Rev. October 2024
OUR PRIVACY COMMITMENT
Medspa Formations, LLC, or any associated companies (“Company”) is committed to respecting the privacy rights and concerns of all users (“Users”) of any Company website(s) (“Website”). As such, we have established and implemented this Privacy Policy (“Privacy Policy”) to inform Users how we use and protect the personal information we collect (“Personal Information”).
By visiting or using the Website, you consent to Company’s collection, use, storage, deletion, and disclosure of information relating to you as set forth in this Privacy Policy. This Privacy Policy is subject to change at any time for any reason and without notice. Any modifications will take effect when posted. Therefore, each time you access the Website, you need to review the Privacy Policy upon which access and use of this Website is conditioned. By your continuing use of the Website after changes are posted, you will be deemed to have accepted such changes. This Privacy Policy is only applicable to the Website and not to any other website that you may be able to access from the Website, which may have its own data collection and use policy.
Except as set forth in this Privacy Policy, or unless we have your consent, we will not share your personal information with any person or entity other than those affiliated with us, entities acting on our behalf, and relevant third parties, such as those needed to collect and maintain our servers and perform technology and related services. We do not share your personal information with third parties for marketing purposes.
COOKIES
The Website uses cookies and similar technologies which are small files or pieces of text that download to a device when a visitor accesses a website or app. These analytics and performance cookies are used only when you acknowledge our cookie banner and are used to view site traffic, activity, and other data and/or to provide you with a personalized experience. Cookies may also be used to keep track of your login name and password, to track your visits to the Website, to personalize your experience, and improve the Website so the pages you view and other behavior may be stored by cookies on your device. These cookies contain no personally identifiable information. You may still access the Website if you set your browser not to accept cookies.
WEB ANALYSIS TOOLS
We may use web analysis tools to measure and collect anonymous session information. We use this information to monitor and analyze in a depersonalized form how users use the Website and to maintain and improve the Website. We may also collect similar information from emails we may send to you which then help us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Website.
The personal data collected when you visit the Website include:
- Information about your browser, network, and device
- Web pages you visited prior to coming to this website
- Search engine used to locate the Website
- Web pages you view while on this Website and how long you use them
- Your IP address
COLLECTION OF PERSONAL INFORMATION
We may collect certain personal information in connection with your account with us, including your mailing address, phone number, and other information that may be required. If payment is required from you for any service, you will also be required to provide a credit card number and billing address, or other payment information. We may also collect personal information when you receive customer or technical support.
USE OF PERSONAL INFORMATION
We will not sell, rent, lease, or transfer your data to any third-party commercial entity for the purpose of marketing or selling unrelated products or services for our financial gain or economic benefit. We use your personal information to provide the Website to you, deliver products and services, complete transactions, manage your questions or issues, and send communications to you about promotions, updates, or special offers that may be of interest to you. Other uses include verifying your identity, preventing fraud, and alerting you of new products, features, or enhancements to the Website.
Any personal information uploaded by you will be shared only with authorized persons required to provide any services you request. We may also use your depersonalized personal information to provide analyses of our users in the aggregate (including Analytical Data subject to the terms of this Privacy Policy) to prospective partners and other third parties.
By submitting personal information through the Website, you authorize Company to share this personal information for the purposes identified herein, and you grant us a royalty-free, worldwide, perpetual, irrevocable, and fully transferable right and license to use your personal information in connection with the creation and development of analytical and statistical analysis tools (the “Analytical Data”). We are expressly authorized to make any commercial use of the Analytical Data, including without limitation sharing the Analytical Data with third parties, provided that we do not sell, trade, or otherwise transfer from us any part of the Analytical Data that personally identifies any Users.
We will also share the personal information we collect from you under the following circumstances:
Feedback. You may choose to, or Company may invite you to, submit comments, bug reports, ideas, or other feedback about the Website (“Feedback”). By submitting Feedback, you agree that Company is free to use such Feedback at its discretion without any obligation to you. Company may also choose to disclose Feedback to third parties. You hereby grant Company a royalty-free, perpetual, irrevocable, transferable, sublicensable, worldwide, nonexclusive license under all rights necessary to incorporate and use your Feedback for any purpose.
Asset Transfers. If we become involved in a merger, acquisition, or other transaction involving the sale of some or all of Company’s assets, User information may be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you through email and/or a prominent notice on the Website.
THIRD PARTY SERVICES’ PRIVACY POLICIES
In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be managed by these providers.
Certain providers may be located in a different jurisdiction or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our Website’s Terms of Use.
LEGAL DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Use.
ELECTRONIC COMMUNICATION; SIGNATURES
You may withdraw your consent to receive communications by following the “unsubscribe” link at the bottom of our emails. You may withdraw your consent to use an electronic signature at any time by contacting us.
HOW IS YOUR PERSONAL INFORMATION SAFEGUARDED?
The personal information that you provide to us is stored on servers which are located in secure facilities with restricted access and protected by protocols and procedures designed to ensure the security of such information. We restrict access to only those Company employees, independent contractors, and agents who need to know this information in order to develop, operate, and maintain the Website. All Company personnel who have access to this information are trained in the maintenance and security of such information. However, no server, computer, or communications network or system, or data transmission over the Internet, can be guaranteed to be 100% secure. As a result, while we strive to protect User information, we cannot ensure or warrant the security of any information you transmit to us or through the use of the Website and you acknowledge and agree that you provide such information and engage in such transmissions at your own risk.
In the event that personal information you provide to us is compromised as a result of a breach of security, when appropriate we will take reasonable steps to investigate the situation, notify you, and take the necessary steps to comply with any applicable laws and regulations.
MEDIATION
You agree that, in the event any dispute or claim arises out of or relating to this Privacy Policy, you and Company will attempt in good faith to negotiate a written resolution of the matter directly between the parties. You agree that if the matter remains unresolved for forty-five (45) days after notification (via certified mail or personal delivery) that a dispute exists, all parties shall join in mediation services in the state and county of Company’s principal office with an arbitrator chosen by Company in an attempt to resolve the dispute. Should you file any arbitration claims or any administrative or legal actions without first having attempted to resolve the matter by mediation, then you agree that you will not be entitled to recover attorneys’ fees, even if you would otherwise be entitled to them.
We may collect customer information from persons other than the individual or individuals using the Website. Such information, as well as other personal or privileged information subsequently collected, may in certain circumstances be disclosed to third parties without your authorization as permitted by law. If you would like additional information about the collection and disclosure of customer information, please contact us.
TERMS AND PRIVACY POLICY FOR EU CITIZENS
Under the General Data Protection Regulation (GDPR) of the European Union (EU), EU citizens are entitled to certain privacy protections regarding the use of, storing, and processing of your personal information as well as having right to be notified if personal information is stolen, copied, or accessed on an unauthorized basis.
The GDPR is a modern privacy rights framework adopted to create better transparency and control over who, how and when your personal data may be used, including the “right to be forgotten”.
This section will explain how Company complies with the GDPR and how your personal data may be collected, stored, and used. We also explain under what circumstances and for what purposes we may use your personal data and also provide instructions on how you can “opt-out” from our using your personal data and also request the removal of your personal data from our systems.
OUR BUSINESS
Our business may sell products and services to government agencies, private businesses, and individual consumers. If you are an employee of or associated with a business customer, certain information may be considered personal data such as your business email, business mobile number, or other similar information from which your personal identity may be known. It is also customary in many instances for business associates of business or government customers to furnish their private or personal contact information such as private email address, home telephone number, and similar information. Even if done in the context of a business purpose, this information may be deemed personal data. Therefore, if you believe your business information discloses personal data that you do not wish disclosed, you should not give it to us. You should also ask your employer to change your business contact information to an anonymized format, such as changing your email from “my.name@mycompany” to “randomcharacters@mycompany.”
Please be advised that our business has fewer than 250 employees. Accordingly, we are subject to less stringent recording requirements under GDPR requirements. We are, however, not exempt from other privacy protection and reporting requirements which apply to all businesses equally.
COLLECTION AND USE OF YOUR PERSONAL DATA
Our ability to use your personal data may come about by the following means:
- By Your Consent. You may expressly give your consent to our using your data for the specific purposes we detail below. Even if you give consent, however, you can subsequently withdraw your consent at any time without retribution.
- By Other Permitted Means. We may collect your personal data under certain other cases whether consent is expressly given as follows:
- Contractual obligations. In certain circumstances, we need your personal data to comply with our contractual obligations. This would include information such as your and your employer’s name, address, telephone number, email address, driver’s license, or other document number associated with identity for the purpose of delivery of goods and services, billing, collection, legal notification, authentication, and contract enforcement. For example, if you work for an employer who designates you as a point of contact for purposes of contract administration or notice, we will retain that information and use it for such purposes and for other related purposes as is reasonable.
- Legal compliance. If the law requires us to, we may need to collect and process your data. This data may include personal identification data, transactional data relating to purchases, and communications data such as IP address, telephone number, and other meta-data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement. If you reside outside of the United States or are a non-US citizen, we may collect personal data from you and other third-party sources for purposes of complying with export control, anti-money laundering and anti-terrorism laws, rules, and regulations.
- Legitimate interest. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests. For example, we may use your contact information to send information and updates regarding our products, endorsement of our products or their use by others, recommendations on optimizing the use of our products and services, product updates, new products, offers regarding products or services, and other education information or information of interest relevant to you in your job, your employer’s line of business, or your profession.
HOW WE USE YOUR PERSONAL DATA
We will use your personal data only in connection with furthering our business relationship with you, to enhance and protect the security of your information, and to enable your use of our products and services.
We will not sell, rent, lease or transfer your data to any third-party commercial entity for the purpose of marketing or selling unrelated products or services for our financial gain or economic benefit. We may share basic business contact information such as your name, business title, and business contact information (“Basic Business Referral Information”) and product and services information, including technical configuration information, customer compliant information, trouble-shooting information with third party product and solutions providers that work with our products, such as channel partners and sales representatives, product repair and service providers, and operationalization consultants and specialists (“Sales and Service Partners”).
If you wish to change how we use your data, you will find details in the ‘What are my rights?’ section below.
However, if you choose not to share your personal data with us, or refuse certain contact permissions, Company might not be able to provide the services you require.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected.
At the end of a certain retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Ten Years from Transaction date. As described above, you should expect your personal data, or Business Transaction Data that may include any pertinent Relationship Data, to be held for ten (10) years from the date of its creation for contract and legal purposes.
WHERE WILL YOUR PERSONAL DATA BE PROCESSED
Your personal data will be stored in the United States unless you are notified otherwise. In certain countries we may utilize a local computer processing center or point of presence and data will be held in the local environment as requested by our customers and to the extent available.
We will not transfer your personal data to any provider in any jurisdiction unless such provider and jurisdiction meets the requirement under the GDPR.
YOUR RIGHTS OVER YOUR PERSONAL DATA
Below is an overview of your various rights.
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date, or incomplete.
- The deletion of the data we hold about you, in specific circumstances. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has ended.
- A computer file in a common format (e.g., CSV or similar) containing the personal data that you have previously provided to us and the right to have your information transferred to another entity where this is technically possible.
- Restriction of the use of your personal data, in specific circumstances, generally while we are deciding on an objection you have made.
- That we stop processing your personal data, in specific circumstances. For example, when you have withdrawn consent, or object for reasons related to your individual circumstances. Please be advised, however, your employer may reasonably object as the customer having direct contract relationship with us, and we reserve the right to notify your employer or organization of such a request and advise them that removal may impair the intended use of our products and services.
- That we stop using your personal data for direct marketing (either through specific channels or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by a partner of any decision made based solely on automatic processing of your data (i.e., where no human has yet reviewed the outcome and criteria for the decision).
You can contact us to request to exercise these rights at any time. If we choose not to adhere to your request, we will explain to you the reasons for our refusal.
YOUR RIGHT TO WITHDRAW CONSENT
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
RIGHT TO STOP DIRECT MARKETING
You have the right to stop the use of your personal data for direct marketing activity through all channels or selected channels. We must always comply with your request.
This right does not include communications and information functions, such as alerts and notices, which are displayed in any application or product interface of ours which is part of the operation of or relates to a normal function of our product.
CHECKING YOUR IDENTITY
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
HOW TO SEND US NOTICE
You may send us notice of the exercise of your rights, whether to “opt-out” of certain or all marketing channels, to request deletion of your personal data or to correct, or to receive a copy of your personal data
COMPLAINTS OR CONCERNS
We are dedicated to adhering to the EU’s privacy laws for our EU customers. If you believe that we are not fulfilling our obligations in accordance with the law, you may file a complaint with the European Data Protection Supervisor (EDPS). We have provided this link for your convenience (note you are linking to an external third-party site unaffiliated with us):
https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
RESERVATION OF RIGHTS
We provide this privacy notice to EU citizens in accordance with our understanding of the GDPR and will endeavor to comply with such law on a voluntary basis. We reserve all rights afforded under United States laws and treaties. This privacy notice is not a contractual obligation or guarantee to you that may be enforced in the United States or any other jurisdiction which does not recognize the GDPR as part of its law. Our contract obligations are limited to those contained in any service agreements between us and our customers. We, for ourselves and on behalf of directors, officers, employees, advisors, and all other persons affiliated with us, reserve all rights regarding personal and subject jurisdictional matters, and the applicability and enforcement of the GDPR with respect to US citizens and non-EU citizens. Neither this privacy notice nor any actions taken to comply with the GDPR shall constitute a waiver of such rights or submission to jurisdictional authority of any court, tribunal, or governmental authority outside of the United States.
QUESTIONS
If you have any questions about our privacy practices or this Privacy Policy, please contact us.