Privacy Policy

Effective Date: January 1, 2025

1. Company Information

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Schedule an appointment or consultation
• Register for our services
• Subscribe to our newsletter or marketing communications
• Contact us via phone, email, or through our website
• Participate in surveys or promotions
• Provide consent for SMS/text message communications

This personal information may include:

• Full name
• Email address
• Phone number (including mobile phone number)
• Mailing address
• Date of birth
• Payment information
• Health information relevant to our services
• Emergency contact information

2.2 Health Information

As a wellness service provider, we may collect Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA), including:

• Medical history and health conditions
• Current medications and supplements
• Allergies and sensitivities
• Previous treatments and therapies
• Treatment records and session notes
• Insurance information (if applicable)

2.3 Automatically Collected Information

When you visit our website, we automatically collect certain information, including:

• IP address and device identifiers
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website addresses
• Cookies and similar tracking technologies

3. SMS/Text Message Communications - A2P 10DLC Compliance

3.1 SMS Program Description

Prime Wellness Spa offers an optional SMS/text messaging program to send you:

• Appointment confirmations and reminders
• Service updates and changes
• Promotional offers and special discounts
• Wellness tips and educational content
• Customer service communications

3.2 Opt-In Consent Requirements

In compliance with the Telephone Consumer Protection Act (TCPA), Texas Business and Commerce Code § 305.053, and A2P 10DLC regulations:

• Express Written Consent: You must provide clear, affirmative consent before we send marketing text messages
• Voluntary Participation: Consent to receive SMS messages is NOT a condition of purchasing any goods or services
• Message Frequency: You may receive up to 4-6 messages per month (frequency may vary)
• Message & Data Rates: Standard message and data rates may apply from your carrier
• Carrier Compatibility: Service is available on participating carriers (AT&T, T-Mobile, Verizon, and others)

3.3 Your SMS Rights and Options

To Stop Receiving Messages (OPT-OUT):

• Text STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any message
• Call us at (469) 723-8889
• Email us at [email protected]
• You will receive one final confirmation message confirming your opt-out

To Get Help:

• Text HELP or INFO to receive assistance
• Contact our support team at the phone number or email above

3.4 Texas-Specific SMS Compliance

In accordance with Texas Business and Commerce Code Chapter 305 (The Texas Anti-Spam Law):

• We will not send unsolicited commercial electronic text messages without your prior express consent
• All commercial messages will clearly identify Prime Wellness Spa as the sender
• We will honor opt-out requests within 10 business days
• We maintain records of all consent documentation
• We do not purchase or rent phone numbers from third-party lists without verified consent

3.5 A2P 10DLC Registration

Prime Wellness Spa is registered with carrier networks for Application-to-Person (A2P) 10-digit long code (10DLC) messaging. This registration ensures:

• Better message deliverability
• Reduced spam filtering
• Compliance with carrier requirements
• Transparent business identification

4. How We Use Your Information

4.1 Primary Uses

We use your personal information for the following purposes:

• Service Delivery: To provide wellness services, schedule appointments, and process payments
• Communication: To contact you regarding appointments, services, and inquiries
• Marketing: To send promotional offers, newsletters, and updates (with your consent)
• Improvement: To improve our services, website, and customer experience
• Legal Compliance: To comply with legal obligations and protect our rights
• Health Records: To maintain accurate treatment records and ensure continuity of care

4.2 Legal Basis for Processing

We process your personal information based on:

• Consent: You have given clear consent for specific purposes (e.g., SMS marketing)
• Contract: Processing is necessary to fulfill our service contract with you
• Legal Obligation: Required by law (e.g., HIPAA, tax regulations)
• Legitimate Interest: For business operations that do not override your privacy rights

5. Information Sharing and Disclosure

5.1 We May Share Information With:

• Service Providers: Third-party vendors who assist with business operations (payment processors, appointment scheduling software, SMS platform providers)
• Healthcare Providers: Other healthcare professionals involved in your care (with your consent)
• Legal Authorities: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Insurance Companies: For billing and claims processing (if applicable)

5.2 We Do NOT:

• Sell your personal information to third parties
• Rent or lease your contact information
• Share your health information without consent (except as required by law)
• Use your information for purposes incompatible with the original collection purpose

6. Data Security

We implement reasonable security measures to protect your information, including:

• Encryption of sensitive data (SSL/TLS for website, encrypted storage for health records)
• Secure servers with restricted access
• Regular security audits and updates
• Employee training on privacy and security practices
• Physical security measures at our facility
• Secure disposal of records when no longer needed

7. Data Retention

We retain your information for the following periods:

• Health Records: Minimum of 7 years from last date of service (Texas state requirement)
• Marketing Communications: Until you opt-out or we no longer send marketing messages
• Financial Records: 7 years for tax and accounting purposes
• Website Data: As long as necessary for business purposes or as required by law

8. Your Privacy Rights

8.1 Texas Residents

Under Texas law, you have the right to:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications at any time
• Non-Discrimination: Not be discriminated against for exercising privacy rights

8.2 HIPAA Rights

Regarding your health information, you have the right to:

• Receive a copy of your health records
• Request amendments to your health records
• Receive an accounting of disclosures
• Request restrictions on certain uses and disclosures
• Request confidential communications
• File a complaint if you believe your privacy rights have been violated

8.3 Exercising Your Rights

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and usage patterns
• Provide personalized content
• Improve website functionality

Types of Cookies We Use:

• Essential Cookies: Required for website operation
• Analytics Cookies: Help us understand how visitors use our site
• Marketing Cookies: Used to deliver relevant advertisements

Cookie Control: You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children without parental consent. If we discover that we have collected information from a child under 18 without proper consent, we will delete it immediately.

12. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to deletion
• Right to non-discrimination

Notice: We do not sell personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new effective date
• Sending an email notification (if you have opted in to email communications)
• Sending an SMS notification (if you have opted in to text messages)

Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

14. Contact Information and Complaints

15. Consent Acknowledgment

16. Legal Compliance Framework

This Privacy Policy complies with:

• Health Insurance Portability and Accountability Act (HIPAA)
• Telephone Consumer Protection Act (TCPA)
• Texas Business and Commerce Code § 305.053 (Anti-Spam Law)
• Texas Business and Commerce Code § 521.053 (Data Breach Notification)
• California Consumer Privacy Act (CCPA) - for California residents
• A2P 10DLC Registration Requirements
• CAN-SPAM Act
• Federal Trade Commission (FTC) regulations

Last Updated: January 1, 2025
Version: 1.0
© 2025 Prime Wellness Spa. All rights reserved.