The Spa-Lon Privacy Policy
Policy last updated: 16th June 2023
Welcome to The Spa-Lon’s Data Privacy and Personal Data Protection Policy (“Privacy Policy”).
The Spa-Lon cares deeply about the privacy of its guests and members, and is fully committed to protect their personal information and use it properly in compliance with data privacy laws. This policy describes how we may collect and use personal information, and the rights and choices available to our Guests and Members regarding such information.
We strongly urge you to read this policy and make sure you fully understand it, before you access or use any of our services.
Capitalized terms which are not defined herein shall have the meaning ascribed to them in our Terms & Conditions.
1. What information do we collect?
1.1. Guest and Member Information
The data the Company collects from our Guest and Member will be stored and processed by the Company’s personnel, third party service providers and law enforcement/legal requests. These persons may also be engaged in order to provide the Services to the User, including but not limited to:
- feedback, ratings and compliments;
- transaction information (such as payment method and distance travelled);
- information about how the User interacted with the App (such as features used and content viewed); and
- device information (such as hardware model and serial number, IP address, file names and versions and advertising identifiers, or any information that may provide an indication of device or app modification).
1.2. Users-of-users’ information
The Company may collect, store and process certain Non-personal and Personal Information of Users-of-Users (“Users-of-Users Information”), solely on our Users’ behalf and at their direction. For example, each of our Users is able to import their e-mail contacts from third party services like Gmail, or otherwise collect and manage contacts via their User Website. Such contacts are then stored with the Company, on the User’s behalf.
For such purposes, the Company serves and shall be considered as a “Processor” and not as the “Controller” of such Users-of-Users Information. The Users controlling and operating such User Websites shall be considered as the “Controllers” of such Users-of-Users Information, and are responsible for complying with all laws and regulations that may apply to the collection and control of such Users-of-Users Information, including all privacy and data protection laws of all relevant jurisdictions.
You are responsible for the security, integrity and authorised usage of your Users-of-Users’ Personal Information, and for obtaining consents, permissions and providing any fair processing notices required for the collection and usage of such information.
If you are a visitor, user or customer of any of our Users, please read the following: the Company has no direct relationship with the individual Users-of-Users whose Personal Information it processes. If you are a visitor, user or customer of any of our Users, and would like to make any requests or queries regarding your Personal Information, please contact such User(s) directly. For example, if you wish to access, correct, amend, or delete inaccurate information processed by the Company on behalf of its Users, please direct your query to the relevant User (who is the “Controller” of such data). Unless otherwise instructed by our User, we will retain their Users-of-Users’ Personal Information.
1.3. Retention of Personal Data
The Company only retains your Personal Data for as long you maintain your account via the App. Once your Personal Data is no longer necessary for the Company’s purposes, or no longer have a legal or business purpose for retaining the User’s Personal Data, the Company shall take steps to prevent access or use of such Personal Data for any purpose other than compliance with this privacy policy, or for purposes of safety, security, fraud prevention and detection.
The Company shall endeavour reasonable efforts that the protection of your personal data, both in storage and in transit, remains secure.
Should the User have any queries about your personal data protection, please contact the Data Protection Officer at gelynn@xiaoyuan.com.sg.
1.4 Do Not Call (DNC) Provisions
The DNC provisions in the PDPA came into effect in 2014. The Company will not send you any marketing messages or make any marketing calls if you have registered your Singapore telephone number with the respective DNC registries, unless we are allowed to do so under DNC provisions, or other applicable laws and regulations. Do also note that if you have given us consent to send you marketing messages to your Singapore telephone number, we may continue to do so until you withdraw your consent.
1.5. Withdrawal of Consent
Should you wish to withdraw your consent for our use of your Personal Data, you may do so in the following ways:
- To unsubscribe from our electronic mailing list, follow the unsubscribe instructions in our emails or other electronic marketing materials; or
- If you have an online subscription or membership account with us, you may access your account(s) with us to change your settings; or
- For any other queries regarding our handling of your personal data, you may contact our Data Protection Officer at gelynn@xiaoyuan.com.sg.
Do note that the withdrawal of consent is subject to all applicable laws and applicable terms and conditions.
2. Updates and interpretation
We may update this Privacy Policy as required by applicable law, and to reflect changes to our practices. We trust that you would periodically review this page for the latest information.
Unless stated otherwise, our most current Privacy Policy applies to all information that we have about you, with respect to our Solutions.
This Privacy Policy was written in English. You may access and view other language versions at your convenience. Should a translated (non-English) version of this Policy conflicts in any way with its English version, the provisions of the English version shall prevail.