Effective Date: December 5, 2022 (There are no prior versions of our privacy policy.)
Upper West Spa LLC (“UWS”) is a New York limited liability company that provides a variety of skincare and other services including facials, massages, laser hair removal and medical aesthetic procedures. UWS also offers a variety of curated skincare and other products. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. This privacy policy applies to personal data that you may submit through UWS’s website or by other means.
This privacy policy provides you with information on how UWS collects and processes your personal data through your use of our website, https://upperwestspa.com, as well as other possible portals, apps or other data collection means which make reference to this policy. For purposes of this privacy policy, the terms “user”, “participant”, “customer”, “you”, and “your” are meant to refer to the individuals about whom we may collect data.
Our data operations and privacy policy endeavor to comply with the latest US and international privacy and data protection regulations. These regulations include those promulgated under the European Union’s General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) where applicable. While GDPR regulations apply only to residents of the European Economic Area (“EEA”), we have decided to adopt and implement these regulations for all individuals who submit personal data to UWS. By doing this, along with implementing strict data protection standards from other jurisdictions such as California, we provide you with expansive rights with respect to any personal data that we collect from you. Some of these rights include the following:
Your rights under GDPR are further described below in Section 11. Some of your rights described in this policy may be subject to certain rights of UWS such as legal, accounting, and archiving requirements.
For more details regarding your rights and UWS’s obligations under GDPR, this Wikipedia article offers a good summary: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Detailed information regarding GDPR and related legislation and directives, may be viewed at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en.
Information about the California Consumer Privacy Act may be found at the following link: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act
When we mention “UWS”, “we”, “us” or “our” in this privacy policy, we are referring to Upper West Spa LLC, the company that is responsible for processing your data. For individuals located in the European Economic Area, UWS is the data controller, as that term is defined by GDPR.
Attention: Data Processing Officer
Upper West Spa LLC
187 Amsterdam Avenue
New York NY 10023
USA
UWS’s website, digital platform, content, services, trademark, and other intellectual property, are owned or licensed by UWS.
Your privacy in engaging with the UWS website is very important to us. With that in mind, we have established information handling practices for UWS intended to guard and respect your privacy. We believe these practices are consistent with GDPR and the best practices of websites providing professional skincare services. This privacy policy applies to the UWS platform including the information we collect about you, when and how we collect that information, how that information is used, how we safeguard that information, and our procedures for archiving and deleting that information. This privacy policy applies primarily to the personal information such as your name and email address that you submit through this website or forms downloaded or requested through this website or UWS. This privacy policy does not apply to confidential information or communications that you share in therapy sessions or by other means, which are governed by other professional practices and regulations.
For more details regarding your rights and UWS’s obligations under GDPR, this Wikipedia article offers a good summary: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Detailed information regarding GDPR and related legislation and directives, may be viewed at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en.
Information about the California Consumer Privacy Act may be found at the following link: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act
When you visit our website, our servers automatically collect certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:
To access or use certain portions of UWS’s website or otherwise engage in activities with us, you may be prompted to provide certain personal data to us in the following ways:
Typically, the personal data you give us may include name, address, telephone number, email address, skin issues, health conditions, and other personal details required to schedule an appointment, or resolve any inquiries or complaints. Your personal data may also include your login name and passcode, and information that you supply and upload to UWS digital servers as part of how the website is designed to be used.
Personal data may also be required to enter into an arrangement with you or to perform an agreement with you (such as to provide skincare services to you), and failure to provide any information may result in our inability to provide requested services or products.
UWS relies on established and trustworthy third-party vendors located in the United States to provide much of the data storage and usage requirements for UWS. The personal data you submit to us through a Contact Us page, an email sign-up on our website, or through other digital platforms, if any, are stored and processed at secure servers in compliance with GDPR. UWS may change the third-party data processors it uses. UWS and its technology team will perform due diligence on any new processors that it uses, and make sure that they meet the highest quality standards of privacy and security, including GDPR.
We may receive information about you if you use any other websites or portals we may operate, any other services we provide, seminars, webinars, or classes we teach, or from our business partners or data processors instructed to collect information on our behalf.
The following is an overview of our purposes for using your personal data. Additional details on how we process your personal data may be provided to you in a separate notice or agreement.
In accordance with GDPR, all of our processing and use of your personal data is justified by a “condition” for processing. In the majority of cases, processing will be justified on the basis that:
We use the personal data we collect to conduct and develop our services with you and with others, as more fully described below:
UWS respects and safeguards your personal data and will never sell or rent it to third parties.
UWS will share personal data obtained through this website with its appointed third-party service providers (who will operate under our instructions) to assist us in providing information or services to you, in conducting and managing our services and the website. UWS may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by UWS to perform on UWS’s behalf, subject to appropriate contractual restrictions and security measures.
We are also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
UWS reserves the right to share any information that you provide which is not deemed personal data or is not otherwise subject to contractual restrictions. These restrictions on the disclosure of your personal data will not affect our use of your data as stated in Section 3, above.
UWS is not a registered member of the EU-U.S. Privacy Shield Framework but complies with its data protection principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland. UWS adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, and access. To learn more about the Privacy Shield principles, please visit https://www.privacyshield.gov/.
UWS conducts in-house verifications to ensure that its attestations and assertions with regard to its treatment of personal data are accurate and that the company has appropriately implemented these practices.
The website is not for use by children under the age of 16 years and UWS does not knowingly collect, store, share or use the personal data of children under 16 years old. If you are under the age of 16 years, please do not provide any personal data, even if prompted by the website to do so. If you are under the age of 16 years and you have provided personal data, please ask your parent(s) or guardian(s) to notify UWS and UWS will delete all such personal data immediately.
Where lawful to do so, and subject to your consent where required, we may communicate with you by email to tell you about our products and services. If you wish to opt-out of receiving marketing communications, please use the ‘unsubscribe’ link provided in our emails, or otherwise contact us directly and we will stop sending you communications.
UWS strives to safeguard and protect your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and UWS utilizes and maintains certain reasonable processes, systems, and technologies to do so. However, you acknowledge that no transmission over the Internet is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by UWS are subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our reasonable control.
We apply a general rule of keeping personal data only for as long as required to fulfil the purposes for which it was collected. We also retain your personal data for a period of time corresponding to a statute of limitations, for example to maintain an accurate record of your transactions with us including agreements that you have entered with us.
However, in some circumstances we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.
At any time, you can request our DPO to permanently delete your data not subject to legal or other requirements. You can also always unsubscribe to our emails, in which case we will delete your personal information other than agreements and other matters that survive your request for deletion.
The website may contain links to third party sites. Since UWS does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third-party sites. This policy applies solely to personal data collected by our website or in the course of our business activities.
Under applicable law, you may have the following rights:
For further information regarding your data privacy rights under GDPR, please see the following link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
You may also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes applicable law and UWS is subject to the jurisdiction of such supervisory authority.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, we will have the matter submitted to our US-based third-party dispute resolution provider, the American Arbitration Association in New York City. If GDPR or other applicable laws exclusively apply to the dispute and require us to pay for the arbitration, we shall do so.
Governing Law. By choosing to visit our website, engage our professional services, view or download content, or provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the State of New York and the United States of America. You also agree to abide by any limitation on damages contained in our Terms of Use, license agreements, or other agreements that we have with you.
Any changes or updates we may make to this policy will be posted as a revised policy with a new date stated at the top of this document. You are responsible for checking back to review any revised policy.