Spa Ninja Pte Ltd (Company Registration Number 201811145G) is a Singapore company with registered address at 16 Enggor St, Singapore 079717 (we, us, our, or Spa Ninja) and this is our privacy and cookie policy (the Policy).
We have created the Policy to ensure that you know we are protecting and safeguarding any User Data (as defined below) that you have given us. We act in your best interest always, collecting, using and disclosing User Data to provide you with a safe, smooth, efficient and customised experience. This document describes how we use and process your User Data hopefully fostering a sense of security that your information is safe with us.
By continuing to use Spa Ninja Services, you signify that you have read and understood the Policy.
If you have any questions after (or before) reading this document please do not hesitate to contact us at hello@spaninja.co

What are the Spa Ninja Services & who are the Users?
The Policy covers a single information database (Database) that is integral to connecting two platforms developed and owned by us collectively known as the Services:1. Spa Ninja SSSMS is salon, studio & spa management software that allows Operators to manage their daily operations. Operators input outlet information and any Customer’s personal details & booking preferences that occur at the Outlet. This information is stored in the Database; and
2. Yosiwa, using a website and mobile app, or other online platforms such as partners’ websites and social media, Yosiwa allows Customers to make bookings with Operators. Customers input personal details & booking preferences and this information is stored in the Database.

The Services are accessed by 2 distinct user bases, collectively known as Users:
1. Operators: wellness operators and their staff (Operator Staff) who use the Spa Ninja SSSMS to manage operations at their Outlet(s); and
2. Customers: users of Yosiwa through our website and mobile app, or other online platforms such as partners’ websites and social media.
What types of User Data do we collect?
The types of User Data that Spa Ninja collects depends on the circumstances of collection and on the nature of the service requested or transaction undertaken.

There are three broad categories of User Data that we collect and method of collection:
1. Personal Data. The data we collect through Yosiwa includes but is not limited to:
a. personal information that can be used to identify an individual, such as name, gender, date of birth, passport or other personal identification numbers;
b. contact information, such as mailing address, phone number and email address;
c. payment information, such as credit or debit card information, including the name of cardholder, card number, billing address and expiry date (all payment information is stored by our payment partner and not by Spa Ninja, see below);
d. information on your other purchases made through Spa Ninja, such as retail items purchased at Outlet(s);
e. your customer preferences, such as preferred therapy, therapist gender, purchases, places that you like to visit or other service preferences;
f. information we receive from the queries you enter into our chatbot, on our global Facebook page or our website; and
g. information we receive from other third-party sources e.g. our page on social media websites.

2. Operator Data. The data we collect through Spa Ninja SSSMS includes but is not limited to:
a. contact information, such as mailing address, phone number, email address;
b. payment information, such as credit or debit card information, including the name of cardholder, card number, billing address and expiry date (all payment information is stored by our payment partner and not by Spa Ninja, see below);
c. information on your Outlet(s) such as number / name of treatment rooms or studios, name and description of treatments or classes offered, pricing, therapist, trainer and worker names and scheduling; and
d. information on the other sales you make through Spa Ninja, such as retail items sold through your Outlet(s).

3. Technical Data. This includes device and technical information you give us when using our website or mobile application (Website) such as IP addresses or other unique identifiers, cookies, mobile carrier, time zone setting, operating system and platform. Information on cookies may be found below.
For purposes of the Policy, User Data means Personal Data, Operator Data and Technical Data.
Where you use the Services on behalf of another person, you undertake and will ensure that the individual whose User Data is supplied to us has authorised the disclosure, is informed of and agrees to the provisions of the Policy.

Accuracy
Spa Ninja needs your assistance to ensure that your User Data is current, complete and accurate. You can update your information at all times through the Spa Ninja SSSMS or Yosiwa.

How we use your information
We use User Data for various purposes:
• To provide and maintain our Services;
• To notify you about changes to our Services;
• To allow you to participate in interactive features of our Services when you choose to do so;
• To provide customer support;
• To gather analysis or valuable information so that we can improve our Services;
• To monitor the usage of our Services;
• To detect, prevent and address technical issues; and
• To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

You own your own data
User Data entered remains the property of the Customer or the Operator and Spa Ninja will not use or make available for use any of this information to any third party, private persons or organisation.
Users have access to their information at all times.
Operators can export Operator Data in a common file format determined by the Spa Ninja SSSMS. Operator Data may be permanently deleted by Spa Ninja SSSMS 90 days after the Operator stops paying to use Spa Ninja SSSMS or upon request.

Operator Data: you control who has access to your data
• Operator Data entered by Operator Staff is stored securely in the Database and is only accessible to Operator Staff as authorised by the Operator depending on their position/ role.
• It is the Operator Staff’s responsibility to keep their passwords safe.
• The Operator’s Administrator has the right and full control over Operator Data and controls what features specific Operator Staff have permission to access.
• Spa Ninja has full access to Operator Data, no information is encrypted.
Spa Ninja Services monitors and collects system usage information
• Spa Ninja has access to and may use aggregate and non-identifying information, for the purpose of billing and monitoring server and software performance as well as other internal purposes of Spa Ninja Services.
• Spa Ninja staff can access non-identifying and aggregated usage information to better understand how Customers are using Spa Ninja and to improve the Services.
• Spa Ninja will never access any identifying data entered and stored in the Database, and will never access system usage history for a specific User except where granted permission to assist in a system issue or error.
• All aggregated usage information is stored in a secure HMS data warehouse facility.

Links to other websites
Spa Ninja may, from time to time, provide you with links to other websites for your convenience and information. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. You access these websites at your own risk and Spa Ninja is not responsible for these websites.
Minors

Spa Ninja Online is not directed at children under the age of 16 and Spa Ninja cannot distinguish the age of persons who access and use Spa Ninja Online. If a minor (according to applicable laws) has provided us with User Data without parental or guardian consent, the parent or guardian should contact us to remove the relevant User Data and unsubscribe the minor. If we become aware that User Data has been collected from a person under the age of 16 without parental or guardian consent, we will delete this User Data and, where that minor has an account, terminate the minor’s account.

Please read our Terms of Use
All use of software available on this website is subject to Spa Ninja SSSMS’s terms and conditions of use. Please read our Terms of Use which may change from time to time as updated, click here.

Payments
To provide the Services, we use third-parties for all payment processing (eg. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with, which may change from time to time as updated in the Policy, are as follows:
• Stripe: their Privacy Policy can be viewed at https://stripe.com/us/privacy
• PayPal: their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full

Retention of User Data
Spa Ninja will retain your User Data only for as long as is necessary for the purposes set out in the Policy. We will retain and use your User Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Spa Ninja will also retain Technical Data for internal analysis purposes. Technical Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

Transfer of User Data
Spa Ninja uses Amazon Web Services Cloud Server (Spa Ninja Servers). All data transferred between Users using the Services and the Spa Ninja Servers is encrypted with the latest encryption technology. It is the Users responsibility to use a browser which supports the SSL encryption security used in connection with the Spa Ninja Servers.

User Data may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Your consent to the Policy followed by your submission of such information represents your agreement to that transfer.

Spa Ninja will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the Policy and no transfer of User Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

Spa Ninja takes the protection of your User Data seriously but, unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your User Data, we cannot guarantee the security of your User Data transmitted through the Services; any transmission is at your own risk.

Disclosure of Data
Advertising & Marketing
Spa Ninja will share User Data:
• with selected third-party advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; and
• for the purposes of undertaking targeted direct marketing and other forms of marketing or advertisement, provided we have the consent of the recipient and/or have provided the opportunity to opt-out, in each case where required by applicable law.

Analytics & Search Engine Providers
Spa Ninja will share User Data with selected third-party analytics and search engine providers that assist us in the improvement and optimisation of the Website.

Business Transaction
If Spa Ninja is involved in a merger, acquisition or asset sale, User Data may be transferred. We will provide notice before User Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement
Under certain circumstances, Spa Ninja may be required to disclose User Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements
Spa Ninja may disclose User Data in the good faith belief that such action is necessary to:
• To comply with a legal obligation;
• To protect and defend the rights or property of Spa Ninja;
• To prevent or investigate possible wrongdoing in connection with the Services;
• To protect the personal safety of users of the Services or the public; and
• To protect against legal liability.

Your data protection rights under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Spa Ninja aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of User Data.
If you wish to be informed what User Data we hold about you and if you want it to be removed from our systems, please contact us (hello@spaninja.co) .

In certain circumstances, you have the following data protection rights:
• The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of User Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your User Data.
• The right of restriction. You have the right to request that we restrict the processing of your personal information.
• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where Spa Ninja relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your User Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Cookies
A Cookie is a small file that is placed on your computer when you visit web pages or a set of information containing server-specific data that the Spa Ninja Servers sends to your browser and is then sent back to Spa Ninja Servers by your browser upon each request. Its function is to introduce a certain kind of changed state into an otherwise stateless HTTP transaction. Browsers mostly store cookies in a simple text file or files, ie. the so-called “cookie files”, so they will still be available after you turn off and restart your browser.
Cookies and their functions used by Spa Ninja Services, which may change from time to time as updated in the Policy, are as follows.

Essential Cookies
These cookies are essential for the operation of the Services. These cookies are used for browsing our website, using its functions properly, and memorising the activities carried out on our pages. Their characteristic is that they are only valid during the relevant visit; they are automatically deleted upon completion of the relevant work session or when the browser is closed.

Performance Cookies
These cookies are necessary for the continuous development and improvement of our Services. Using these cookies, we are able to analyse the operation of our website. With the help of Google Analytics cookies, we collect information about how our website is used, e.g. which page you visited, where you clicked, how many pages you looked up, how long did each visit last, etc. These cookies do not identify you or your device.

Functional Cookies
These cookies render the use of our website easier and more enjoyable: eg. the website will remember your previous preferences.
Targeting or Advertising Cookies
In this case, certain contents of the cookies are shared with third parties ie. where we place our advertisements (you can disable this function at any time). These cookies ensure that during your visits, you see advertisements that take precedence for you. These cookies do not identify you or your device either.

Third-party Cookies
Our pages may also contain the links or icons of other websites, eg. Facebook Like button, YouTube video link, Twitter page icon, etc., which redirect you to the relevant page. Such pages also contain cookies; the rules applicable to them can be found on the relevant pages. Spa Ninja SSSMS does not assume any liability for them.

We may also receive third-party cookies from our advertising partners (eg. Google AdWords Conversion Tracking) to be able to measure the success of our activities more easily. These cookies are placed on your computer only when you visit specific subpages and they only record the fact and time of viewing the specific subpage.
Spa Ninja SSSMS also uses Google AdWords Remarketing Cookies for you to be able to see advertisements that are interesting for you even when you visit pages belonging to the Google Display network. You can disable these cookies in the Google Ads Settings Manager.

Browsers
Please note that most browsers accept cookies automatically to ensure the proper functioning of the websites. If you decide to disable and/or remove all cookies – which you can do at any time in your browser – the functioning of the website may change, which may also affect other users of the given IT device.
However, some browsers permit the restriction of cookies by setting safety levels.

Analytics
Third-party service providers we use to monitor and analyse the use of our Services, which may change from time to time as updated in the Policy, are as follows.

Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with

Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

Newsletter
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, eg. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (eg. email addresses for the members area) remain unaffected.
Changes to the Policy

We may update the Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website: spaninja.co

We will let you know via email and/or a prominent notice on our Services, prior to the change becoming effective and update the “effective date” in the footer of the Policy.

You are advised to review the Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us
If you have any questions about this Privacy Policy, please contact us by email hello@spaninja.co