Privacy Policy

Issued by: Infinite Axis Ltd (trading as BYRE Wellness)
Registered office: 5 South Charlotte Street, Edinburgh, EH2 4AN
Company number: SC789698
ICO registration number: [ICO NUMBER]

1. Who We Are

Infinite Axis Ltd trades as BYRE Wellness. We provide mobile sauna wellness experiences at licensed sites across Scotland and the UK. References to "BYRE", "we", "us", or "our" in this policy refer to Infinite Axis Ltd.

We are the data controller for personal data collected through our booking system, website, and direct communications.

If you have any questions about how we handle your data, contact us at: info@byrewellness.co.uk

2. What Personal Data We Collect

When you make a booking or enquiry with BYRE, we may collect:

- Full name: To identify your booking and address you correctly
- Email address: To send booking confirmation, reminders, and communications
- Phone number: For session-day contact and urgent communications
- Date of birth or age confirmation: To verify you meet our minimum age requirement (16 years)
- Booking details: Session date, time, site, number of participants
- Payment information: Processed by Stripe or Square. We do not store full card details ourselves.
- Health and safety declaration: A tick-box confirmation that no listed contraindications apply to you, or that you have sought appropriate medical advice. We do not ask you to disclose specific health conditions.
- Communications: Emails, messages, or enquiries you send us
- Website usage data: Pages viewed, clicks, approximate location (derived from IP address), and referral source. Collected via analytics cookies where you have given consent.

We do not routinely collect special category personal data (as defined under UK GDPR) such as medical records or health diagnoses. Our booking process includes a tick-box health declaration where you confirm that no listed contraindications apply to you, or that you have sought appropriate medical advice. We do not ask you to disclose specific health conditions. This self-declaration is processed on the basis of your explicit consent (UK GDPR Art. 9(2)(a)) and our legitimate interests in operating a safe service.

3. How We Use Your Data

We use your personal data to:

- Process your booking and take payment
- Send booking confirmation, reminders, and session information
- Manage cancellations, refunds, and changes
- Comply with health and safety obligations and our operating procedures
- Respond to enquiries and complaints
- Maintain records as required by law (including HMRC record-keeping requirements)
- Improve our services and website (where you have consented to analytics cookies)
- Send marketing and service updates (only where you have opted in)

4. Legal Basis for Processing

- Processing bookings and taking payment: Performance of a contract (UK GDPR Art. 6(1)(b))
- Health and safety declaration: Legitimate interests in operating a safe service; compliance with legal obligations (Art. 6(1)(c) and 6(1)(f)). Where the declaration touches on health, explicit consent (Art. 9(2)(a)).
- Sending booking communications: Performance of a contract
- Marketing and service updates (if you have opted in): Consent (Art. 6(1)(a))
- Record keeping: Legal obligation (Art. 6(1)(c))
- Website analytics: Consent (Art. 6(1)(a)), obtained via our cookie consent tool

5. Third Parties

We share data with third parties only where necessary to operate our service:

- Stripe / Square: Payment processing. These providers have their own privacy policies.
- Booking platform provider (e.g. Acuity Scheduling): Where a BYRE-approved platform is used to manage session bookings
- Site operators (BYRE licensees): The operator at your chosen site will receive your name and booking details to manage your session
- Email service provider: For sending booking confirmations and communications
- Website hosting and analytics (e.g. Framer, Google Analytics): Website operation and usage analytics, where you have consented
- HMRC and regulatory authorities: Where required by law
- Professional advisers: Legal and accounting advisers, where necessary

We do not sell your personal data or share it for marketing purposes with third parties.

6. International Transfers

Where any of our third-party service providers process data outside the UK, we ensure that appropriate safeguards are in place as required by UK GDPR, including standard contractual clauses or adequacy decisions.

7. How Long We Keep Your Data

- Booking records and payment data: 6 years (HMRC requirement)
- Health declaration records: 3 years from the date of the session
- Incident and accident records: 3 years minimum (or longer where required by law)
- Marketing opt-in records: Until you withdraw consent or close your account
- Enquiry and correspondence: 2 years from the date of the last communication
- Website analytics data: As determined by cookie retention periods (see our Cookie Policy)

When data is no longer required, it is securely deleted.

8. Cookies

Our website uses cookies. For full details of the cookies we use, their purpose, and how to manage your preferences, see our Cookie Policy.

9. Your Rights

Under UK GDPR, you have the following rights:

- Access. You can request a copy of the personal data we hold about you.
- Rectification. You can ask us to correct inaccurate or incomplete data.
- Erasure. You can ask us to delete your data where there is no lawful reason to retain it.
- Restriction. You can ask us to limit how we use your data in certain circumstances.
- Data portability. You can request your data in a portable, machine-readable format.
- Object. You can object to processing based on legitimate interests.
- Withdraw consent. Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@byrewellness.co.uk. We will respond within one calendar month.

10. Complaints

If you are not satisfied with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

11. Data Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. Payment data is processed by PCI-compliant providers. Our booking platforms are password-protected and access-controlled.

12. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available on our website and on request by email.

13. Contact

Data controller: Infinite Axis Ltd (trading as BYRE Wellness)
Email: info@byrewellness.co.uk
Postal address: 5 South Charlotte Street, Edinburgh, EH2 4AN
Company number: SC789698
ICO registration number: [ICO NUMBER]