(Last Update: August, 2024)
This Privacy Policy outlines how Perpetuity Skin + Spa collects, uses, and protects your Personal Data through our Services, which include:
Please note that certain third parties may be able to identify you across sites and services using the information they process; however, any such processing not done at the direction of Perpetuity Skin + Spa is outside the scope of this Privacy Policy. This Privacy Policy does not apply to Personal Data collected in the employment context or for other HR purposes, which is covered by our HR Privacy Notice.
WHO WE ARE
Perpetuity Skin + Spa is a Boise-based day spa dedicated to providing exceptional beauty and wellness services. We are committed to protecting your privacy and ensuring that your Personal Data is handled responsibly.
Sources of Personal Data We Process
We collect Personal Data from various sources, which include:
DATA PROCESSING CONTEXTS / NOTICE AT COLLECTION
Purchases and Transactions
We process Identity Data, Transaction Data, Payment Data, Inference Data, Device/Network Data, and Contact Data when you engage in a purchase and sale transaction, whether through our Digital Services or in person. This includes our products, services, and gift cards. If provided, we also process Health Data (such as your requests for health-related accommodations, or as otherwise necessary in connection with your visit) and Government ID Data.
We process this Personal Data as necessary to perform or initiate a contract with you, process your order and payment, fulfill your order, track the use and balance of gift cards, and for our Business Purposes. We may process Identity Data, Transaction Data, Preference Data, Contact Data, and Device/Network Data for Commercial Purposes (which may include data sales/sharing). We do not sell or “share” (for behavioral advertising purposes) Payment Data, Government ID Data, or Health Data or use it for Business Purposes not permitted under applicable law.
Third-party businesses/controllers may receive your information. Third-party data controllers/businesses (such as service providers) provide many products and services you purchase through our Services. We may disclose Identity Data, Transaction Data, Contact Data, and Device/Network Data to those third parties. You may also direct us to disclose this data to or interact with these third parties as part of visiting our locations or making a purchase (which does not involve a data sale by us).
Marketing Communications
We process Device/Network Data, Contact Data, Identity Data, and Inference Data in connection with marketing communications, push notifications, telemarketing, or similar communications, and when you open or interact with those communications. You may receive marketing communications if you consent and, in some jurisdictions, as a result of account registration or a purchase.
We process this Personal Data to contact you about relevant products or services and for our Business Purposes. We may use this data for our Commercial Purposes (which may include data sales/sharing). Marketing communications may also be personalized as permitted by applicable law, but will not involve Targeted Advertising where users have opted out or not provided necessary consents. See your Rights & Choices to limit or opt out of this processing.
Digital Services
Generally
We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Inference Data when you use our Digital Services. You may also be able to complete purchases, sign up for our newsletter, or enroll in marketing communications through our Digital Services. We may process Precise Location Data through certain Digital Services if you consent. Location Data may be required to use certain features of our Digital Services.
We use this Personal Data as necessary to operate our Digital Services, such as keeping you logged in and delivering pages, for our Business Purposes, and for other legitimate interests, such as:
We may process this Personal Data for our Commercial Purposes (which may include data sales/sharing). You have the right to limit our use of Precise Location Data by withdrawing consent to or disabling the collection of Precise Location Data.
Cookies, Pixels, and Other Tracking Technologies
We process Identity Data, Device/Network Data, Contact Data, Inference Data, and General Location Data in connection with our use of cookies and similar technologies on our Digital Services. We may collect this data automatically.
We and authorized third parties may use cookies and similar technologies for the following purposes:
We may also process this Personal Data for our Business Purposes and Commercial Purposes (which may include data sales/sharing). See your Rights & Choices for information regarding opt-out rights for cookies and similar technologies.
Third parties may view, edit, or set their own cookies or place web beacons on our websites. We or third-party providers may use these technologies to identify you across platforms, devices, sites, and services. Third parties may engage in Targeted Advertising using this data. Third parties have their privacy policies, and their processing is not subject to this Policy.
Contests and Promotions
We collect and process Identity Data, Contact Data, and User Content as necessary to process your contest or promotion entry, notify you if you have won, deliver a prize, and for our Business Purposes or other legitimate purposes, such as:
We may process Identity Data, Contact Data, and User Content information for our Commercial Purposes (which may include data sales/sharing).
Some programs and offers are operated/controlled by our third-party partners or their affiliates or partners. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply to data processed by third parties.
Your Personal Data may be public. If you win a contest or sweepstakes, we may publicly post some of your data. We do not post Personal Information without consent where required by law. See any program agreements or terms and conditions for additional details and terms.
Contact Us: Support
We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g., through a contact form or for support. If you call us via phone, we may collect Audio/Visual data from the call recording. We will also collect Health Data if you provide it within a “contact us” email or a support call or email.
We process this Personal Data to respond to your request and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data to send you marketing communications and for our Commercial Purposes (which may include data sales/sharing).
Posts and Social Media
We process Identity Data, Inference Data, Contact Data, and User Content you post (e.g., comments, forum and social media posts, etc.) on our Digital Services. We also process Identity Data, Contact Data, and User Content if you interact with or identify us, our day spa, or partners on social media platforms (e.g., if you post User Content that engages with or tags our official accounts).
We process this Personal Data for our Business Purposes and Commercial Purposes (which may include data sales/sharing).
Posts may be public or reposted on our Services. Content you provide may be publicly available when you post it on our Services or if you reference, engage, or tag our official accounts.
PROCESSING PURPOSES
Business Purposes
We and our Service Providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes”:
Consumer Profiles
To understand our customers’ preferences and better recommend products and services personalized to our customers, we may create a “Consumer Profile” by linking and analyzing Personal Data collected in the following contexts:
We may also augment Consumer Profiles with Personal Data that we create (such as Inference Data) or receive from third parties and may include Personal Data such as information about Services you have used or purchased previously and demographic data.
We use Consumer Profiles to better understand our customers and for our legitimate interests in market research and statistical analysis in connection with improving our Services. For example, we may analyze the Personal Data of customers who have made a reservation for a particular service in the past and compare them with other people in our database. If we identify customers in the database who have similar Personal Data to other guests, we may target marketing about a similar offering to the new customer we have identified, for example, by sending marketing emails. We may conduct the profiling and send the direct marketing emails automatically. We may also use this information for other Commercial Purposes. Consumer Profiles involve processing that is automated, in whole or in part.
Personalized Marketing Communications
We may personalize Marketing Communications based on your Consumer Profile. If consent to Consumer Profiling or Targeted Advertising is required by law, we will seek your consent.
Targeted Advertising
In some jurisdictions, Perpetuity Skin + Spa and certain third parties operating on or through our Services may engage in advertising targeted to your interests based on Personal Data that we or those third parties obtain or infer from your activities across non-affiliated websites, applications, or services to predict your preferences or interests (“Targeted Advertising”). This form of advertising includes various parties and service providers, including third-party data controllers, engaged in processing Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time.
The parties that control the processing of Personal Data for Targeted Advertising purposes may create or leverage information derived from Personalization, Consumer Profiles, and Marketing Communications. In some cases, these parties may also develop and assess aspects of a Consumer Profile about you to determine whether you are a type of person a company wants to advertise to and determine whether and how ads you see are effective. These third parties may augment your profile with demographic and other Inference Data, and may track whether you view, interact with, or how often you have seen an ad, or whether you purchased advertised goods or services.
We generally use Targeted Advertising to market our Services and third-party goods and services, to send marketing communications, including by creating custom marketing audiences on third-party websites or social media platforms. This may involve sharing limited data regarding our customers with social media platforms or other websites to determine which of their users appear to have interests or traits like our existing customers.
Data “Sales” and “Sharing”
We may engage in “sales” or “sharing” of data as defined by applicable law. For example, we may “sell” certain Personal Data when we engage in marketing campaigns with or on behalf of third-party partners, or we may sell, “share” for behavioral advertising purposes, or grant access to Personal Data to our marketing partners and other advertisers in relation to Targeted Advertising, joint promotions, and other marketing initiatives.