Privacy Policy

1. Who We Are

North Coast Spa is a Northern Ireland-based business supplying and installing luxury wood-fired hot tubs and garden saunas. We are the data controller for the personal information you provide to us. If you have any questions about how we handle your data, please contact us at [email protected] or by calling +44 7565 146523.

2. What Information We Collect

• Name, phone number, and town/village — collected when you submit a quote request through our Hot Tub Builder, Sauna Builder, or Contact form.
• Email address — collected when you register interest in our upcoming product ranges.
• Notes and preferences — any additional details you voluntarily provide in the notes field of our quote forms.
• Usage data — we collect anonymised analytics data (page views, session duration) to understand how visitors use our website. This data does not identify you personally.

3. How We Use Your Information

• To respond to your quote request and provide pricing information.
• To contact you about your enquiry by phone, WhatsApp, or email.
• To notify you when a product range you expressed interest in becomes available.
• To improve our website and services based on anonymised usage patterns.
• We do not use your information for automated decision-making or profiling.

4. Legal Basis for Processing

• Legitimate interests — processing your enquiry and responding to your request for a quote is in both your interest and ours.
• Consent — where you have ticked a box or explicitly opted in (e.g. product launch notifications), we rely on your consent. You may withdraw consent at any time.
• Legal obligation — we may retain certain records as required by UK law (e.g. for tax or accounting purposes).

5. How Long We Keep Your Data

We retain enquiry and quote data for up to 2 years from the date of your last contact with us, after which it is securely deleted. If you become a customer, we retain your contact and order information for 7 years in line with HMRC requirements. You may request deletion of your data at any time (subject to any legal retention obligations).

6. Who We Share Your Data With

• We do not sell, rent, or trade your personal information to third parties.
• We use Formspree (formspree.io) to process form submissions. Formspree receives the data you submit and forwards it to our email inbox. Formspree is GDPR-compliant and processes data in accordance with their privacy policy.
• We use anonymised analytics services to understand website traffic. No personally identifiable information is shared with these services.
• We may disclose your information if required to do so by law or in response to a valid legal request.

7. Cookies

Our website uses essential cookies required for the site to function correctly, and anonymised analytics cookies to help us understand how visitors use the site. We do not use advertising or tracking cookies. By continuing to use our website, you consent to our use of cookies as described here. You can disable cookies in your browser settings, though this may affect some functionality.

8. Your Rights Under UK GDPR

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct inaccurate or incomplete data.
• Right to erasure — you may ask us to delete your personal data, subject to any legal obligations to retain it.
• Right to restriction — you may ask us to restrict how we process your data in certain circumstances.
• Right to object — you may object to our processing of your data where we rely on legitimate interests.
• Right to data portability — you may request your data in a structured, machine-readable format.
• To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data transmitted through our website is encrypted using HTTPS. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. Links to Other Websites

Our website may contain links to third-party websites (such as Facebook, WhatsApp, and product manufacturer pages). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The most current version will always be available on this page, with the date of the most recent revision noted at the top.

12. How to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator. You can contact the ICO at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO — please reach out to us first at [email protected].