SpaGuru Privacy Policy

Version 1.0. Last updated on 8 May 2018.

Introduction

Welcome to our privacy policy. We are SpaGuru CC, Registration Number: 2009/165352/23 and this is our plan of action when it comes to protecting your privacy. We respect your privacy and take the protection of personal data very seriously.

The purpose of this policy is to describe the way that we collect, store, use, and protect data that can be associated with you or another specific natural or juristic person (in South Africa) and can be used to identify you or that person (personal data).

We provide management software, technology, hosting and professional services to businesses involved in the beauty and spa industries. We often act as an operator or processor for these organisations and may store personal data that they collect. We treat this personal data with the utmost respect and will protect it. When we act as an operator or processor for our customers we will only process your personal data according to their instructions and the purpose that they define.

Audience

This policy applies to you if you are:

Personal data

Personal data includes:

but excludes:

Common examples

Common examples of the types of personal data which we may collect and process or that we may collect and process on behalf of customers include:

Sensitive personal data

We do not collect sensitive personal data for our own purposes, but we may store and process such information on behalf of our customers including your:

Acceptance

Acceptance required

You must accept all the terms of this policy when you order any of our goods or order, register for, or use the website or software. If you do not agree with anything in this policy, then you may not order any of our services, register for, or use the website or software. You may not order any of services, register for, or use the website or application if you do not accept this policy.

Legal capacity

If you are under 18 years old you need to have consent from your legal guardian to use our software or access our technology services.

Deemed acceptance

By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.

Your obligations

You may only send us your own personal data or the information of another data subject where you have their permission to do so.

Changes

We may change the terms of this policy at any time by updating this web page. We will notify you of any changes by placing a notice in a prominent place on the website or the software, or by sending you an email detailing the changes that we have made and indicating the date that they were last updated. If you do not agree with the changes, then you must stop using the website, the software and our services. If you continue to use the website, the software or services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.

Collection and processing

Depending on whether you are a visitor to our website, a user of our software, a customer, or a data subject for whom we manage or process data for on behalf of a customer, different data may be collected, managed or processed by us.

Depending on the type of personal that we interact with we collect different types of personal data. We do not capture special personal data for visitors to our website, users of our software or customers who have ordered the good or services that we provide. Special personal data is only captured for data subjects of our customers. In those situations, we are the operators or processors. The customer is the responsible party or data controller and their privacy policy will determine how that special personal data is handled and processed.

Data Collected via our software or technology services

If you use our software or technology services, you may no longer be anonymous to us. You may provide us with a variety of certain personal data. This personal data may include:

We will use this personal data to fulfil your account, provide additional services and information to you as we reasonably think appropriate, and for any other purposes set out in this policy.

Our customers may use our software or technology services to collect or process other additional information about you, including sensitive personal data. We do not control the nature, purpose or use of data collected by our customers, who are responsible parties and act only in the capacity of an operator or processor in this regard. We process your personal data based on the contract between ourselves (as the operator or processor) and the responsible party or data controller who you are likely interacting with.

From browser

We automatically receive and record Internet usage information on our server logs from your browser, such as your Internet Protocol address (IP address), browsing habits, click patterns, version of software installed, system type, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information). Please note that other websites visited before entering our website might place personal data within your URL during a visit to it, and we have no control over such websites. Accordingly, a subsequent website that collects URL information may log some personal data.

Cookies on our website

We may place small text files called ‘cookies’ on your device when you visit our website or use our application. These files do not contain personal data, but they do contain a personal identifier allowing us to associate your personal data with a certain device. These files serve a number of useful purposes for you, including:

Your internet browser generally accepts cookies automatically, but you can often change this setting to stop accepting them. You can also delete cookies manually. However, no longer accepting cookies or deleting them will prevent you from accessing certain aspects of our website where cookies are necessary. Many websites use cookies and you can find out more about them at www.allaboutcookies.org.

Third party cookies

Some of our business partners use their own cookies or widgets on our website. We have no access to or control over them. Information collected by any of those cookies or widgets is governed by the privacy policy of the company that created it, and not by us.

Web beacons

Our website may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor or share any of your personal data. We merely use them to compile anonymous information about our website.

Optional details

You may also provide additional information to us on a voluntary basis (optional information). This includes content or products that you decide to upload or download from our website or application or when you enter competitions, take advantage or promotions, respond to surveys, order certain additional goods or services, or otherwise use the optional features and functionality of our technology services. We will always explain to you for what purpose the information is being collected. The information that we collect will be adequate, relevant and not excessive in relation to that purpose.

Recording calls

We may monitor and record any telephone calls that you make to us, unless you specifically request us not to.

Purpose for collection

We may use or process any goods information, services information, or optional information that you provide to us for the purposes that you indicated when you agreed to provide it to us. Processing includes gathering your personal data, disclosing it, and combining it with other personal information. We generally collect and process your personal data for various purposes, including:

We may use your usage information for the purposes described above and to:

Consent to collection

We will obtain your consent to collect personal data:

Use

Our obligations

We may use your personal data to fulfil our obligations to you.

Messages and updates

We may send administrative messages and email updates to you about the technology services. We may wish to provide you with information about new services in which we think you may be interested. This means that in some cases, we may also send you primarily promotional messages. We will not send you promotional messages unless you have chosen to opt-into them. But, we may send you one message asking you to opt-into promotional messages without you having opted-into promotional messages.

Targeted content

While you are logged into the website or application, we may display targeted adverts and other relevant information based on your personal data. In a completely automated process, computers process the personal data and match it to adverts or related information. We never share personal data with any advertiser, unless you specifically provide us with your consent to do so. Advertisers receive a record of the total number of impressions and clicks for each advert. They do not receive any personal data. If you click on an advert, we may send a referring URL to the advertiser’s website identifying that a customer is visiting from the website. We do not send personal data to advertisers with the referring URL. Once you are on the advertiser’s website however, the advertiser is able to collect your personal data.

Disclosure

Sharing

We may share your personal information with:

Regulators

We may disclose your personal data as required by law or governmental audit.

Law enforcement

We may disclose personal data if required:

No selling

We will not sell personal data. No personal data will be disclosed to anyone except as provided in this privacy policy.

Marketing purposes

We may disclose aggregate statistics (information about the customer population in general terms) about the personal data to advertisers or business partners.

Employees

We may need to disclose personal data to our employees that require the personal information to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel. Any of our employees or personnel that handle your personal data will have signed non-disclosure and confidentiality agreements.

Change of ownership

If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal data we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal data migrating to a new owner, you may request us to delete your personal data.

Security

We take the security of personal data very seriously and always do our best to comply with applicable data protection laws. Our hosting company will host our website in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders. We authorize access to personal data only for those employees who require it to fulfil their job responsibilities. We implement disaster recover procedures where appropriate.

Accurate and up to date

We will try to keep the personal data we collect as accurate, complete and up to date as is necessary for the purposes defined in this policy. From time to time we may request you to update your personal data on the website. You are able to review or update any personal data that we hold on you by accessing your account online, emailing us, or phoning us. Please note that in order to better protect you and safeguard your personal data, we take steps to verify your identity before granting you access to your account or making any corrections to your personal data. Throughout your interaction with us you retain the right to rectify personal data that is incorrect or inaccurate. This does not apply if we process your personal data in our capacity as an operator or processor on behalf of a responsible party or data controller.

Retention

We will only retain your personal data for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:

During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal data.

We may retain your personal data in physical or electronic records at our discretion.

Transfer to another country

We may transmit or transfer personal data outside of the country in which it was collected to a foreign country and process it in that country. Personal data may be stored on servers located outside the country in which it was collected in a foreign country whose laws protecting personal data may not be as stringent as the laws in the country in which it was collected. You consent to us processing your personal data in a foreign country whose laws regarding processing of personal data may be less stringent.

Updating or removing

You may choose to correct or update the personal data you have submitted to us, by clicking the relevant menu in any of the pages on our website or the application or contacting us by phone or email. You are entitled to a right to be forgotten. We will delete any personal data that you don’t want us to have. If you are a data subject of one of our customers (who is the data controller), then you must submit your request to the relevant data controller who will then delete your personal data.

Restriction of processing

You may request that we restrict the use of your personal data. When we restrict your personal data we still have the right to store it but not use it. You can ask that we do this verbally or in writing. We will respond to the request within 30 days.

Data portability

If you should wish to transfer your data from us to another data controller that we will facilitate this transfer. We will pass on all of your personal data you have given us to the new data controller.

If you are a data subject of one of our customers (who is the data controller), then you must submit your request for your personal data to the relevant data controller, who will then export your personal data as a Microsoft Excel or CSV file.

Data breaches

We will notify our customers of any confirmed data breaches that has occurred. It is our customers’ responsibility to notify relevant supervisory authority and any affected data subjects of the data breach.

Limitation

We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third-party websites.

Enquiries

If you have any questions or concerns arising from this privacy policy or the way in which we handle personal data, please contact us.

You're in good company

What our customers say about us

"We have found the system to be comprehensive, user friendly and easy to understand."

River Spa, South Africa

"SpaGuru has automated most of our business functions."

Salon E-Class, Zambia

"Simply the best solution to your booking problems. We can now work with ease and confidence."

Footprint Spa, United Arab Emirates

Online Spa & Salon Software

Looking for an online software solution?

ChiDesk is our online spa & salon software solution. It runs on almost any device and does not require any software to be installed.