Privacy Policy
At Elite Group Salon & Spa (“we,” “us,” or “our”), accessible at elitegroupsalonspa.com, we are fully committed to protecting your privacy and safeguarding your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. We prioritize your right to confidentiality and transparency in how your data is handled.
1. Introduction
Your trust is at the heart of our values at Elite Group Salon & Spa. We are committed to upholding the highest standards of data protection and personal privacy. This Privacy Policy informs you about how we collect, process, store, and protect your personal data when you interact with elitegroupsalonspa.com and the rights you have in relation to that information.
2. Scope and Data Controller Role
This Privacy Policy applies to all users of elitegroupsalonspa.com and covers all personal data we collect through our website, forms, communications, and associated services. For the purposes of the GDPR, Elite Group Salon & Spa is considered a Data Controller of your Personal Data. In the context of the CCPA, we are both a “business” and “service provider,” depending on the nature of the data collected and processed.
3. Categories of Data Processed
We may process the following categories of personal data, depending on your interactions with our website and services:
– Usage Data: This includes browser type and version, IP address, pages visited, time and date of visit, time spent on pages, interaction data, and referral URLs.
– Account Data: If you create an account or schedule appointments, we may collect your name, billing and residential address, email, and telephone number.
– Profile Data: Preferences, service history, purchase records, subscription settings, and stylist/technician preferences.
– Communication Data: Support inquiries, contact form submissions, service reviews or ratings, and chat transcripts.
– Technical Data: Information about the device used to access the website, including operating system, device identifiers, network, and configuration data.
– Transaction Data: Payment card details (processed securely through third-party gateways), appointment details, billing, and delivery information when purchasing products or services.
– Preference Data: Your marketing preferences, opt-in or opt-out choices for email communications, newsletter subscriptions, and selected product interests.
4. Legal Bases for Processing
We process your personal data only where permitted by law. The lawful bases include:
– Consent: Where you have provided clear permission for us to process your data for a specific purpose, such as receiving marketing materials.
– Contractual Necessity: Processing is required for the fulfillment of a contract with you, such as booking an appointment or delivering purchased products.
– Legitimate Interests: Where it is necessary for our legitimate business interests (e.g., analytics, service improvement, fraud prevention), provided your data protection rights do not override these interests.
– Legal Obligation: Where we are required to comply with legal or regulatory obligations.
5. Your Rights
Subject to applicable data protection laws, you have the following rights in relation to your personal data:
– Right of Access: Obtain confirmation as to whether personal data concerning you is being processed, and access to the data.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your personal data under specific circumstances (the “right to be forgotten”).
– Right to Restrict Processing: Request limitations on how we process your data.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format and the right to transfer this data to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We employ robust security measures designed to ensure a high level of data integrity and confidentiality, including:
– End-to-end encryption for sensitive data in transit and at rest;
– Role-based access control and staff authentication protocols;
– Frequent data backups and secure storage mechanisms;
– Employee training on data security and GDPR/CCPA compliance.
While we take reasonable precautions, transmission over the internet can never be guaranteed to be 100% secure.
7. International Data Transfers
Where applicable, we may transfer your data to service providers or affiliates located outside your jurisdiction. In such cases, we implement standard contractual clauses and other safeguards in compliance with GDPR, and ensure protections consistent with regional data transfer regulations.
8. Data Retention
We retain personal data only as long as necessary for the purposes set out in this Privacy Policy:
– Usage, Technical, and Analytics Data: Up to 24 months for site optimization;
– Account and Transaction Data: Retained for up to 7 years to meet accounting and legal obligations;
– Communication Data: Stored for up to 3 years;
– Marketing Preferences: Held until you revoke your consent.
Upon expiration of the relevant retention period, your data will be securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies on elitegroupsalonspa.com for the following purposes:
– Essential Cookies: Necessary for website functionality (e.g., booking appointments, logging in).
– Functional Cookies: Allow us to remember your preferences and choices.
– Analytics Cookies: Help us understand how users interact with our site and improve performance.
– Performance Cookies: Enhance site responsiveness and user experience.
10. Cookie Management and Compliance with GDPR & CCPA
Upon first access to our website from the EU or California, you will be presented with a cookie consent banner. You can accept, customize, or reject cookies at any time by accessing our Cookie Settings tool at the bottom of each page. We honor global privacy control (GPC) signals and do not sell your personal information, in accordance with CCPA.
11. Children’s Privacy
Elite Group Salon & Spa does not knowingly collect or process personal data from children under the age of 13. If we become aware that such data has been inadvertently collected, we will promptly delete it. Parents or guardians who believe their child may have provided us with personal data should contact us immediately at [email protected].
12. Policy Updates
We reserve the right to revise this Privacy Policy at any time to reflect changes in our services, applicable laws, or operational practices. Substantive changes will be communicated to you through prominent notice on our website or direct communication, where required by law.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us via:
Email: [email protected]
Address: Available upon legitimate request.
We are committed to full compliance with the GDPR, CCPA, and all other applicable data protection standards. Your privacy and trust are central to our mission. Please do not hesitate to contact us with any privacy-related inquiries.