Privacy

This is the Privacy Policy for Diva Spa, located in Riyadh, Saudi Arabia ("Diva Spa", "us", "we" or "our"). We are committed to protecting and respecting your privacy.

This policy explains in detail how we, as data controller, collect, use, share, and protect the information that we receive or collect about you (including personal information) through our website and our WhatsApp service (collectively referred to as "the Platform"). You can use our Platform to book at-home massage and therapy services ("Services"), and we may collect information through other interactions you may have with us during the course of our various marketing and other activities.

1.2 Scope of this policy

This policy applies to all users of our Services, including both clients who book our Services (referred to as "Clients") and our therapists who provide the Services (referred to as "Therapists"). It's important to note that personal information, as used in this policy, means any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier.

1.3 Your consent

By using our Platform and Services, you consent to the collection and use of your information as described in this policy. If you do not agree with the terms of this policy, please do not use our Platform or Services.

1.4 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically for any changes.

2.1 Types of information

We collect various types of information about our Clients and Therapists to provide and improve our Services. This information falls into the following categories:

2.1.1 Information relating to both Clients and Therapists:

a) Identity data: This includes information used to identify users such as first name, last name, title, date of birth, gender, and login details. We need this information to create and manage your account with us.

b) Contact data: This includes postal address, email address, telephone number, and mobile number. We use this information to communicate with you about your bookings, our Services, and for marketing purposes where you've given us permission.

c) Financial data: For Clients, this includes payment details to manage payment for services. For Therapists, this includes bank account information for us to process payments to you. We want to emphasize that we do not collect or store full card details. Instead, we work with trusted third-party payment providers to process payments securely.

d) Technical data: This includes internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our Platform. We collect this information to ensure our Platform functions properly for you and to improve our Services.

e) Marketing and communications data: This includes your preferences in receiving marketing from Diva Spa and your communication preferences. We use this information to ensure we're only sending you communications you want to receive.

f) Operational data: This includes information about your interactions with our Services, such as appointment bookings, cancellations, and transcripts from calls or WhatsApp chats with both Clients and Therapists. We use this data to manage our relationship with you and improve our Services.

g) Location data: This is used to enable the Therapist to find the Client in order to perform the treatment. This data is only used for the purpose of providing our Services and is not stored longer than necessary.

2.1.2 Information relating to Clients only:

a) Transaction data: This includes details of the Services Clients have purchased, including the type of service, date and time, and price. We use this information for billing purposes and to maintain a record of services provided.

b) Usage data: This is information about how Clients use our Services, including how often you book services, which services you prefer, and how you interact with our Platform. We use this data to improve our Services and tailor our offerings to your preferences.

c) Profile data: This includes your website browsing history on our Platform, demographic information, feedback, and survey responses. We use this information to understand our Clients better and to improve our Services.

d) Service Notes: We may collect specific information about service delivery, such as instructions on how to access a building or particular preferences for your treatment. This information is used to ensure we provide the best possible service to you.

2.1.3 Information relating to Therapists only:

a) Assessment data: This includes information on qualifications and certifications of Therapists, performance data, and ratings from Clients. We use this information to ensure the quality of our Services and to match Clients with suitable Therapists.

b) Profile data: This includes photographs, biographies, treatments offered, and languages spoken by Therapists. This information is used to create Therapist profiles that Clients can view when booking Services.

2.2 How we collect your information

We collect information about you in the following ways:

a) Information you give us: This is information you provide by filling in forms on our Platform, creating an account, booking a service, or corresponding with us by phone, email, or otherwise. It includes information you provide when you register to use our Services, subscribe to our services, participate in discussion boards or other social media functions on our Platform, enter a competition, promotion or survey, and when you report a problem with our Platform.

b) Information we collect about you: With regard to each of your visits to our Platform we may automatically collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

c) Information we receive from other sources: We may receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them.

3.1 Purposes of processing

We will use the personal information we collect for the following purposes:

a) To provide and maintain our Services: This includes creating and managing your account, processing your bookings, and enabling communication between Clients and Therapists.

b) To improve and personalize our Services: We use your information to understand how you use our Services, what your preferences are, and to tailor our offerings to you.

c) To communicate with you: This includes sending you service-related communications (such as booking confirmations and reminders), as well as promotional communications where you have given us permission to do so.

d) To process payments: We use your financial information to process payments for Services (for Clients) or to pay you for Services provided (for Therapists).

e) To ensure the quality of our Services: This includes verifying the qualifications and performance of our Therapists and managing our relationships with both Clients and Therapists.

f) To protect our legal rights and comply with the law: We may use your information to detect, prevent, and address fraud, security issues, and technical issues, as well as to comply with legal obligations.

3.2 Lawful bases for processing

Under data protection law, we are required to have a lawful basis for processing your personal data. The lawful bases we rely on are:

a) Contractual necessity: We need to process your personal data to perform our contract with you for the provision of our Services.

b) Legitimate interests: We process your data to pursue our legitimate business interests, such as improving our Services, marketing our business, and ensuring the security of our Platform. We always balance our interests against your rights and freedoms and we do not use your personal data in ways that you would not reasonably expect.

c) Consent: In some cases, we process your data based on your explicit consent, such as for certain types of marketing communications. You have the right to withdraw this consent at any time.

d) Legal obligation: We may need to process your data to comply with our legal and regulatory obligations.

3.3 Marketing communications

We may use your personal data to send you marketing communications about our Services, special offers, and promotions. We will always seek your consent before sending such communications, and you have the right to opt out of receiving these communications at any time.

To opt out, you can use the unsubscribe link provided in our emails, or contact us directly using the contact information provided at the end of this policy.

4.1 Sharing with Therapists

If you are a Client, we share relevant information with our Therapists to enable them to provide the Services you have booked. This includes your name, contact details, location, and any specific instructions or preferences you have provided for your treatment.

4.2 Sharing with service providers

We may share your personal information with third-party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as website hosting, data analysis, payment processing, order fulfillment, IT services, customer service, and marketing assistance.

These service providers have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purposes. We ensure that any third-party service providers we use have appropriate security measures in place to protect your personal data.

4.3 Legal requirements

We may disclose your personal information if required to do so by law or if we believe that such action is necessary to:

a) Comply with a legal obligation
b) Protect and defend our rights or property
c) Prevent or investigate possible wrongdoing in connection with our Services
d) Protect the personal safety of users of our Services or the public
e) Protect against legal liability

4.4 Business transfers

If Diva Spa is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.5 With your consent

We may share your personal information for any other purpose with your explicit consent.

5.1 Data retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

If you are a Client, we will typically retain your personal data for a period of 2 years after your last interaction with us. If you are a Therapist, we will typically retain your personal data for a period of 1 year after the end of our contractual relationship.

5.2 Data security

We are committed to ensuring that your information is secure. We have implemented appropriate technical and organizational measures to protect the information we collect about you. These measures include, but are not limited to:

a) Encryption of data in transit and at rest
b) Regular security assessments and penetration testing
c) Access controls and authentication procedures
d) Regular backup procedures
e) Staff training on data protection and security

However, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

6.1 Your legal rights

Under Saudi Arabian data protection law, you have certain rights regarding your personal data:

a) Right to access: You have the right to request a copy of the personal information we hold about you.

b) Right to rectification: You have the right to request that we correct any inaccurate personal information we hold about you.

c) Right to erasure: In certain circumstances, you have the right to request that we delete your personal information.

d) Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal information.

e) Right to data portability: You have the right to request that we transfer your personal information to another organization or directly to you, under certain conditions.

f) Right to object: You have the right to object to our processing of your personal information in certain circumstances.

6.2 Exercising your rights

To exercise any of these rights, please contact us using the contact details provided at the end of this policy. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

6.3 Withdrawal of consent

Where we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

7.1 Data storage location

Your information, including personal data, is stored and processed at our offices and other facilities in Saudi Arabia. If we need to transfer your information to third-party service providers outside of Saudi Arabia, we will take steps to ensure that your personal information receives an adequate level of protection.

7.2 Safeguards for international transfers

If we transfer your personal data out of Saudi Arabia, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
b) Where we use certain service providers, we may use specific contracts approved for use which give personal data the same protection it has in Saudi Arabia.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Saudi Arabia.

8. Children's Privacy

Our Services are not intended for use by children under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: hello@divaspa.co
By phone: +966 50-767-1688

11. Complaints

If you have a complaint about our use of your personal information, please contact us in the first instance and we will do our best to resolve the issue. If we are unable to help, you have the right to lodge a complaint with the Saudi Arabian data protection authority.