Spa Excess Privacy Policy
Your Privacy
Your privacy is important to Spa Excess. We are committed to respecting your privacy through the protection of your Personal Information given to us when you apply for optional membership with us.
The following outlines our commitment to you:
Purpose and Consent – before collecting your Personal Information, or at the time of collection, we will explain to you the purpose for collecting it and obtain your consent
Limiting Collection – our collection of Personal Information is limited to what is reasonable under the circumstances and your information will be used only for the purpose for which it is collected
Security – your Personal Information is kept confidential and secure and is not disclosed to anyone outside of the Spa Excess without your consent.
Access – you have the right to access your own Personal Information, and to correct any inaccuracies.
What Is Personal Information?
Personal Information is broadly defined as information about an identifiable individual and typically includes your name, residential address, telephone number, and personal e-mail address. Data we collect with personal identifiers removed, so that it is impossible to determine the identity of the person to whom the information relates, is not considered Personal Information.
Ten Privacy Principles
Spa Excess has always been, and will continue to be, committed to maintaining the accuracy, confidentiality and security of your Personal Information. As part of this commitment, we have adopted the 10 Principles for the protection of privacy forming part of the federal privacy statutes which govern Spa Excess and which establish rules for the collection, use and disclosure of Personal Information by the private sector1.
- Accountability: All Spa Excess employees are responsible for maintaining and protecting all Personal Information under their control. Spa Excess has designated an individual to oversee compliance with the Acts and our 10 Privacy Principles.
- Identifying Purposes: We will identify the purposes for which Personal Information is collected, either before or at the time of collection.
- Consent: We will only collect, use and disclose your Personal Information with your knowledge and consent.
- Limiting Collection: We will limit the collection of your Personal Information to only those details that are necessary for the purposes identified.
- Limiting Use, Disclosure and Retention: Your Personal Information will only be used or disclosed for the purposes for which it was collected, unless you have otherwise consented. We will only retain your Personal Information for the period of time required to fulfill the purposes for which it was collected.
- Accuracy: We will keep Personal Information we collect as accurate, complete and up-to-date as necessary to fulfill the purposes for which it was collected.
- Safeguards: We will protect the Personal Information we collect with security safeguards appropriate to the sensitivity of the information.
- Openness: Information about our policies and practices relating to the management of Personal Information will be made readily available to you.
- Access: At your request, we will inform you of the existence, use and disclosure of your Personal Information, as well as give you access to the information. You have the right to challenge the accuracy and completeness of your information, and to amend it as necessary. (See Access to, and Changing your Personal Information).
- Challenging Compliance: You may contact us with any questions, complaints or suggestions with respect to the above principles.
Your Security
Spa Excess employs on-site digital security systems that include image and audio collection that may be temporarily stored and accessed as required by law or internal use. Any archived media is for internal use only and is not shared with third parties, except as may be required by law enforcement.
What Personal Information Does Spa Excess Collect?
At Spa Excess, we collect Personal Information from individuals who are applying to become a Bronze or Platinum member.
With your consent, we collect and maintain your name, residential address, driver’s license or other appropriate valid ID, telephone number (optional), Credit card number ( only if applying for Platinum membership) , and an e-mail address if you choose to provide one.
How Do We Gather Your Personal Information ?
We gather Personal Information from the following sources:
- From you, on application forms filled out at Spa Excess, and processed first by the cashier or manager.
How Do We Use Your Personal Information?
- With your consent, we will use your Personal Information for one or more of the following purposes:
- To determine your eligibility for our membership.
- To identify you as a member.
- To provide you with the benefits of membership.
- To discreetly contact you if there is a problem, and to respond to your inquiries.
- To email or otherwise send you communications regarding information we believe will interest you about Spa Excess.
- In the event a member of Spa Excess proceeds with a business transaction such as the purchase of items or running of bar tabs, your Personal Information may be shared with such prospective party (e.g. VISA) to complete the business transaction.
To Whom Do We Disclose Your Personal Information?
With your consent or as permitted or required by law or other regulatory bodies which govern us and our business, we may disclose your information as follows:
To those employees within Spa Excess that require your Personal Information for the uses set out above or for a legitimate business purpose
To our legal counsel
To our auditors
Where we have reasonable grounds to believe the information could be useful in the investigation of unlawful activity
We will only use and disclose your Personal Information to fulfill the purposes for which it was collected. Also, we will keep your information only for as long as it is needed to fulfill the purposes for which it was collected.
We will not sell your Personal Information to any organization, for any purpose.
Giving Consent
You may choose not to provide us with any of your Personal Information. However, if you make this choice we may not be able to provide you with the product, service or information that you requested or that could be offered to you.
Type of Consent – Express Consent
In most cases, we will seek your express consent to the use of your Personal Information. By completing and signing an application form to apply for membership, you are giving us your express consent for us to use the Personal Information provided by you in the ways outlined above.
Type of Consent – Withdrawing Consent
You may withdraw your consent at any time, subject to reasonable notice. If you withdraw your consent, we will inform you of the implications of such withdrawal. To withdraw your consent, simply contact us and advise us of what Personal Information you no longer wish us to use. Withdrawal of your consent may result in us being unable to continue to offer you our membership privileges.
Security and Disclosure of Your Personal Information
What Safeguards Do We Have in Place?
We know you are concerned about the security of the information you provide to us. To address this concern, we have developed processes and procedures to keep your Personal Information safe and secure. We have appropriate safeguards in place depending on the sensitivity of the information, including:
Physical
secured storage facilities and premises
Technological
password-protected computers/files, firewalls and a secured server
Organizational
Spa Excess employees trained in the importance of safeguarding your Personal Information from loss and unauthorized access and access limited within Spa Excess to those employees that require your Personal Information or part of it to carry out the uses outlined above or otherwise communicated to you or for a legitimate business purpose
Although we cannot take responsibility for any theft, misuse, loss, alteration or destruction of data by a third party, we take reasonable precautions to prevent such unfortunate occurrences.
Access to, And Changing Your Personal Information
Accessing your Personal Information
You may access and verify your Personal Information. At the time of your request, we will need specific information from you to verify your identity, before we can provide you with the Personal Information we hold.
Changing your Personal Information
We are committed to maintaining the accuracy of your Personal Information for as long as it is being used for the purposes we have identified. To help us keep your Personal Information up-to-date, we encourage you to notify us of inaccuracies or corrections as often as you wish. Notification of changes such as your address or telephone number will help us provide you with the best possible service. If you identify any incorrect or outdated information requiring amendment, please contact a front desk cashier or manager
How long is my Information Retained?
We keep your information only as long as we need it for the products and services you’re receiving and for a reasonable time thereafter or to meet any legal requirements. We have retention standards that meet these requirements. We destroy your information when it is not longer needed, or we remove your personally identifiable information. You can also request that we remove your information from our records. Subject to our requirements for continued retention of your information, for example, for regulatory, audit, or legal purposes, we will make every reasonable effort to honor your request.
Spa Excess Uses Facial Comparison for the Safety of our Customers, Staff, and Business
Facial comparison is a biometric technology that compares facial features from an image or video to a database of known faces to identify or verify banned individuals. This technology analyzes unique facial characteristics such as the distance between the eyes, nose shape, and jawline to create a facial template for comparison to the unwanted person.
A personal example of facial comparison is its common use for security and authentication, such as unlocking your smartphone.
This template is then compared to a private locally stored database of banned people to find a match. All images of banned customers are stored locally on our servers and never passed to the cloud.
The process of facial comparison involves capturing an image of the face, detecting key facial landmarks, and extracting facial features to create a mathematical representation known as a facial template. This template is then compared to a private database of stored facial templates of banned people to find a match. All our video and templates are erased within seven days of entry. We only maintain the templates of banned individuals.
For Spa Excess, facial comparison can help protect our customers, staff, and assets by verifying identities and preventing unauthorized access. It’s a smart way to enhance security measures and keep everyone safe. By quickly scanning someone’s face and comparing it to a database of banned faces, businesses can ensure that only authorized individuals are granted entry.
While facial comparison technology offers many benefits, it’s important to address concerns about privacy and fairness. Spa Excess uses this tool responsibly and ethically to protect the rights and safety of our customers and staff. As technology advances, it’s crucial to prioritize safety and security for everyone involved.
Contact Us
If you have questions, concerns, or complaints about your privacy or your Personal Information, you may contact us at:
Spa Excess
105 Carlton St.
Toronto, Ont.
M5B 1M1
Tel: (416) 260-2363.
We will respond to your request or investigate your concern as quickly as we can.
Effective Date: January 1, 2010.