Privacy Policy & Terms and Conditions

Last Updated: 6/30/2025

Welcome to Lissys Spa (https://lissys-spa.com), a premier beauty and wellness spa located in Florida, USA. We specialize in nails, eyelashes, eyebrows, facials, skin treatments, hair salon services, and laser hair removal, with potential future services. Your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website, book appointments, or use our services.  

 

By using our website or services, you consent to the practices described in this policy. If you do not agree, please refrain from using our site or services.  

 

—  

 

2. Information We Collect  

 

1. Personal Information

We may collect the following when you interact with us:  

– Contact Information: Name, email, phone number, mailing address.  

– Appointment Details: Service preferences, booking history, special requests.  

– Payment Information: Credit/debit card details (processed securely via third-party processors like Square, Stripe, or PayPal).  

– Health & Safety Information: For certain treatments (e.g., laser hair removal, facials), we may collect medical history, allergies, or skin conditions to ensure safe service.  

– Photographs (with consent): Before-and-after images for treatment tracking or promotional purposes (only with explicit permission).  

 

1. Non-Personal & Technical Data  

– Website Usage: IP address, browser type, device information, pages visited.  

– Cookies & Tracking: We use cookies (see Section 6) to enhance user experience.  

 

—  

 

3. How We Use Your Information  

We use your data for:  

– Appointment Scheduling & Reminders (via phone, email, or SMS).  

– Service Personalization (e.g., preferred nail colors, past treatments).  

– Payment Processing & Invoicing.  

– Marketing & Promotions (only with your consent—opt-out anytime).  

– Legal & Regulatory Compliance (e.g., tax records, health regulations).  

– Improving Our Services (feedback, website analytics).  

 

—  

 

4. Legal Basis for Processing (GDPR & Florida Compliance)  

Under Florida law and applicable U.S. regulations (including CCPA, HIPAA where relevant), we process data based on:  

– Contractual Necessity (to fulfill appointments).  

– Consent (for marketing, photos, sensitive health data).  

– Legal Obligations (tax, safety, fraud prevention).  

 

—  

 

5. Data Sharing & Third Parties

We do not sell your personal information. However, we may share data with:  

– Payment Processors (Square, Stripe) for secure transactions.  

– Booking Software (e.g., Vagaro, Mindbody) for appointment management.  

– Medical Professionals (if required for treatments like laser hair removal).  

– Legal Authorities (if required by law, e.g., court orders, health inspections).  

– Business Transfers (in case of sale, merger, or acquisition).  

 

—  

 

6. Cookies & Tracking Technologies  

We use:  

– Essential Cookies (for site functionality).  

– Analytics Cookies (Google Analytics) to improve user experience.  

– Marketing Cookies (Facebook Pixel) for targeted ads (opt-out available).  

 

You can disable cookies in browser settings, but some features may not work.  

 

—  

 

7. Data Security Measures We implement:  

– SSL Encryption (secure data transmission).  

– Secure Payment Gateways (PCI-DSS compliant).  

– Staff Training on privacy best practices.  

– Limited Access (only authorized personnel handle sensitive data).  

 

Despite precautions, no online system is 100% secure. Report any concerns to us immediately.  

 

—  

 

8. Your Privacy Rights  

Depending on residency, you may have the right to:  

– Access, Correct, or Delete your data.  

– Opt Out of Marketing (unsubscribe link in emails).  

– Restrict Processing (e.g., withhold health data).  

– Data Portability (request a copy of your records).  

– Non-Discrimination (under CCPA).  

We may verify your identity before fulfilling requests.  

 

—  

 

9. Retention of Data

We retain personal data:  

– As long as needed for business purposes (e.g., appointment history).  

– As required by law (e.g., tax records for 7 years).  

– Health-related data is kept securely and discarded when no longer needed.  

 

—  

 

10. Children’s Privacy

Our services are not intended for children under 13. We do not knowingly collect their data. Parents/guardians may contact us to remove any inadvertently collected information.  

 

—  

 

11. Third-Party Links

Our website may link to social media, product vendors, or review sites. We are not responsible for their privacy practices.  

 

—  

 

12. Florida-Specific Disclosures

– No Sale of Data: We do not sell personal information (compliant with Florida’s SB 1734).  

– Health Data Protections: Laser hair removal and skin treatments follow Florida Board of Cosmetology guidelines.  

– Natural Disasters: In emergencies (e.g., hurricanes), data may be backed up securely offsite.  

 

—  

 

13. Changes to This Policy

We may update this policy. Changes will be posted on our website with a new “Last Updated” date. Continued use of our services constitutes acceptance.  

 

—  

 Additional Protections for Lissys Spa:  

– Liability Waiver: Clients must sign consent forms for treatments like laser hair removal, acknowledging risks and data usage.  

– Employee Confidentiality Agreements: Staff are trained to handle client data securely.  

– Incident Response Plan: In case of a data breach, affected clients will be notified as required by law.  

 

This policy is designed to comply with Florida state laws, CCPA, HIPAA (where applicable), and GDPR (for EU visitors). For full legal compliance, consult an attorney.  

 

Would you like any modifications, such as adding a client consent clause for photos or specific HIPAA-related language for medical data?