Privacy Policy

Effective Date: January 30, 2024

Thank you for your interest in Exhale Enterprises, LLC, d/b/a Exhale Spa and its parent and affiliate companies (collectively referred to herein as “Company” and “us”, “we” “our” and “Exhale Spa”) and our Company website located at https://www.exhalespa.com (the “Website”) and our associated services. Your use of the Company services, through the Website or otherwise, is subject to this Privacy Policy and our Terms of Service available at https://www.exhalespa.com/terms-of-use/. The Company services and Website are collectively referred to in this Privacy Policy as the “Services.” We are pleased to provide this Privacy Policy to inform you of how we collect and use personally identifiable information in connection with your use of the Services.

Information We Collect

Information You Provide to Us

When you request Services or sign-up for notifications or subscriptions, we collect the information about you that you provide to us, including your name, email address, physical (postal) address, telephone number, job title and work location name, user name, contact preferences, billing information and other information requested by the form in which you have made your request. If you purchase a product or subscribe to or request Services, we may collect credit card information such as credit or debit card number, billing address, expiration date, account holder if not yourself and CVV code. Credit card information is encrypted and sent to our credit card processor. We do not store credit card information. If you submit user contributions, such as posts, testimonials, requests or comments, we will collect those as well.

Purposes of Collection

We collect this information that you provide to us voluntarily to provide you with access to the Website, to our Services, to fulfill a request by you for our products and Services or to allow you to communicate with us and other visitors to the Website through comments and posts. We may also collect this information and maintain it to comply with applicable laws, regulations or our contractual obligations. We may also use your information to enable user-to-user communications, manage user accounts, send information to you about our products and Services or those of our third-party business partners and advertisers, or to enforce our Terms of Service and provisions of our contracts with third-parties or for such business purposes as analytics, to respond to user inquiries or legal, law enforcement or governmental agency requests.

Information Automatically Collected

Data that we regularly collect about visitors to the Websites may include your name, email address, IP address, browser type, pages accessed, duration of visit and device type. We also collect data about certain internet usage by you through Cookies, as described in the Cookies section below, and through your interactions with chatbots (including prompts and questions posed to the chatbots, along with any attachments or links in those questions or prompts). We may also collect data regarding the device you used to access the Website or the Services; information from an app you use to access the Services; geolocation data; and data obtained through the use of pixels and third-party applications, tools and platforms.
We may also automatically collect the following categories of personal information enumerated in the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) including device and personal identifiers, including name, alias, postal address, email address, phone number, account name, IP address, and other similar identifiers and demographic information, including your age and gender. We may also obtain information about you from social media and other sites and platforms if you access our Website or Services through one of those sites.

Cookies

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

Purposes of Collection

In addition to the collection purposes described in the previous section, we may also use information automatically collected to deliver cross-context behavioral advertising to you (for which you may opt out if you are a resident of California as described below by requesting that we Do Not Share your personal information) and to evaluate the effectiveness and operations of our products and Services. We may also share your personal information with artificial intelligence (AI) developers but only when the developers agree to protect and secure it in writing as required by applicable laws and regulations.

Controlling Your Personal Information

We may make available to users messaging and other interactive features. You should be aware that when you voluntarily disclose personally identifiable information (e.g. user name, e-mail address) to third parties via the Services, that information, along with any substantive information disclosed in your communication, can be collected, correlated, and used by third parties. Such activities are beyond the control of Company.

Disclosures: With Whom We May Share Your Information

We may disclose your personal information to third parties from time to time, including advertisers, business partners and, through the use of pixels, your access to our Website and Services through third-party platforms (i.e., Facebook and Google) as discussed within this Policy and other means, in our sole discretion. For this reason, you should not disclose information to us that you do not want shared with third parties. In addition to the forgoing, we will disclose your Personally Identifiable information as we believe is reasonably necessary to comply with law, regulation, or other governmental authority or to prevent harm to yourself or others. We may also contract with various third parties who help us provide and maintain Services and to provide targeted advertising services. For example, we use a third party to host the Websites, Services and associated databases, and may subcontract out production, fulfillment, or other operations such as marketing and advertising. In these cases, we will use commercially reasonable efforts, including written agreements, to prevent such third parties from disclosing your personal information, except as required for the purpose of providing the services in question. We may also share your Personal Information with subsidiaries and related business units,
Finally, we may disclose your personally identifiable information upon a transfer or sale to another entity of all or substantially all of Company’s stock or assets related to Services, or upon any bankruptcy or other corporate reorganization.

Security

Exhale Spa has implemented commercially reasonable technical and organizational security measures designed to protect the security of any personal information we receive. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access. steal, or modify your information. Although we will do our best to protect your Personal Information, transmission of Personal Information to and from our Services is at your own risk. You should only access the Services within a secure environment. If you do not wish to accept this risk, you should not provide any personal data to Exhale Spa.

Links

For your convenience, we may provide links to Company in third party websites or referrals to Company in third parties’ products or services. We are not responsible for the privacy or security of information you may share with these third-party websites or providers. If you choose to visit a third party’s website or use its products or services, please be aware that the third party’s privacy policy, and not the Company privacy policy, will govern your activities and any information you disclose while interacting with the third party.

Collection of Information from Children

Our Services are not intended for use by individuals under the age of 17 (Minors). In addition, we comply with the Children’s Online Privacy Protection Act (COPPA), which requires the consent of a parent or guardian for the collection of personally identifiable information from children under 13 years of age. We do not knowingly collect personally identifiable information relating to children under 13 years of age. In the event that we learn that we have collected personally identifiable information from anyone under 13 years of age without prior parental consent, we will take steps to promptly delete such information.

Data Retention and Deletion

We retain Personal Information we collect only for the time period necessary to complete the business purposes for which the information was collected, or as required by applicable laws or regulations. When that time period expires, we delete the information pursuant to our Data Retention and Deletion Policy.

European Users

If you are located in the European Economic Area, the United Kingdom or Switzerland, you may have the right to:

  • Request access to and receive information about the Personal Information we maintain about you for our own purposes, to ask us to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate subject to exceptions in applicable laws, or to obtain an electronic copy of the Personal Information we have collected pertaining to you and to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
  • Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward, but this will not affect the lawfulness of the processing before your withdrawal of consent.

These rights may be limited in some circumstances by local law requirements or derogations (exceptions) in local law or the General Data Protection Regulation (GDPR). You may exercise your rights by contacting us as specified below.

International Visitors and Customers

The Website and Services are hosted in the United States. If you are visiting from the European Union (EU) or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your personal data to the United States which does not have the same data protection laws as the EU and by providing your personal data you consent to:

  • The use of your personal data for the purposes identified above in accordance with this Privacy Policy; and
  • The transfer of your personal data to the United States as indicated above.

Canadian Residents

If you are a resident of Canada, you are advised that your Personal Information may be transferred outside Canada and stored in countries in which Canadian federal and provincial laws do not apply.

No Error – Free Performance

Company does not guarantee error-free performance of the Website and Services or our privacy controls as set out in this Privacy Policy. We may not always catch an unintended privacy issue, despite our efforts to do so. Accordingly, we welcome your feedback regarding any privacy concerns that you may have, including how we can improve this Privacy Policy. We will take prompt corrective action when we learn of any failure to comply with this Privacy Policy.

Disclosures for California Residents

Residents of California have the right to request a disclosure describing what types of Personal Information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us at [email protected].

Do Not Sell or Share My Personal Information

Company does not sell Personal Information, but the CCPA defines sale more broadly than the traditional sense of an exchange of data for money and may encompass transactions in which we may disclose your Personal Information. CPRA defines “Share” as the disclosure of Personal Information for use in cross-context behavioral advertising. Accordingly, you may, subject to exceptions in CCPA and CPRA, request that Company not “sell” or “share” your Personal Information by submitting this request to us at [email protected].
To exercise these rights, you may contact us at [email protected] Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent Please contact us via email.
The California Consumer Privacy Act of 2018 (“CCPA”) as amended from time to time including by the California Privacy Rights Act (“CPRA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit: https://oag.ca.gov/privacy/ccpa.

Non-Discrimination

CCPA comprises provisions that explicitly prohibit us from making any adverse decisions about you or your account based upon your exercise of this right (“non-discrimination”).

Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA: Identifiers, including name, alias, postal address, email address, phone number, account name, IP address, and other similar identifiers, demographic information, Sensitive Information including your age and gender and those categories of Personal Information set forth in the Information We Collect sections of this Policy.

Right to Know and Delete

If you are a California resident, you have the right to delete the personal information we have collected from you and know Company in information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific aspects of personal information we have collected about you.

To exercise any of these rights, please contact us at [email protected]. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request in a timely manner. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

Right to Opt-Out

You have the right to opt-out of receipt of communications from us. You may submit a request to opt-out please by contacting us at [email protected].

Authorized Agent

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

Minors

We do not knowingly “sell” the personal information of minors under 16 years old who are California residents without appropriate authorization.

Shine the Light

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website who are residents of California the right to request a disclosure describing the categories of personal information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us as set out in the “Contact Us” section above and specifying that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

Changes To This Privacy Policy

Company reserves the right to change this privacy policy, and will post any revisions on the Services. We encourage you to review this policy regularly for any changes. Your continued use of the Services will be subject to the then-current privacy policy.

Your Acceptance of These Terms

By using our Website, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Website. Your continued use of our Website following the posting of changes to this policy will be deemed your acceptance of those changes.

Limits Of Our Policy

Our Website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Contacting Us

If you have any questions about our privacy practices, please feel free to contact us at: https://www.exhalespa.com/privacy-policy/