OM Spa Chicago – Privacy Policy

Important: This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have. By accessing our website, booking services, or interacting with OM Spa in any way, you agree to the practices described here.

1. Information We Collect

CategoryExamplesSourceLegal Basis ¹Contact DataName, phone, email, mailing addressBooking forms, SMS/DMs, phone callsConsent; contract fulfillmentAppointment & Service DataService type, date/time, technician, notes, photosBooking platform, intake formsConsent; contract fulfillmentPayment DataLast four digits of card, transaction ID, billing ZIP (full card data handled by Stripe/Square)POS terminal, online checkoutContract fulfillment; legitimate interest (fraud prevention)Health / Treatment DataAllergies, contraindications, after-care notesClient intake & consent formsExplicit consent; legitimate interest (safe treatment)Marketing PreferencesSMS/email opt-ins, language choiceWebsite pop-ups, paper formsConsentDevice & Usage DataIP address, browser type, pages visited, cookies, pixel tagsWebsite, booking widget, Meta/TikTok pixelsConsent (cookies); legitimate interest (site performance)

¹ “Legal basis” references GDPR terminology; if GDPR does not apply to you, treat these as purposes/uses.

2. How We Use Your Information

Service Delivery: Confirm bookings, perform treatments, process payments, send reminders, and deliver after-care guidance.

Customer Support: Answer questions, reschedule services, handle complaints.

Marketing (Opt-In Only): Send promotions, newsletters, and event invitations via email/SMS.

Analytics & Improvements: Monitor site performance, measure ad effectiveness, improve services.

Legal & Security: Detect fraud, comply with lawful requests, protect our rights and those of clients.

3. Cookies & Tracking Technologies

We use first- and third-party cookies, pixels, and similar tools to:

Operate and secure the website

Remember your preferences (e.g., language, location)

Measure marketing performance (e.g., Google Analytics, Meta Pixel)

You can control cookies via your browser settings or opt-out tools such as optout.aboutads.info.

4. How We Share Information

RecipientPurposeSafeguardsPayment Processors (Stripe, Square)Secure card processingPCI-DSS compliantBooking & CRM Providers (GoHighLevel, SimpleSpa)Manage appointments, remindersDPAs / SCCs in placeMarketing Platforms (Mailchimp, Twilio)Email/SMS campaigns (opt-in only)Privacy Shield / SCCsService Providers (IT, analytics)Website hosting, analyticsAccess limited to need-to-knowLegal AuthoritiesRespond to subpoenas, court ordersOnly as required by lawSuccessor EntitiesBusiness sale or mergerNotice & choice provided where required

We never sell personal data for money. Under California law, we do not share data for “cross-context behavioral advertising” unless you opt in.

5. Data Retention

We keep personal data only as long as necessary to:

Fulfill the purpose it was collected for

Meet legal/insurance record-keeping obligations (typically 7 years for treatment records)

Resolve disputes and enforce agreements

When data is no longer needed, it is securely deleted or anonymized.

6. Security Measures

TLS encryption for data in transit

Industry-standard firewalls and intrusion monitoring

Role-based access controls for staff

Regular security training and PCI compliance audits

7. Your Rights

Depending on your location, you may have the right to:

RightScope (GDPR/UK GDPR)Scope (CCPA/CPRA)Access✓✓Correction✓✓ (limited)Deletion✓✓Portability✓—Restrict/Opt-Out of Processing✓✓ (opt-out of “sharing”)Withdraw Consent✓—Lodge a Complaint✓—

To exercise any right, email [email protected] or call 773-641-3373. We may verify your identity before processing.

8. Children’s Privacy

OM Spa services are intended for adults. We do not knowingly collect personal information from children under 13 (or 16 where GDPR applies). If we learn we have, we will delete it promptly.

9. International Data Transfers

Because we use U.S.-based service providers, personal data may be transferred to and processed in countries outside your own. We rely on:

Standard Contractual Clauses (SCCs)

Service-provider DPAs

Adequacy decisions, where applicable

10. Third-Party Links

Our website may link to external sites. We have no control over their privacy practices; please review their policies before providing data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a new “Last Updated” date. If changes significantly affect your rights, we will notify you via email or prominent site notice.

12. Contact Us

OM Spa Chicago
5910 W Lawrence Ave, Suite A
Chicago, IL 60630
Call/Text: 773-641-3373
Email: [email protected]

Disclaimer

This policy is provided for informational purposes and does not constitute legal advice. Consult qualified counsel to ensure compliance with all applicable laws and regulations before publishing.