Privacy Policy
1. Introduction and Scope
The Lounge Spa and Recovery ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of information when you access our website (https://the-lounge-spa-and-recovery.com/), book services, or visit our facility at 259 S Village Way, Brian Head, Utah.
Legal Basis: This policy is drafted in accordance with applicable United States federal laws and aligns with the principles of the Utah Consumer Privacy Act (UCPA) where applicable to voluntary compliance for best practices.
2. Information We Collect
To provide safe recovery services and comply with Utah liability laws, we collect the following categories of data:
2.1 Personal Identification Information (PII)
Identity Data: First name, last name, date of birth (required for age verification under Utah Code § 26-15-13 regarding minors in tanning/spa facilities).
Contact Data: Billing address, email address, and telephone number.
2.2 Sensitive Health and Wellness Data
Contraindication Screening: We collect specific health information regarding conditions such as pregnancy, high blood pressure, cardiovascular history, and presence of implants.
Purpose: This collection is mandatory for safety purposes. Under the doctrine of "Duty of Care," we must screen for contraindications to prevent injury during services like Cryotherapy and Infrared Sauna use.
Consent: By providing this information, you explicitly consent to its processing for the sole purpose of safety screening and liability management.
2.3 Transaction and Technical Data
Financial Data: We do not store full credit card numbers on our servers. All payments are tokenized and processed by third-party PCI-DSS compliant payment processors (e.g., Stripe, Mindbody, Square).
Technical Data: IP address, browser type, and time zone setting (collected automatically via cookies for fraud detection and booking security).
3. How We Use Your Information
We use your data for the following specific business purposes:
Service Fulfillment: To manage bookings, process payments, and deliver recovery treatments.
Safety Verification: To cross-reference your health status with modality risks (e.g., preventing a client with hypertension from using Cryotherapy).
Legal Compliance: To maintain records of waivers and informed consent as required by Utah tort law for a period of no less than the statute of limitations for personal injury (4 years in Utah).
Communication: To send appointment confirmations, safety instructions, and (with your opt-in) promotional offers.
4. Disclosure of Information to Third Parties
We do not sell your personal data. We disclose data only to:
Service Providers: Third-party booking software and payment processors who are contractually bound to protect your data.
Legal Authorities: If required by subpoena, court order, or to defend the Company in legal claims filed in the Fifth Judicial District Court of Iron County.
Emergency Responders: In the event of a medical emergency on our premises, relevant health data may be disclosed to EMS personnel to assist in your care.
5. Third-Party Payment Processing & Liability Disclaimer
Acknowledgment of Risk: You acknowledge that we use third-party payment processors to handle financial transactions. While we select reputable vendors, The Lounge Spa and Recovery assumes no liability for security breaches, unauthorized charges, or data theft occurring on third-party systems. Your use of these payment gateways is subject to the privacy policies and terms of those specific providers.
6. Data Security and Breach Notification
We implement physical, electronic, and procedural safeguards to protect your data.
Utah Breach Notification: In accordance with Utah Code § 13-44-202, if we discover a breach of system security that is reasonably likely to result in misuse of your personal information for identity theft or fraud, we will notify you and the Utah Office of the Attorney General (if the breach affects 500 or more residents) without unreasonable delay.
7. Your Rights
Access and Correction: You may request to review or correct your personal data held by us.
Deletion: You may request deletion of your data ("Right to be Forgotten"), except for waiver and liability records which we must retain for legal defense purposes.
Opt-Out: You may unsubscribe from marketing communications at any time via the link in our emails.
8. Children's Privacy
Our services are not directed to children under 13. We do not knowingly collect data from children under 13 without verified parental consent. If we learn we have collected such data, it will be deleted immediately.
9. Contact Us
For privacy inquiries: The Lounge Spa and Recovery 259 S Village Way, Brian Head, UT 84719 Email: theloungespabrianhead@gmail.com