Book now

Privacy Policy

Privacy Policy Last updated: 08/21/2025

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and informs You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions For the purposes of this Privacy Policy:

  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or User.
  • Company (referred to as either “the Company”, “We”, “Us,” or “Our”) refers to [Business Name Placeholder]. For the purpose of GDPR, the Company is the Data Controller.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of shares, equity interest, or other securities entitled to vote for election of directors or managing authority.
  • Account means a unique account created for You to access our Service or parts thereof.
  • Website refers to The Medspa by BA, accessible from spabyba.com.
  • Service refers to the Website.
  • Country refers to: United States.
  • Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used. For GDPR purposes, Service Providers are Data Processors.
  • Third-party Social Media Services refers to any website or social network website through which a User can log in or create an account to use the Service.
  • Facebook Fan Page is a public profile specifically created by the Company on Facebook, accessible from https://www.facebook.com/themedspabyba/
  • Personal Data is any information relating to an identified or identifiable individual. Under GDPR, this includes any information such as name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity. Under CCPA, Personal Data includes information capable of being associated directly or indirectly with You.
  • Cookies are small files placed on Your device by websites, containing details of Your browsing history.
  • Device means any device that can access the Service, such as a computer, cellphone, or digital tablet.
  • Usage Data refers to data collected automatically through Service use or from the Service infrastructure itself (e.g., duration of a page visit).
  • Data Controller, for GDPR purposes, refers to the Company as the legal person determining the purposes and means of processing Personal Data.
  • Do Not Track (DNT) is a concept promoted by regulatory authorities, including the U.S. Federal Trade Commission, allowing users to control tracking of their online activities across websites.
  • Business, for CCPA purposes, refers to the Company as the entity collecting and determining the processing of Consumers’ personal information, doing business in California.
  • Consumer, under CCPA, is a natural person who is a California resident, defined as an individual in the USA for more than temporary or transitory purposes.
  • Sale, under CCPA, means selling, renting, releasing, disclosing, disseminating, or transferring a Consumer’s Personal information to another business or third party for monetary or other valuable consideration.

Collection and Use of Your Personal Data

Types of Data Collected

  • Personal Data includes Email address, First name and last name, Address, State, Province, ZIP/Postal code, City, Usage Data.

Usage Data

Collected automatically when using the Service, including IP address, browser type/version, pages visited, time/date of visit, unique device identifiers, and other diagnostic data.

Tracking Technologies and Cookies

We use cookies and similar tracking technologies to improve and analyze the Service:

  • Necessary Cookies: Essential for providing services and preventing fraud.
  • Cookies Policy Acceptance Cookies: Identify if users accepted cookies.
  • Functionality Cookies: Remember user preferences.
  • Tracking and Performance Cookies: Analyze traffic and user interactions.

Use of Your Personal Data

We use your data to provide the Service, manage your account, execute contracts, communicate with You, and manage Your requests. Your data may be shared with Service Providers, affiliates, business partners, other users, or during business transactions (mergers/acquisitions).

Retention and Transfer of Data

We retain Your Personal Data as necessary to comply with legal obligations, resolve disputes, or enforce agreements. Your information may be transferred outside your jurisdiction with appropriate security measures.

Disclosure

We may disclose Your Personal Data for law enforcement, legal obligations, protecting rights/property, or preventing wrongdoing or harm.

Security

We strive to protect Your data but cannot guarantee absolute security due to inherent internet transmission/storage risks.

Detailed Information on Data Processing

  • Analytics: Google Analytics tracks and reports website traffic. You can opt out using browser add-ons.
  • Email Marketing: Managed by third-party providers; opt-out instructions included in emails.
  • Payments: Processed through third-party payment processors adhering to PCI-DSS standards.

GDPR Privacy

You have rights to access, update, delete, object, request data portability, and withdraw consent. Contact us to exercise rights or lodge complaints with Data Protection Authorities.

CCPA Privacy

California residents have rights to notice, opting out of data sales, requesting data information, deletion, and nondiscrimination. Exercise your rights via our “Do Not Sell My Personal Information” section, email, or phone.

We and advertising partners may use technologies that constitute a “sale” of data under CCPA. Opt-out through browser/device settings.

Children’s Privacy

Our Service is not intended for users under 13. If we inadvertently collect data from minors without parental consent, we promptly remove such data.

Links to Other Websites

We are not responsible for third-party privacy practices. Review their policies separately.

Changes to this Privacy Policy

We update our Privacy Policy periodically, notifying You via email or prominent notice before changes become effective.

Contact Us

For questions, contact us via our website: https://spabyba.com/get-in-touch/.