details (i.e., your card details when paying for our services).
Purpose: Facilitating your booking and delivering the services to you.
Lawful basis: Fulfilling our contract with you.

When it is in our legitimate interest to:

keep our records up to date

Type of personal data: Communications

Description: Emails, calls, live chats or other methods of communications you choose to use
Purpose: Investigating and responding to complaints, questions and feedback.

Providing information about your requested service.

Lawful basis: Fulfilling our contract with you.

When you consent to it.

When it is in our legitimate interest to:

resolve issues and improve our services to you
improve our user communications
develop our training programmes

Type of personal data: Data that identifies you

Description: Details about the devices and technology you use (e.g., your website browser settings, IP address, location, etc).
Purpose: Administering the Platform and other systems and protecting them. This includes troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting.
Lawful basis:

When it is in our legitimate interest to:

ensure our organisation runs properly
keep the Platform and systems secure
protect our systems and software, including your personal data
improve our services
conduct internal research and analysis on the use and performance of the Platform and services

Type of personal data: Data on how you use the Platform

Description: Information about how you use the Platform and services.
Purpose: Understanding how we can improve the Platform and services, using data analytics.

Showing you content and features that are personal to you and your interests.

Lawful basis: Fulfilling our contract with you.

When you consent to it.

When it is in our legitimate interest to:

verify your compliance with our agreements and for defending legal claims
monitor, improve and protect the Platform, products and services, and personalise these based on your use
develop our business
improve our service offering

Type of personal data: Preferences and consents

Description: Your marketing and communication preferences.
Purpose: Understanding your preferences for marketing, automated decision-making, profiling, cookies and any other processing activities that you can opt-out of.

To send information about your requested services (i.e., appointment reminders).

Developing and carrying out marketing activities.

Lawful basis: When you consent to it.

When it is in our legitimate interest to:

notify you about our services and special offers we think you would be interested in
tailor and personalise ads based on the information you provide and your use of the Platform
conduct market research and consumer surveys
use cookies and similar technology

What about the information I give when I make a booking for someone else?

If you plan to give us someone else’s personal data (e.g., when making a booking for them), they must have access to this policy and you must get their consent before sharing any information with us.

How long do we keep your data for?

When we decide how long we need to keep your data for, we take into account the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes we use your data for and whether we can achieve those purposes another way.

The retention period which we apply to your personal data is defined in the table above.

You can contact us for more details on our data retention policy.

Do we use cookies and other tracking technologies?

A cookie is a small file of letters and numbers that is stored on your browser or the hard drive of your computer. As with other commercial websites and apps, the Platform uses standard technologies including cookies and similar tools to enhance your user experience, improve our systems and provide tailored offers to you. You cannot actually see cookies as they sit in the background of our systems, but they are probably present on most sites you visit.

For more information on the cookies we use, please take a look at our Cookie Policy.

What marketing activities do we conduct?

We want you to know all about us, our Partners and the services available. To do this, we undertake marketing activities which sometimes involve using your personal data - such as sending you newsletters via email or showing you online adverts.

You will not receive marketing from us by email or text unless you have given us permission, or unless you have used our services before. These messages might contain information about our services, offers, competitions and other important information.

Third parties

We may disclose your personal data to a select group of third parties. But we treat the security and method of processing your personal data very seriously, and we will never sell your personal data.

We have outlined below who those third parties are:

Type of third party: Other Treatwell companies

Description: Treatwell Limited is part of the Treatwell Group, so we might need to share and collect personal data with other companies in the group to provide and administer our products and services.
Collect: ✓
Share: ✓

Type of third party: IT and hosting providers

Description: If you place an order or engage with us via a website or app that is powered by a third party, we will share your contact and order details (e.g., lastminute.com when you make a booking via spa.lastminute.com). If you give a third party the relevant consents (which we collect on their behalf), they may also send you marketing communications.
Collect: ✓
Share: ✓

Type of third party: Our Partners

Description: When you book services with one of our Partners through us, we will share your information so Partners can: (i) facilitate bookings and, if necessary, contact you before your booking, (ii) deliver marketing emails you have opted in to, and (iii) improve their service offerings and business operations.
Collect: ✕
Share: ✓

Type of third party: Business support tools

Description: We may share your personal data with service providers to: (i) perform functions on our behalf related to the Platform, the running of our business and the provision of our services (e.g., processing payment details, analytics, etc), and (ii) facilitate our business and improve our services.
Collect: ✕
Share: ✓

Type of third party: Partner’s IT and hosting service providers

Description: When our Partners use thirty party software providers, we may share your personal data with them to ensure the software solution and Connect display up to date and accurate information.
Collect: ✕
Share: ✓

Type of third party: Competitions

Description: We may share your personal data with brands that we are looking to collaborate with on products, services, competitions and campaigns, and we will get your consent before we do this.
Collect: ✕
Share: ✓

Type of third party: Third parties involved in business reorganisation

Description: If we, or the Treatwell Group, decide to sell, transfer or merge part of our organisation or if we become insolvent, we may need to share your personal data with other organisations as part of the process.
Collect: ✕
Share: ✓

Type of third party: Government and regulatory organisations

Description: We might be required to share your personal data with official bodies to fulfil our legal and regulatory obligations. We might also need to disclose your data for court proceedings, to enforce our agreements or to protect customers (including by sharing data with companies for fraud protection and credit risk reduction).
Collect: ✕
Share: ✓

Type of third party: Marketing, business development and sales partners

Description: To provide you with personalised adverts, we may need to share your personal data with any media agencies and advertising partners we engage with.
Collect: ✕
Share: ✓

How will my reviews be used?

Any personal data you upload to publicly visible areas of the Platform (such as review sections), may be collected by third parties, and we have no control over this and are not responsible for how they may use this information. We recommend you are careful about the information you disclose in these areas.

What about third-party links on our Site?

The Platform might include links to third party websites, and often these links are solely there as pointers to information on topics that might be useful to you. Clicking on those links might allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy standards. When you leave the Platform, please remember that this policy no longer applies, and we encourage you to read the privacy policy of any website you visit.

What happens to information you provide via social media?

Parts of the Platform may allow you to submit your own content, such as reviews and photos of your experience. It is important to remember that these submissions can be viewed by the public, and we are not responsible for any actions taken by other individuals if you post personal data on one of our social media platforms. We recommend you are cautious about providing certain information (e.g., card details or your address) and that you refer to the privacy and cookie policies of the social media platforms you use.

What information do you need to know about our key third parties?

Stripe. We use a third-party payment processor, Stripe, to process all payments made by you on our Website & App. Treatwell does not store credit card details and instead relies on Stripe for this. We obtain limited information from Stripe such as the last four digits, the country of issuance and the expiration date. The processing of such data by Stripe is covered by their privacy policy which may be viewed here: https://stripe.com/privacy. Stripe’s services in Europe are provided by a Stripe affiliate, Stripe Payments Europe Limited, an entity located in Ireland. In providing its payment processing services, Stripe Payments Europe Limited transfers personal data to Stripe, Inc. in the US. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of Stripe’s privacy policy entitled “International Data Transfers.

PayPal. Please note that all PayPal transactions are subject to the PayPal Privacy Policy which can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. Please ensure that you are happy with the terms of the PayPal Privacy Policy if you wish to use PayPal to complete any transactions through the Platform.

Spa.lastminute.com. The spa.lastminute.com page is powered by Treatwell. Treatwell performs certain functions as a data controller in partnership with lastminute.com, also a data controller, and as a result Treatwell is required to process your personal information and share some of that information with lastminute.com when you browse and/or book on spa.lastminute.com. The purposes for which Treatwell collects, processes & shares your personal data with spa.lastminute.com are: (i) to fulfil a contract with you, by: (a) processing & managing your bookings; and (b) communicating with you about your booking; and (ii) to fulfil our, or third parties', legitimate interests, by: (a) providing search results; (b) communicating with you, including via Treatwell’s lastminute.com branded customer service function via telephone and email; and (c) on behalf of the relevant venue, collecting your consent (if you choose to provide it) at the checkout page to receive marketing emails from the particular venue with whom you are booking. As well as collecting personal information directly from you during the booking process, Treatwell also uses Cookies (defined below) on spa.lastminute.com in order to ensure spa.lastminute.com works correctly, to enhance and simplify your user experience, to enable us to understand how many users visit our spa.lastminute.com, to establish the source of your booking (channel, location, etc.) and consequently to enable verification of the booking as a lastminute.com booking and to send lastminute.com branded transactional communications to spa.lastminute.com customers. Please see the cookies section of this Privacy Policy for further information on the purposes for which we collect and use this information. For information on retention of your personal data, transfers of your personal data (to third parties and outside the European Economic Area), and your rights in respect of your personal data, please refer to the relevant sections of this Privacy Policy. If you have any queries or wish to exercise any of your rights in respect of the personal data processing described in this paragraph, please contact Treatwell using the details set out in this Privacy Policy.

Treatwell will also, on behalf of and under the instructions of lastminute.com, collect your consent (if you choose to provide it) at the checkout page to receive marketing emails from lastminute.com and pass this to lastminute.com daily via a secure data feed. For the avoidance of doubt, Treatwell does not collect any marketing opt-in for itself on spa.lastminute.com. lastminute.com also use cookies and similar tracking measures on spa.lastminute.com to collect information about your behaviour and for other purposes including personalisation, analytical and advertising and re-marketing. Please see lastminute.com's privacy policy here and cookie policy here for more information on how lastminute.com collects and processes your personal data. If you have any queries or wish to exercise any of your rights in respect of the personal data processing described in this paragraph, please contact lastminute.com using the details set out in their privacy policy.

Do we transfer data outside of the EEA?

The personal data that we hold about you will be held in the UK and the European Economic Area (EEA), but it might also be transferred to or stored outside the UK or EEA, including in the US and Israel.

When we transfer your data to third parties outside the EEA, we make sure your data is safe. We do this by putting one of the following safeguards in place:

only transferring it to a country the European Commission has decided has a suitable level of protection, or
by putting in place contracts (known as the Standard Contractual Clauses, and the International Data Transfer Agreement/Addendum) that make sure the third party outside of the EEA promises to protect your personal data. We also make sure any other necessary security measures are put in place.

If you are in the EEA, you can contact us at any time and we will let you know exactly what safeguards we have put in place for the transfer of your personal data outside the EEA. You can also contact us at any time at support.treatwell.com/hc/en-nl for a copy of the relevant mechanism.

Your rights

What are your rights and how do you exercise them?

Under the GDPR, you are entitled to the following rights:

Asking us for a copy of your data: You can ask us for a copy of the personal data we hold about you and to check that we are lawfully processing it.
Asking us to delete or erase your data: You can ask us to delete your personal data where there is no good reason for us continuing to process it.

Sometimes we cannot meet your request because of legal reasons. But don’t worry, we will tell you if this applies when you make your request!

Asking us to correct your data: You may be able to view or change the data we hold about you by logging in to your online account. If this does not work, you can ask us to correct the data - but we might need to check that the new data you give us is right.
Ask us to send your data to another organisation: You can ask us to move, copy or transfer your personal data to a different organisation, where it is reasonable and fair.
Ask us how we are using your data: We will tell you how we collect, use and share your personal data.
Asking us to restrict the processing of your data: If you have a particular reason (for example the content or how we are using it), you can ask us to limit the ways in which we are using your data.
Objecting to our processing activities: For certain types of activities, like direct marketing, you can ask us to stop at any time.

You can also object if we are making decisions that are automated or if we are using your data to profile you (this basically means we are using your data to guess what you are interested in or make decisions about you). If there are circumstances when it is really important for us to use your data, we may be unable to stop the processing. But don’t worry, we will let you know if this is the case - and our reasons.

We might ask you to give us information to verify your identity (especially when you ask for financial information). This is to make sure we keep your and our other customers’ personal data safe.

We try to respond to legitimate requests within 1 month of receiving them. Sometimes it might take us longer if your request is complicated or you have more than 1 request. But don’t worry, we will make sure to let you know if we need more time and will keep you updated.

There are some requests that we will not be able to fulfil, and this can be for many reasons, including when there is a risk that another person's personal data will be disclosed, or if we have a legal requirement or a compelling reason to continue processing your personal data which you have asked us to delete.

If you want to exercise any of these rights, please get in touch with us at support.treatwell.com/hc/en-nl. If you need more information about your rights, including the circumstances in which they apply to you, please see the ICO’s websites or contact us.

How can you withdraw your consent and opt-out of processing?

You can ask us to stop sending you marketing messages that you have previously consented to at any time you want. You can do this by following the instructions in our communication, or by using the details set out below:

General. Following the instructions in the communication or contacting us.
Emails. Clicking the “unsubscribe” button at the bottom of our email or contacting us at support.treatwell.com/hc/en-nl (please allow 48 business hours for your email to be removed from our system).
Partner communications. Contacting the Partner or third party directly. In the case of our Partners, if you need our help, we would be happy to do what we can.
Push notifications. Revoking this within your phone’s operating system settings.

When you opt-out or unsubscribe from marketing, we will stop using your personal data in the ways you have asked. However, we will not delete your data as we may need it for other reasons. If you want us to delete all your data, please ask us to do that, as well as opting-out of marketing messages.

If you withdraw your consent and/or opt-out, we might not be able to provide certain services to you. If this is the case, we will let you know. You can of course give us your consent again if you want to access our services.

Please note that when you have opted out using the above methods, you may still see our non-targeted ads when you are online as we have no control whether these ads are displayed to you.

You have a right to withhold your consent without suffering any adverse effects.

Security

What security measures do we have in place?

We use strict procedures and security features to protect personal data we receive from you.

Partner Data Processing Agreement

DATA PROTECTION AGREEMENT (c.d. “DPA”)

Appointment of the data processor ex art. 28 of the Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR")

This deed of appointment of the Data Processor and the related contractual regulation (hereinafter the "DPA") is entered into between

You, (hereinafter referred to for convenience as the “Salon”, “Data Controller” or “Controller”) and

Treatwell BNL B.V. (t/a Treatwell) having its registered office in The Netherlands, at address Vijzelstraat 79, 1017 HG Amsterdam, The Netherlands, VAT number 928047219 in the person of its legal representative p.t., (hereinafter referred to for convenience as “Treatwell”, “Data Processor” or “Processor”),

The Salon and Treatwell are hereinafter collectively referred to as the "Parties".

PREMISES

On (*), the Parties entered into an agreement (hereinafter the “Agreement") whereby Treatwell provides the Salon with the following services: i) the Treatwell platform, Site and App, for the promotion of the Salon and to receive bookings/purchases of beauty services from users; ii) the software, called “Treatwell Connect” or “Treatwell Pro”, to manage the booking diary and marketing and service communications (hereinafter, collectively, only “Services”).
The Parties are subject to the provisions of Regulation EU 679/2016 on the protection of natural persons with regard to the processing of personal data (hereinafter, for convenience, referred to as the "GDPR") and the relevant national implementing legislation (hereinafter collectively referred to as the "Data Protection Legislation").
In the execution of the Agreement, the Salon assumes the role of Data Controller pursuant to art. 4, par. 1, no. 7, GDPR and processes the personal data of the individuals who book/purchase the beauty services offered/promoted at its business premises or through the Treatwell website and app (hereinafter, for convenience, "Data Subjects").

In view of all the above, it is hereby agreed and stipulated as follows.

Appointment of the Data Processor
1. Treatwell is appointed as a Data Processor pursuant to articles 4, par. 1, no. 8 and 28 GDPR in relation to the provision of the Services under the Agreement.
Subject matter of the DPA
1. The Agreement and the Premises form an integral and essential part of this DPA and shall be deemed to be incorporated herein by reference in their entirety.
2. This DPA defines the terms and conditions that Treatwell, in its capacity as data processor and on behalf of the Salon, must comply with when carrying out the personal data processing operations necessary for the provision of the services under the Agreement. This DPA is in fact conditional, in terms of its object and duration, to the Agreement concluded between the Parties. Personal data collected or processed for purposes other than those provided for in the Agreement do not fall within the mandate of the Data Processor.
Processing of personal data assigned to the Data Processor
1. Treatwell is authorised to process, on behalf of the Data Controller, Data Subjects personal data which are necessary to:
  ● share with the Salon bookings and purchases made by Data Subjects through the Platform;
  
  ● facilitate bookings and purchases of beauty services offered by the Salon;
  
  ● share with Data Subjects the results/outcomes of the bookings/purchases made via the Platform;
  
  ● assisting Data Subjects with complaints and requests for information;
  
  ● any other processing of the Data Subjects' personal data necessary for the execution of the Agreement.
2. In execution of the Agreement, Treatwell only provides the Salon with the agenda/booking and activity management Software as well as the marketing communication and service evaluation Software. The manner in which both Software are managed and used, including the sending of communications, also for marketing and service evaluation communications, is entirely at the sole discretion of the Salon, with the result that only the Salon can be held liable.
3. The personal data that will be processed will be common data (e.g.: name and surname), contact data (e.g.: e-mail, telephone number), data relating to bookings/purchases made by Data Subjects.
4. The type of operations carried out on personal data are both automated and non-automated. The Data Processor processes personal data in accordance with the provisions of the GDPR.
Obligations of the data Processor
1. The Data Processor undertakes to comply with the obligations and instructions given by the Controller. In particular:
  ● Compliance with the applicable Data Protection Legislation. The Processor undertakes, when processing personal data, to comply with the principles on the processing of personal data set out in the GDPR (Article 5, GDPR) and, in accordance with the principle of minimisation, to process data only to the extent necessary to provide the activities or applications specified in the Agreement and in this DPA, ensuring that personal data belonging to the Processor itself or to its other clients are processed separately.
  
  ● Respect for purposes. The Data Processor undertakes to process personal data exclusively for the purposes set out in Art. 2 and in compliance with the instructions provided by the Data Controller.
  
  ● Duty to cooperate. The Data Processor shall promptly inform the Data Controller i) if it considers that the instructions given by the Data Controller violate the provisions contained in the GDPR or the Data Protection Legislation and ii) of the existence of a legal obligation to proceed with a transfer of personal data to a third country or an international organisation, unless the applicable law prohibits this for important reasons of public interest. The Data Processor also undertakes to assist the Data Controller in ensuring compliance with the obligations set out in articles 32 et seq. of the GDPR, by notifying the Data Controller of any potential personal data breach encountered within 48 hours of becoming aware of the event, and by providing any documentation/information that may be useful to enable the Data Controller to notify the Data Protection Authority pursuant to article 33 of the GDPR or the Data Subjects pursuant to article 34 of the GDPR. Where necessary, the Data Processor also undertakes to assist the Data Controller in the drafting of the Data Processing Impact Assessment (‘DPIA’) pursuant to article 35 of the GDPR or in the prior consultation with the Data Protection Authority pursuant to article 36 of the GDPR.
  
  ● Confidentiality. The Data Processor undertakes to ensure the confidentiality of the personal data processed by limiting access i) to persons authorised and specifically instructed to process the data in accordance with article 29 of the GDPR; ii) to sub-processors in accordance with article 28 of the GDPR.
  
  ● Sub-processors. The Controller generally authorises the Data Processor, pursuant to article 28, par. 2, of the GDPR, to delegate the processing of personal data under this DPA to sub-processors. Pursuant to article 28, par. 4, of the GDPR, an agreement must be concluded between the Data Processor and the sub-processor to ensure that the sub-processor fulfills its data protection obligations. In any case, the Data Processor remains responsible to the Controller for the processing activities delegated to sub-processors.
  
  ● Record of processing activities. Pursuant to article 30 of the GDPR, the Processor undertakes to keep a record of all processing activities carried out on behalf of the Controller.
  
  ● Transfers outside the European Economic Area. The Data Processor is authorised by the Data Controller to transfer personal data outside the European Economic Area, provided that it is to third countries that have obtained an adequacy decision pursuant to article 45 of the GDPR or that the security measures set out in articles 46 et seq. of the GDPR, including the so-called Standard Contractual Clauses ("SCC").
  
  ● Security. In accordance with the provisions of articles 25 and 32 of the GDPR, the Data Processor undertakes to adopt technical and organisational measures to ensure i) an adequate level of security of the personal data of Data Subjects and ii) the confidentiality, integrity, availability and resilience of the processing systems, the ability to promptly restore the availability and access of personal data in the event of a physical or technical incident. The Processor undertakes to implement procedures to regularly test, verify and evaluate the effectiveness of the security measures adopted. If the processing concerns particular data pursuant to article 9 of the GDPR, the Data Processor undertakes to implement technical and organisational measures and/or additional guarantees.
  
  ● Rights of Data Subjects. The Data Processor undertakes to assist the Data Controller in responding to requests from Data Subjects to exercise their rights pursuant to artt. 15 ss. GDPR (e.g. right of access, rectification, deletion, etc.). In the event that requests are sent to the Data Processor, the latter will forward them to the Data Controller within 72 hours of receipt. In more complex cases, the assistance provided by the Data Processor shall be adequately remunerated.
  
  ● Delation of the Controller's Personal Data. In the event of termination of this DPA or of the Agreement, the Processor undertakes to erase/destroy or return to the Controller any existing copies of the Personal Data, documenting in writing that such erasure/destruction has taken place, unless the retention is necessary under applicable Data Protection Law or to comply with legal obligations or to establish, exercise or defend a legal right.
  
  ● Audit. The Data Controller has the right to carry out verification activities ("Audits") on the Data Processor's compliance with the applicable Data Protection Law, at most once a year and with exclusive reference to the processing operations under this DPA, giving at least 90 days' notice and ensuring the maximum protection of the Data Processor's business operations. The Data Processor undertakes, pursuant to article 28, par. 3, lett. h, of the GDPR, to provide the Data Controller with the information necessary to monitor the fulfilment of its obligations under this DPA. The Controller shall bear all costs related to the audit activity.
Obligations of the Data Controller
1. The Data Controller is obligated to document in writing all instructions given to the Data Processor and to supervise, for the entire duration of this DPA, the processing activities carried out by the latter.
2. The Data Controller is also responsible for providing Data Subjects with the information referred to in articles 13 and 14 of the GDPR, with reference to the processing delegated to the Data Processor. In any case, the Data Processor provides some information on the division of roles in the Privacy Policy published on the Platform and accessible at the following link www.treatwell.nl/en/info/privacy-policy/.
Liability and Indemnity
1. The Controller undertakes to indemnify the Processor for any communication activities, marketing or otherwise, carried out through the software provided by the Processor.
2. The Controller undertakes to indemnify the Data Processor for any processing activities delegated to the Data Processor. The Controller shall be solely responsible for the processing of the Data Subjects' personal data, unless the Data Processor acts with intent or gross negligence.
Term, resolution and withdrawal
1. This DPA comes into force when it is signed by the Parties and has the same duration as the Agreement, following the course of the latter (e.g. termination, expiry, etc.).
2. In the event that one of the Parties breaches the obligations set forth in the GDPR or in the current Data Protection Legislation, this DPA shall be considered terminated with immediate effect.
3. The Data Processor has the right to withdraw from the DPA and the Contract if the Data Controller insists on carrying out instructions given in breach of the GDPR and/or the applicable Data Protection Legislation. In this case, the Data Processor shall promptly terminate the processing of personal data and any damages and/or compensation in favour of the Data Controller shall be excluded.
Final dispositions
1. The Parties undertake to amend this DPA if this becomes necessary as a result of changes to the Data Protection Legislation.
2. The interpretation and execution of this DPA shall be governed by the law of The Netherlands. Any dispute arising out of or in connection with the DPA shall be submitted to the exclusive jurisdiction of the Court of The Netherlands.

…

Our policy on Cookies

In common with other commercial websites and apps, our Platform use standard technologies including cookies and similar tools including web server logs, web beacons, tokens, pixel tags, local storage, device identifiers and tracking IDs (together referred to as “Cookies” in this Privacy Policy) to enhance your user experience, to enhance your user experience, improve our site and provide tailored offers on Treatwell and other sites.

Please see the table below for a live breakdown of the Cookies that are used on our Platform.

Welcome to Treatwell!