Northbrook Park Mews

Privacy policy

Privacy Policy


This is our Privacy Notice, in it you can find all the information you need about how we use your personal data.

Who we are

The property is owned and operated by Nici Hotels Limited, a company registered in England and Wales under Company No 10934327 with registered office at The Lathe, Northbrook, Farnham, Surrey, GU10 5EU (the “Company” or “We” or “Us”)

Personal Information we collect

We may collect and process the following data about you summarised by category:

Contact and identification details

We may record your name, postal and email addresses, telephone numbers and contact preferences when you enquire on our website or when you sign up for a newsletter, make a booking or connect to our wireless network service. If one of our spa members makes a booking for you as a guest or recommends you as a friend they may provide us with your name, phone number and email address for the booking.

Session and device details

We record your name, email address, your device’s MAC address and IP address when you log on to our wireless network.

Payment details

If you pay for goods and services in our properties by card we record your payment card details.

Usage and attendance details

We may capture your image on CCTV when you visit one of our properties.

If you use our website we record information about the URL you came from, your device’s IP address, your browser type, and information about where your device is located. Please also review our cookie policy.

When booking at one of our hotels, restaurants or spas we will keep a record of your booking and any transactions. Where required within our spa, we will keep details of all consultations which may hold information about your general health and treatment.

Correspondence and incidents

If you contact us we may keep a record of that correspondence and any comments and responses you submit via surveys and our feedback system.

If you or your child is involved in an incident at one of our properties, we will record details of the incident.

Details about your child

If your child attends a supervised activity at one of our properties we keep a record of their attendance, emergency contact details and essential health information e.g. allergies.


In addition, if you are a member of one of our spa, we may collect and process the following data about you summarised by category:

Contact and identification details

We record your date of birth and gender. We may also take your photograph when you join. We store your user name and password if you register online with us. If you give us evidence in support of your membership application we will keep it on file.

Payment details

We keep details of your membership package and fees for you and others linked to your membership and the payments you make to us.  If you pay your membership and other fees by direct debit we keep a record of your bank details.

Usage and attendance details

We keep a record of when you check-in using your membership card or membership details. We also hold information about any class bookings. We keep a note of vouchers and guest passes issued to you. We keep a record of your health and fitness goals if you choose to share them with us.

Your personal circumstances

If you give us evidence of relocation, redundancy or a medical condition in line with our cancellation or suspension policy we will keep it on file.

Information we receive from third parties

If your membership is connected to your employer they will give us your employee number. If you connect your wearable device to any of our equipment in property we will automatically receive data from it. If your device is registered with us, we may also receive usage data from the supplier.

Details held by other service providers

We may make available to our members some services which are provided by other companies. In each case, they are responsible for telling you about any personal data which they collect.

Call recordings

If we call you about your membership, we may record the conversation. The recording, if we make one, will be paused if you give us your payment card details over the phone.

How we use your Personal Information

Legal basis for processing

If you are not a member, we use the information that you provide or that we collect in line with this Privacy Policy and our Website Terms of Use on the basis of our legitimate business interests unless otherwise stated. In addition, if you are a member, we use the information that you provide or that we collect in line with our Terms and Conditions of Membership and on the basis of our contract with you.

Contact and identification details

We use your contact details to respond to your enquiry or manage your booking and to let you know about our products and services which may be of interest (including through the use of email, phone and text if you have agreed to receive this information from us electronically).

In addition, when you become a member, we use your contact details to set up and manage your membership account and to administer our services in accordance with our terms and conditions and contact you about changes to facilities, fees and membership terms.

Session and device details

We use session and device details to manage access to our network, to make our website easier to use and to alert you about bookings and classes through our mobile app.

Payment details

We use your payment card details to collect payment for goods and services. We use your payment details to collect membership fees and other payments due from you in line with our terms and conditions; to take advice and action in relation to the collection of debts and to assist us in resolving any disputes.

Usage and attendance details

We use CCTV for the prevention and detection of crime and the health and safety of guests, members and staff. We use information about website usage to make our website easier to navigate.

We use the information you give us when visiting the spa to manage our bookings and to inform our therapists when offering treatments. We need your permission to process information about your health and we will be unable to offer any treatments without it.

We use usage and attendance data to administer our booking policy and the terms and conditions on the use of our facilities; to improve your experience of our facilities and to tailor our communications with you.

Correspondence and incidents

We use your feedback to improve our facilities and services and to assist us in dealing with any query you may have. We record details of incidents to comply with our obligations under health and safety legislation.

Details about your child

We use the information you give us about your child to safeguard their health and safety.

Your personal circumstances

We use the information you give us to administer our policy on suspension or cancellation.

Information we receive from third parties

We use data from your wearable device to improve your experience of our facilities. We use information supplied by your employer to collect payment if your membership is paid for by them.

Call recordings

We use call recordings to monitor the quality of our service, to investigate and resolve complaints and for the detection, investigation and prevention of crime (including fraud).

We may also use the information that you provide or that we collect in any other way as described to you at the time of collection of your personal data.

Special Categories of Personal Data

We may process information about your health or your child’s health, for example to ensure the safety of your child or to comply with our obligations under health and safety law. Where the processing is to provide a service to you, we will always ask for your agreement. If you are not happy for us to have this information you do not have to agree, and you can change your mind at any time, but this may mean that your child is unable to take part in a supervised activity.

Sharing your information with others

We value your privacy and do not sell your information to any third parties under any circumstances.

We may give information about you to the following third parties, who may use it for the same purposes as us and also as set out below:

  1. We share data with our agents, contractors and employees to administer your membership, your account, and any products and services provided to you now or in the future.
  2. We share your card and bank details with our secure payment providers to process card transactions and direct debit payments.
  3. We share your contact details and preferences with mailing houses, our marketing agencies, systems providers and other distributors for the distribution of information to you.
  4. We share contact and identification details with our media agents, search engine providers and social media platforms so that we can tailor our communications to the right audience.
  5. We may share your data with anyone to whom we transfer or may transfer our rights and duties under our agreement with you, if we have a duty to do so or if the law allows us to do so. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  6. We share data with third parties who will help process or administer our services or who will provide advice and take action in relation to the collection of debts.

How long we keep your information

We keep the information that you provide or that we collect only for as long as we need to in line with the reason it was collected. More detail is given below for each category of information.

We keep your contact details for up to four years after your first enquiry. We keep enough information to record your communication preferences indefinitely in order to avoid sending you unwanted information in future.

We keep correspondence for up to seven years in case you contact us again about the same subject.

If you are a member, we keep your contact and identification details, usage and attendance details and information about your personal circumstances during your membership and for up to seven years after it ends so we can respond in the event of any query about your membership. We may keep certain information for longer than this if we have a compelling reason for keeping it.

We keep details of incidents for three years after the date of the incident.

We keep payment details during your membership and for seven years after you leave in line with the BACS code of practice.

CCTV recordings are deleted automatically after 28 days.

Your Rights

You have the right to make a request for a copy of the personal data that we keep about you or to correct the details that we hold about you. We will respond within one month.

If you would like to know what personal information we hold about you, or would like us to correct the details we hold about you, you should write to the address below or email [email protected], enclosing proof of your identity (such as a copy of your passport or driving licence) and asking to see your personal information or asking us to correct the relevant information. You will have to give us enough information so we can identify the personal information you have asked to see or have corrected. We do not have to respond to your request until you have given us the information we need. We will contact you within one month of your request or, where we have asked for further information to identify you, within one month of receiving such information.

You have the right to receive the information in a portable electronic form. If your request is by email from the address that we hold for you we will respond by email to that address.

You have the right to ask us to erase your personal data under certain circumstances.

You have the right to ask us to stop processing your personal data where the processing is based on our legitimate interests. This does not include processing which is in line with our Terms and Conditions of Membership or Terms and Conditions of Booking, for example payment processing. If we believe we have a legitimate reason for processing your personal information including for the defence of any legal claims we may decline your request.

Under certain circumstances, for example if we decline your request to stop processing, you have the right to ask us to restrict the processing of your personal data.

Updating Your Marketing Preferences

We may use your personal information to provide you with marketing information about our products and services such as newsletters, product updates, surveys, company announcements and invites to events that will be of interest to you.

You can opt out of receiving marketing messages at any time by following the unsubscribe links located within any electronic communication from us. You can also contact us by phone or email using the contact details on our website

Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.

Your Right to Complain

 If you are unhappy about how your personal data is being processed you should raise your concern with us first - see “Contacting Us” below. If you are not happy with the way that we deal with your concerns you can contact the Information Commissioner’s Office (ICO) at


When you visit one of our websites or mobile applications, we may send you a cookie. A cookie is a small file that can be placed on your computer's hard disk or mobile device for record-keeping purposes and we may use them to do a number of things:

Cookies help us to recognise you when you next visit one of our websites and note the advertisements displayed to you. This allows us to tailor the advertisements we provide to your preferences. We may use the services of third party ad servers for this purpose.

Cookies may be used to compile anonymous statistics related to the take up or use of services, or to patterns of browsing. A third party collects such data on our behalf to measure web site performance. Information collected is aggregated for reporting purposes. No personally identifiable information is collected by this service. The use of this service assists us in measuring and improving the structure and ease of use of our web sites.

If you do not wish to use cookies, you may de-activate cookies in your web-browser or reject the creation of cookies. You may wish to seek technical assistance from your browser provider if you do not know how to do this. For more information on cookies and how we use them visit our cookie policy

We cannot be responsible for any technical faults or failures to your system.

Changes to this Privacy Policy

We may update this Privacy Policy at any time. Any such changes will be posted on our website. If you continue to use our services after we have changed this Privacy Policy, the updated version will apply.

Security and Liability

In order to comply with our obligations under Data Protection law, we will protect your personal data from unauthorised access, misuse, alteration or loss by using commercially reasonable security measures. Any payment transactions will be encrypted using SSL technology.

Nothing in this policy in any way excludes or limits our liability for negligence causing death or personal injury or for fraudulent misrepresentation.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our site; any transmission will be at your own risk.

We are not responsible or liable to you for any loss or damage you may suffer or incur in connection with your use of our online services which is caused by any event beyond our reasonable control including the electronic transmission of information, content, material and data over the internet and the interception and decryption of it by others.

We are not responsible to you for any losses or damage you may suffer caused by any distributed denial-of-service attack, or any viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful and which may infect, contaminate or damage your computer equipment or computer programs, or cause damage to software or damage to or loss of data unless caused by our negligence. You should ensure that you use appropriate virus checking software and firewalls.

Whilst we have taken reasonable steps to ensure the accuracy, currency, correctness and completeness of the information contained on our website, we do not check, review, monitor, verify or endorse any information, content, material or data collected from or provided by third parties which is displayed on or is otherwise available from our website or any third party websites or services which you can access from our site. We are not responsible to you for any loss, damage or injury you may suffer or incur in connection with such information, content, material or data. It is your responsibility to check that such information, content, material or data is accurate, current, correct and complete.

If your personal data is accessed by an unauthorised third party, we will not be responsible for any direct or indirect damage caused as a result of such unauthorised access.

Where we have given you a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Whilst we take all reasonable steps to ensure that our website continues to be available there may be times when it is not available. This may be for reasons relating to the maintenance of, or alterations to, the website or for reasons beyond our control. We are not responsible to you if the website is unavailable.

Contacting Us

All questions, comments and requests regarding this privacy policy should be addressed to [email protected]

Or by writing to:  Nici Hotels Limited T/A Northbrook Park Mews, Northbrook Farnham, Surrey, GU10 5EU

This policy was last updated 28th July 2021.