Commitment to Privacy
The appropriate collection and use of guest’s personal and basic health information is fundamental. We strive to protect the privacy and the confidentiality of this information. Every employee and contractor of Novo Spa must abide by our commitment to privacy in the handling of guests’ information.
Attn Privacy Officer
66 Avenue Road
Toronto ON M5R3N8
Purpose of Collecting Personal Information
Novo Spa Website
If guests buy spa treatments or products directly from Novo Spa website, guests are required to provide account information (guest name, address, email, telephone) and credit card information. All information is encrypted through a SSL.
A SSL (Secure Sockets Layer) certificate authenticates the website to make sure it is who it says it is and then encrypts any information sent from the website.
Novo Spa uses Moneris Canada s credit card gateway (Online Payment Processing third party). Moneris Canada takes seriously and prides itself on its continual efforts to maintain compliance with the payments industry’s highest security standards and programs.
Third party information is also collected when a guest provides us with the name and email address of the recipient of a gift certificate / card or product.
Personal and Basic Health Information Gathered in the Health History Form (HHF). Consent Forms
The guests of Novo Spa for their first appointment are requested to fill-out a HHF in which they provide some personal information (name, occupation, address, phone number, day of birth, etc) as well as some basic health information (allergies, current medications, health problems). Guests are asked to update their forms yearly, in case some of the information contained in the HHF has changed.
The information requested in the HHF will assist Novo Spa in providing aesthetic and / or massage treatments safely to our guests.
The information we request to our guests is used for the purpose defined.
HHF are read and analyzed by the Estheticians and/or Register Massage Therapists (RMTs) before any treatment.
We retain HHF for the time it is required by law.
Novo Spa Spa does not disclose its guest information to any third party. We do not provide our guest’s emails or phone numbers to other companies offering similar or different services nor to suppliers of products and services related to our or other type of businesses.
We collect our guest’s information (Client Information) with the sole purpose of open an account, verify creditworthiness, perform a payment transaction, and identify guest preferences and internal statistical purposes. Should the guest agree, we might inform her/him about the services we provide and information relating to special offers we may have available from time to time (normally once a month). At any time the guests, either via phone or email, may decide not to continue receiving such type of information.
Novo Spa will limit the collection to the purposes expressly set out above. If this information is used for statistical purposes it will be done so in a way that the aggregate data contains no references to individual guest.
Limiting Use, Disclosure and Retention
Guest information shall not be used or disclosed for any purposes other than those for which it is collected. However, as we may be required by law to provide certain information in a court issues, a subpoena or summons, or where there is an investigation by a regulatory body, for example. In those events we will ask for the express consent of the guest involved.
Safeguards: Protecting Your Information
Novo Spa takes all reasonable precautions to ensure that guest’s information is kept safe from loss, unauthorized access, modification or disclosure both online and offline. Among the steps taken to protect guest’s information are: deploying technological safeguards like security software and data encryption, firewalls to prevent hacking or unauthorized computer access, restricted file access to personal information and premises security.
Information is kept in a combination of paper and electronic files.
Paper HHFs and Consents are scanned and kept electronically; daily back ups are done. The system is password protected.
Scanned paper forms are kept locked at the Manager’s office, until its destruction (using a paper shredding machine) every 6 months. Record of destruction is kept in a binder in the Manager’s office.
The Spa Coordinators, Estheticians and/or the RMTs have access to the forms through their own assigned password. The system maintains a record of who has done what in the system.
Within the limitations specified in PIPEDA, the guest has the right to access her/his personal information at any time. For that purpose you may contact the Spa Manager at:
Attn Privacy Officer
66 Avenue Road
Toronto ON M5R3N8
All requests for personal information will be responded as soon as reasonable, but no later than 30 days from the date the written request is received by Novo Spa. Novo Spa reserves the right to require that the individual requesting such personal information provides appropriate documentation (for example a driver’s license or passport) to confirm her/his identity prior release of any personal information. .
112 Kent Street